################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2024-05-05 08:34:09 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.90.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838697/; classtype:trojan-activity;sid:83701797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.120.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838696/; classtype:trojan-activity;sid:83701796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.231.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838695/; classtype:trojan-activity;sid:83701795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.244.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838694/; classtype:trojan-activity;sid:83701794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.86.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838693/; classtype:trojan-activity;sid:83701793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.23.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838692/; classtype:trojan-activity;sid:83701792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.185.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838691/; classtype:trojan-activity;sid:83701791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.21.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838690/; classtype:trojan-activity;sid:83701790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.217.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838689/; classtype:trojan-activity;sid:83701789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.219.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838688/; classtype:trojan-activity;sid:83701788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.128.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838686/; classtype:trojan-activity;sid:83701786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.212.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838687/; classtype:trojan-activity;sid:83701787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.191.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838684/; classtype:trojan-activity;sid:83701784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.220.154.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838685/; classtype:trojan-activity;sid:83701785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.173.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838683/; classtype:trojan-activity;sid:83701783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.221.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838682/; classtype:trojan-activity;sid:83701782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.4.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838681/; classtype:trojan-activity;sid:83701781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.152.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838680/; classtype:trojan-activity;sid:83701780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838679/; classtype:trojan-activity;sid:83701779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.242.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838678/; classtype:trojan-activity;sid:83701778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.192.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838677/; classtype:trojan-activity;sid:83701777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.248.127.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838676/; classtype:trojan-activity;sid:83701776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.104.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838674/; classtype:trojan-activity;sid:83701774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838675/; classtype:trojan-activity;sid:83701775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.69.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838673/; classtype:trojan-activity;sid:83701773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.174.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838671/; classtype:trojan-activity;sid:83701771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838670/; classtype:trojan-activity;sid:83701770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.101.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838668/; classtype:trojan-activity;sid:83701768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.21.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838669/; classtype:trojan-activity;sid:83701769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.185.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838667/; classtype:trojan-activity;sid:83701767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.23.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838666/; classtype:trojan-activity;sid:83701766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.221.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838665/; classtype:trojan-activity;sid:83701765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.238.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838664/; classtype:trojan-activity;sid:83701764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838663/; classtype:trojan-activity;sid:83701763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.217.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838662/; classtype:trojan-activity;sid:83701762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.183.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838661/; classtype:trojan-activity;sid:83701761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.173.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838660/; classtype:trojan-activity;sid:83701760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.38.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838659/; classtype:trojan-activity;sid:83701759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838658/; classtype:trojan-activity;sid:83701758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838657/; classtype:trojan-activity;sid:83701757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.108.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838656/; classtype:trojan-activity;sid:83701756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.100.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838654/; classtype:trojan-activity;sid:83701754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.52.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838655/; classtype:trojan-activity;sid:83701755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.69.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838653/; classtype:trojan-activity;sid:83701753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.174.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838651/; classtype:trojan-activity;sid:83701751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.17.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838652/; classtype:trojan-activity;sid:83701752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838650/; classtype:trojan-activity;sid:83701750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.242.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838649/; classtype:trojan-activity;sid:83701749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.234.64.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838648/; classtype:trojan-activity;sid:83701748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.174.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838645/; classtype:trojan-activity;sid:83701745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838646/; classtype:trojan-activity;sid:83701746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.237.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838647/; classtype:trojan-activity;sid:83701747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.138.255.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838644/; classtype:trojan-activity;sid:83701744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.201.0.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838643/; classtype:trojan-activity;sid:83701743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.190.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838641/; classtype:trojan-activity;sid:83701741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.24.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838639/; classtype:trojan-activity;sid:83701739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.169.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838640/; classtype:trojan-activity;sid:83701740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.147.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838638/; classtype:trojan-activity;sid:83701738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.38.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838637/; classtype:trojan-activity;sid:83701737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.163.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838636/; classtype:trojan-activity;sid:83701736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.6.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838635/; classtype:trojan-activity;sid:83701735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.64.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838634/; classtype:trojan-activity;sid:83701734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.245.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838633/; classtype:trojan-activity;sid:83701733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.52.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838631/; classtype:trojan-activity;sid:83701731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.209.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838632/; classtype:trojan-activity;sid:83701732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838628/; classtype:trojan-activity;sid:83701728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.175.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838629/; classtype:trojan-activity;sid:83701729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.189.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838630/; classtype:trojan-activity;sid:83701730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838627/; classtype:trojan-activity;sid:83701727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.174.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838626/; classtype:trojan-activity;sid:83701726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.194.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838625/; classtype:trojan-activity;sid:83701725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1091462820069118054/1236274464740741151/djs-embeds.exe|3f|ex=663769d1|7c|26|7c|is=66361851|7c|26|7c|hm=59c574848a25d701c41a41c26159e34d4f192e12b42d177e4a124c85bdf9e9a2|7c|26|7c|"; depth:190; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838623/; classtype:trojan-activity;sid:83701723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.208.66.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838622/; classtype:trojan-activity;sid:83701722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.244.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838620/; classtype:trojan-activity;sid:83701720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.64.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838619/; classtype:trojan-activity;sid:83701719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.6.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838618/; classtype:trojan-activity;sid:83701718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.237.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838616/; classtype:trojan-activity;sid:83701716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.48.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838617/; classtype:trojan-activity;sid:83701717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.48.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838615/; classtype:trojan-activity;sid:83701715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.52.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838614/; classtype:trojan-activity;sid:83701714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.57.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838613/; classtype:trojan-activity;sid:83701713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838612/; classtype:trojan-activity;sid:83701712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838611/; classtype:trojan-activity;sid:83701711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.34.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838610/; classtype:trojan-activity;sid:83701710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.92.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838609/; classtype:trojan-activity;sid:83701709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.129.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838608/; classtype:trojan-activity;sid:83701708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.208.66.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838607/; classtype:trojan-activity;sid:83701707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.23.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838605/; classtype:trojan-activity;sid:83701705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.182.189.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838604/; classtype:trojan-activity;sid:83701704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.105.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838600/; classtype:trojan-activity;sid:83701700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.36.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838601/; classtype:trojan-activity;sid:83701701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838602/; classtype:trojan-activity;sid:83701702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.237.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838599/; classtype:trojan-activity;sid:83701699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.42.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838598/; classtype:trojan-activity;sid:83701698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.147.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838597/; classtype:trojan-activity;sid:83701697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.19.157.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838596/; classtype:trojan-activity;sid:83701696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.83.1.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838594/; classtype:trojan-activity;sid:83701694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838595/; classtype:trojan-activity;sid:83701695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.165.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838590/; classtype:trojan-activity;sid:83701690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.27.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838589/; classtype:trojan-activity;sid:83701689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838587/; classtype:trojan-activity;sid:83701687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.36.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838588/; classtype:trojan-activity;sid:83701688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.130.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838586/; classtype:trojan-activity;sid:83701686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.92.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838584/; classtype:trojan-activity;sid:83701684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.134.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838582/; classtype:trojan-activity;sid:83701682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.23.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838581/; classtype:trojan-activity;sid:83701681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.225.161.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838580/; classtype:trojan-activity;sid:83701680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838578/; classtype:trojan-activity;sid:83701678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.183.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838577/; classtype:trojan-activity;sid:83701677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.202.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838576/; classtype:trojan-activity;sid:83701676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838575/; classtype:trojan-activity;sid:83701675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.250.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838574/; classtype:trojan-activity;sid:83701674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.147.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838573/; classtype:trojan-activity;sid:83701673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.34.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838572/; classtype:trojan-activity;sid:83701672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.254.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838571/; classtype:trojan-activity;sid:83701671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.127.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838570/; classtype:trojan-activity;sid:83701670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.173.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838569/; classtype:trojan-activity;sid:83701669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.49.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838566/; classtype:trojan-activity;sid:83701666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.18.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838564/; classtype:trojan-activity;sid:83701664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.53.227.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838561/; classtype:trojan-activity;sid:83701661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.183.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838562/; classtype:trojan-activity;sid:83701662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.92.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838560/; classtype:trojan-activity;sid:83701660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.113.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838559/; classtype:trojan-activity;sid:83701659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.26.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838557/; classtype:trojan-activity;sid:83701657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.254.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838558/; classtype:trojan-activity;sid:83701658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.175.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838555/; classtype:trojan-activity;sid:83701655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.111.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838554/; classtype:trojan-activity;sid:83701654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.183.24.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838553/; classtype:trojan-activity;sid:83701653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838552/; classtype:trojan-activity;sid:83701652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838550/; classtype:trojan-activity;sid:83701650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.234.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838549/; classtype:trojan-activity;sid:83701649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.120.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838548/; classtype:trojan-activity;sid:83701648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.78.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838547/; classtype:trojan-activity;sid:83701647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.49.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838546/; classtype:trojan-activity;sid:83701646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.227.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838545/; classtype:trojan-activity;sid:83701645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838544/; classtype:trojan-activity;sid:83701644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838542/; classtype:trojan-activity;sid:83701642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.22.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838541/; classtype:trojan-activity;sid:83701641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.182.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838538/; classtype:trojan-activity;sid:83701638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.234.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838536/; classtype:trojan-activity;sid:83701636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.227.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838534/; classtype:trojan-activity;sid:83701634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838533/; classtype:trojan-activity;sid:83701633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.22.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838532/; classtype:trojan-activity;sid:83701632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.83.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838531/; classtype:trojan-activity;sid:83701631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.14.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838529/; classtype:trojan-activity;sid:83701629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838530/; classtype:trojan-activity;sid:83701630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.234.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838527/; classtype:trojan-activity;sid:83701627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838526/; classtype:trojan-activity;sid:83701626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.79.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838525/; classtype:trojan-activity;sid:83701625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.119.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838524/; classtype:trojan-activity;sid:83701624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.1.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838523/; classtype:trojan-activity;sid:83701623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.207.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838522/; classtype:trojan-activity;sid:83701622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838520/; classtype:trojan-activity;sid:83701620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.35.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838519/; classtype:trojan-activity;sid:83701619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.34.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838518/; classtype:trojan-activity;sid:83701618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.162.62.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838517/; classtype:trojan-activity;sid:83701617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.83.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838516/; classtype:trojan-activity;sid:83701616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.182.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838514/; classtype:trojan-activity;sid:83701614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.14.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838513/; classtype:trojan-activity;sid:83701613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.251.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838512/; classtype:trojan-activity;sid:83701612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838511/; classtype:trojan-activity;sid:83701611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838510/; classtype:trojan-activity;sid:83701610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.204.168.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838509/; classtype:trojan-activity;sid:83701609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.23.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838507/; classtype:trojan-activity;sid:83701607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.121.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838508/; classtype:trojan-activity;sid:83701608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.1.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838505/; classtype:trojan-activity;sid:83701605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.207.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838504/; classtype:trojan-activity;sid:83701604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.195.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838503/; classtype:trojan-activity;sid:83701603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.119.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838502/; classtype:trojan-activity;sid:83701602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.240.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838501/; classtype:trojan-activity;sid:83701601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838500/; classtype:trojan-activity;sid:83701600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.63.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838499/; classtype:trojan-activity;sid:83701599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.196.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838497/; classtype:trojan-activity;sid:83701597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.122.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838496/; classtype:trojan-activity;sid:83701596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.33.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838495/; classtype:trojan-activity;sid:83701595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.84.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838493/; classtype:trojan-activity;sid:83701593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.179.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838492/; classtype:trojan-activity;sid:83701592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.130.35.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838491/; classtype:trojan-activity;sid:83701591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.251.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838487/; classtype:trojan-activity;sid:83701587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.182.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838484/; classtype:trojan-activity;sid:83701584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.162.62.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838483/; classtype:trojan-activity;sid:83701583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.233.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838481/; classtype:trojan-activity;sid:83701581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.43.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838480/; classtype:trojan-activity;sid:83701580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.61.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838479/; classtype:trojan-activity;sid:83701579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.72.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838478/; classtype:trojan-activity;sid:83701578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.122.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838477/; classtype:trojan-activity;sid:83701577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.156.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838476/; classtype:trojan-activity;sid:83701576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838475/; classtype:trojan-activity;sid:83701575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.118.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838474/; classtype:trojan-activity;sid:83701574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.180.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838472/; classtype:trojan-activity;sid:83701572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.34.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838471/; classtype:trojan-activity;sid:83701571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.150.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838469/; classtype:trojan-activity;sid:83701569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.223.27.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838470/; classtype:trojan-activity;sid:83701570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.33.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838468/; classtype:trojan-activity;sid:83701568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.240.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838467/; classtype:trojan-activity;sid:83701567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.2.2"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838465/; classtype:trojan-activity;sid:83701565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.79.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838463/; classtype:trojan-activity;sid:83701563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.180.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838462/; classtype:trojan-activity;sid:83701562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.86.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838461/; classtype:trojan-activity;sid:83701561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.240.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838460/; classtype:trojan-activity;sid:83701560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.19.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838459/; classtype:trojan-activity;sid:83701559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.51.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838458/; classtype:trojan-activity;sid:83701558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.67.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838457/; classtype:trojan-activity;sid:83701557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.65.154"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838455/; classtype:trojan-activity;sid:83701555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.90.25.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838454/; classtype:trojan-activity;sid:83701554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.147.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838451/; classtype:trojan-activity;sid:83701551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.105.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838450/; classtype:trojan-activity;sid:83701550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.43.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838449/; classtype:trojan-activity;sid:83701549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.217.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838448/; classtype:trojan-activity;sid:83701548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.51.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838447/; classtype:trojan-activity;sid:83701547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838444/; classtype:trojan-activity;sid:83701544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838445/; classtype:trojan-activity;sid:83701545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.86.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838443/; classtype:trojan-activity;sid:83701543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.188.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838442/; classtype:trojan-activity;sid:83701542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.19.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838439/; classtype:trojan-activity;sid:83701539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.178.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838440/; classtype:trojan-activity;sid:83701540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.19.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838436/; classtype:trojan-activity;sid:83701536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.65.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838431/; classtype:trojan-activity;sid:83701531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.243.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838430/; classtype:trojan-activity;sid:83701530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.46.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838428/; classtype:trojan-activity;sid:83701528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.134.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838427/; classtype:trojan-activity;sid:83701527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838426/; classtype:trojan-activity;sid:83701526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.199.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838425/; classtype:trojan-activity;sid:83701525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.88.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838423/; classtype:trojan-activity;sid:83701523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.81.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838424/; classtype:trojan-activity;sid:83701524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838411/; classtype:trojan-activity;sid:83701511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838402/; classtype:trojan-activity;sid:83701502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838403/; classtype:trojan-activity;sid:83701503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838404/; classtype:trojan-activity;sid:83701504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838405/; classtype:trojan-activity;sid:83701505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838406/; classtype:trojan-activity;sid:83701506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838407/; classtype:trojan-activity;sid:83701507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838408/; classtype:trojan-activity;sid:83701508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xh0roxxnavebusyoo.x86"; depth:23; endswith; nocase; http.host; content:"185.216.70.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838409/; classtype:trojan-activity;sid:83701509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"185.216.70.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838410/; classtype:trojan-activity;sid:83701510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838398/; classtype:trojan-activity;sid:83701498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838399/; classtype:trojan-activity;sid:83701499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838400/; classtype:trojan-activity;sid:83701500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838401/; classtype:trojan-activity;sid:83701501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838395/; classtype:trojan-activity;sid:83701495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838396/; classtype:trojan-activity;sid:83701496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838397/; classtype:trojan-activity;sid:83701497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838392/; classtype:trojan-activity;sid:83701492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838393/; classtype:trojan-activity;sid:83701493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838394/; classtype:trojan-activity;sid:83701494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838387/; classtype:trojan-activity;sid:83701487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838388/; classtype:trojan-activity;sid:83701488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838389/; classtype:trojan-activity;sid:83701489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838390/; classtype:trojan-activity;sid:83701490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838391/; classtype:trojan-activity;sid:83701491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838384/; classtype:trojan-activity;sid:83701484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838385/; classtype:trojan-activity;sid:83701485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838386/; classtype:trojan-activity;sid:83701486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"185.216.70.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838383/; classtype:trojan-activity;sid:83701483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838382/; classtype:trojan-activity;sid:83701482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838375/; classtype:trojan-activity;sid:83701475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.216.70.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838376/; classtype:trojan-activity;sid:83701476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838377/; classtype:trojan-activity;sid:83701477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838378/; classtype:trojan-activity;sid:83701478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838379/; classtype:trojan-activity;sid:83701479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838380/; classtype:trojan-activity;sid:83701480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838381/; classtype:trojan-activity;sid:83701481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838369/; classtype:trojan-activity;sid:83701469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838370/; classtype:trojan-activity;sid:83701470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.216.70.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838371/; classtype:trojan-activity;sid:83701471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838372/; classtype:trojan-activity;sid:83701472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838373/; classtype:trojan-activity;sid:83701473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838374/; classtype:trojan-activity;sid:83701474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838365/; classtype:trojan-activity;sid:83701465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838366/; classtype:trojan-activity;sid:83701466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838367/; classtype:trojan-activity;sid:83701467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.131.9.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838368/; classtype:trojan-activity;sid:83701468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"178.23.190.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838364/; classtype:trojan-activity;sid:83701464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"85.239.34.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838363/; classtype:trojan-activity;sid:83701463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838362/; classtype:trojan-activity;sid:83701462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.204.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838361/; classtype:trojan-activity;sid:83701461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.24.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838360/; classtype:trojan-activity;sid:83701460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838358/; classtype:trojan-activity;sid:83701458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.239.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838357/; classtype:trojan-activity;sid:83701457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.181.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838356/; classtype:trojan-activity;sid:83701456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.34.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838355/; classtype:trojan-activity;sid:83701455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.46.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838354/; classtype:trojan-activity;sid:83701454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.240.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838352/; classtype:trojan-activity;sid:83701452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.238.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838351/; classtype:trojan-activity;sid:83701451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.88.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838349/; classtype:trojan-activity;sid:83701449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.239.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838350/; classtype:trojan-activity;sid:83701450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.81.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838348/; classtype:trojan-activity;sid:83701448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.237.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838346/; classtype:trojan-activity;sid:83701446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.213.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838345/; classtype:trojan-activity;sid:83701445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.204.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838344/; classtype:trojan-activity;sid:83701444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838343/; classtype:trojan-activity;sid:83701443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.181.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838342/; classtype:trojan-activity;sid:83701442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.240.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838340/; classtype:trojan-activity;sid:83701440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.83.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838341/; classtype:trojan-activity;sid:83701441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.32.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838339/; classtype:trojan-activity;sid:83701439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.183.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838337/; classtype:trojan-activity;sid:83701437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.108.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838336/; classtype:trojan-activity;sid:83701436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.9.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838333/; classtype:trojan-activity;sid:83701433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.213.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838332/; classtype:trojan-activity;sid:83701432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.32.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838330/; classtype:trojan-activity;sid:83701430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.183.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838329/; classtype:trojan-activity;sid:83701429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.115.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838328/; classtype:trojan-activity;sid:83701428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.37.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838327/; classtype:trojan-activity;sid:83701427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.130.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838326/; classtype:trojan-activity;sid:83701426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.10.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838325/; classtype:trojan-activity;sid:83701425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.141.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838323/; classtype:trojan-activity;sid:83701423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838322/; classtype:trojan-activity;sid:83701422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.9.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838320/; classtype:trojan-activity;sid:83701420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838319/; classtype:trojan-activity;sid:83701419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.217.187.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838318/; classtype:trojan-activity;sid:83701418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.148.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838317/; classtype:trojan-activity;sid:83701417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.23.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838316/; classtype:trojan-activity;sid:83701416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.18.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838315/; classtype:trojan-activity;sid:83701415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.72.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838314/; classtype:trojan-activity;sid:83701414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.130.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838313/; classtype:trojan-activity;sid:83701413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838312/; classtype:trojan-activity;sid:83701412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838311/; classtype:trojan-activity;sid:83701411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.75.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838310/; classtype:trojan-activity;sid:83701410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.237.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838309/; classtype:trojan-activity;sid:83701409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.254.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838308/; classtype:trojan-activity;sid:83701408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.148.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838307/; classtype:trojan-activity;sid:83701407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.23.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838306/; classtype:trojan-activity;sid:83701406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838305/; classtype:trojan-activity;sid:83701405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.191.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838304/; classtype:trojan-activity;sid:83701404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"62.217.187.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838303/; classtype:trojan-activity;sid:83701403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.112.179.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838302/; classtype:trojan-activity;sid:83701402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.81.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838301/; classtype:trojan-activity;sid:83701401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.72.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838300/; classtype:trojan-activity;sid:83701400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.172.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838299/; classtype:trojan-activity;sid:83701399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.174.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838298/; classtype:trojan-activity;sid:83701398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.249.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838297/; classtype:trojan-activity;sid:83701397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.196.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838296/; classtype:trojan-activity;sid:83701396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.237.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838294/; classtype:trojan-activity;sid:83701394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.169.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838295/; classtype:trojan-activity;sid:83701395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.84.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838293/; classtype:trojan-activity;sid:83701393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.194.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838292/; classtype:trojan-activity;sid:83701392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.112.179.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838291/; classtype:trojan-activity;sid:83701391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.147.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838290/; classtype:trojan-activity;sid:83701390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.191.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838289/; classtype:trojan-activity;sid:83701389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.150.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838288/; classtype:trojan-activity;sid:83701388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.32.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838287/; classtype:trojan-activity;sid:83701387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.10.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838286/; classtype:trojan-activity;sid:83701386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.180.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838285/; classtype:trojan-activity;sid:83701385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.190.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838284/; classtype:trojan-activity;sid:83701384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.133.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838283/; classtype:trojan-activity;sid:83701383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838282/; classtype:trojan-activity;sid:83701382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838281/; classtype:trojan-activity;sid:83701381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.144.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838279/; classtype:trojan-activity;sid:83701379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.95.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838280/; classtype:trojan-activity;sid:83701380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.14.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838278/; classtype:trojan-activity;sid:83701378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838277/; classtype:trojan-activity;sid:83701377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.180.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838276/; classtype:trojan-activity;sid:83701376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.174.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838275/; classtype:trojan-activity;sid:83701375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838274/; classtype:trojan-activity;sid:83701374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838273/; classtype:trojan-activity;sid:83701373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.129.242.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838272/; classtype:trojan-activity;sid:83701372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.103.37.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838271/; classtype:trojan-activity;sid:83701371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.57.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838270/; classtype:trojan-activity;sid:83701370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838269/; classtype:trojan-activity;sid:83701369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838268/; classtype:trojan-activity;sid:83701368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.32.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838267/; classtype:trojan-activity;sid:83701367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.180.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838266/; classtype:trojan-activity;sid:83701366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.1.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838265/; classtype:trojan-activity;sid:83701365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.9.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838264/; classtype:trojan-activity;sid:83701364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.10.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838263/; classtype:trojan-activity;sid:83701363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.133.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838261/; classtype:trojan-activity;sid:83701361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.36.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838262/; classtype:trojan-activity;sid:83701362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.211.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838260/; classtype:trojan-activity;sid:83701360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.58.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838259/; classtype:trojan-activity;sid:83701359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.171.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838258/; classtype:trojan-activity;sid:83701358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.42.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838257/; classtype:trojan-activity;sid:83701357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.202.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838256/; classtype:trojan-activity;sid:83701356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.126.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838255/; classtype:trojan-activity;sid:83701355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.67.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838254/; classtype:trojan-activity;sid:83701354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838253/; classtype:trojan-activity;sid:83701353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.157.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838252/; classtype:trojan-activity;sid:83701352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.11.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838251/; classtype:trojan-activity;sid:83701351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838249/; classtype:trojan-activity;sid:83701349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.129.242.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838250/; classtype:trojan-activity;sid:83701350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.171.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838248/; classtype:trojan-activity;sid:83701348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.206.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838247/; classtype:trojan-activity;sid:83701347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.72.177.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838246/; classtype:trojan-activity;sid:83701346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.36.223.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838245/; classtype:trojan-activity;sid:83701345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.214.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838244/; classtype:trojan-activity;sid:83701344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838243/; classtype:trojan-activity;sid:83701343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838242/; classtype:trojan-activity;sid:83701342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.126.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838241/; classtype:trojan-activity;sid:83701341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.203.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838240/; classtype:trojan-activity;sid:83701340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838239/; classtype:trojan-activity;sid:83701339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.222.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838238/; classtype:trojan-activity;sid:83701338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.187.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838237/; classtype:trojan-activity;sid:83701337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.72.177.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838236/; classtype:trojan-activity;sid:83701336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838235/; classtype:trojan-activity;sid:83701335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.52.19.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838233/; classtype:trojan-activity;sid:83701333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.247.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838234/; classtype:trojan-activity;sid:83701334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.24.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838232/; classtype:trojan-activity;sid:83701332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.206.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838231/; classtype:trojan-activity;sid:83701331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.205.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838229/; classtype:trojan-activity;sid:83701329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.214.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838230/; classtype:trojan-activity;sid:83701330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.242.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838228/; classtype:trojan-activity;sid:83701328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.63.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838227/; classtype:trojan-activity;sid:83701327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.87.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838226/; classtype:trojan-activity;sid:83701326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838225/; classtype:trojan-activity;sid:83701325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.243.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838224/; classtype:trojan-activity;sid:83701324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.177.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838222/; classtype:trojan-activity;sid:83701322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.104.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838223/; classtype:trojan-activity;sid:83701323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.247.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838221/; classtype:trojan-activity;sid:83701321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.187.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838220/; classtype:trojan-activity;sid:83701320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838219/; classtype:trojan-activity;sid:83701319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.184.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838218/; classtype:trojan-activity;sid:83701318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.102.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838217/; classtype:trojan-activity;sid:83701317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838216/; classtype:trojan-activity;sid:83701316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.196.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838214/; classtype:trojan-activity;sid:83701314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.24.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838215/; classtype:trojan-activity;sid:83701315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838213/; classtype:trojan-activity;sid:83701313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.248.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838212/; classtype:trojan-activity;sid:83701312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.236.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838211/; classtype:trojan-activity;sid:83701311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.239.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838210/; classtype:trojan-activity;sid:83701310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.243.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838209/; classtype:trojan-activity;sid:83701309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.2.52.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838208/; classtype:trojan-activity;sid:83701308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838207/; classtype:trojan-activity;sid:83701307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.254.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838206/; classtype:trojan-activity;sid:83701306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838205/; classtype:trojan-activity;sid:83701305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.205.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838203/; classtype:trojan-activity;sid:83701303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.142.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838204/; classtype:trojan-activity;sid:83701304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.242.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838202/; classtype:trojan-activity;sid:83701302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.184.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838201/; classtype:trojan-activity;sid:83701301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.118.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838200/; classtype:trojan-activity;sid:83701300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.63.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838199/; classtype:trojan-activity;sid:83701299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.16.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838198/; classtype:trojan-activity;sid:83701298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.104.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838197/; classtype:trojan-activity;sid:83701297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.241.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838196/; classtype:trojan-activity;sid:83701296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.149.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838195/; classtype:trojan-activity;sid:83701295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.32.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838194/; classtype:trojan-activity;sid:83701294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.180.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838193/; classtype:trojan-activity;sid:83701293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.102.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838192/; classtype:trojan-activity;sid:83701292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838191/; classtype:trojan-activity;sid:83701291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.229.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838190/; classtype:trojan-activity;sid:83701290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.243.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838189/; classtype:trojan-activity;sid:83701289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.12.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838188/; classtype:trojan-activity;sid:83701288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.214.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838187/; classtype:trojan-activity;sid:83701287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.99.0.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838186/; classtype:trojan-activity;sid:83701286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.32.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838185/; classtype:trojan-activity;sid:83701285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.58.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838184/; classtype:trojan-activity;sid:83701284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838183/; classtype:trojan-activity;sid:83701283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.233.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838182/; classtype:trojan-activity;sid:83701282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.11.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838181/; classtype:trojan-activity;sid:83701281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.54.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838180/; classtype:trojan-activity;sid:83701280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.46.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838179/; classtype:trojan-activity;sid:83701279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.68.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838178/; classtype:trojan-activity;sid:83701278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.118.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838176/; classtype:trojan-activity;sid:83701276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.5.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838177/; classtype:trojan-activity;sid:83701277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838175/; classtype:trojan-activity;sid:83701275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.28.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838174/; classtype:trojan-activity;sid:83701274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.121.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838173/; classtype:trojan-activity;sid:83701273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.105.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838172/; classtype:trojan-activity;sid:83701272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838171/; classtype:trojan-activity;sid:83701271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.54.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838170/; classtype:trojan-activity;sid:83701270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.77.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838169/; classtype:trojan-activity;sid:83701269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.250.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838168/; classtype:trojan-activity;sid:83701268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.241.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838167/; classtype:trojan-activity;sid:83701267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.214.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838166/; classtype:trojan-activity;sid:83701266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.167.27.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838165/; classtype:trojan-activity;sid:83701265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838164/; classtype:trojan-activity;sid:83701264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.233.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838163/; classtype:trojan-activity;sid:83701263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.10.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838162/; classtype:trojan-activity;sid:83701262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.5.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838161/; classtype:trojan-activity;sid:83701261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.229.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838160/; classtype:trojan-activity;sid:83701260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.46.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838159/; classtype:trojan-activity;sid:83701259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.122.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838158/; classtype:trojan-activity;sid:83701258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.105.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838156/; classtype:trojan-activity;sid:83701256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.118.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838157/; classtype:trojan-activity;sid:83701257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.121.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838155/; classtype:trojan-activity;sid:83701255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/94156"; depth:6; endswith; nocase; http.host; content:"85.209.133.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838154/; classtype:trojan-activity;sid:83701254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.182.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838153/; classtype:trojan-activity;sid:83701253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838152/; classtype:trojan-activity;sid:83701252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.97.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838151/; classtype:trojan-activity;sid:83701251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.214.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838149/; classtype:trojan-activity;sid:83701249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.120.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838150/; classtype:trojan-activity;sid:83701250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838148/; classtype:trojan-activity;sid:83701248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838147/; classtype:trojan-activity;sid:83701247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838146/; classtype:trojan-activity;sid:83701246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.188.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838145/; classtype:trojan-activity;sid:83701245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838144/; classtype:trojan-activity;sid:83701244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838143/; classtype:trojan-activity;sid:83701243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838142/; classtype:trojan-activity;sid:83701242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.48.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838141/; classtype:trojan-activity;sid:83701241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.4.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838140/; classtype:trojan-activity;sid:83701240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.162.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838139/; classtype:trojan-activity;sid:83701239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838138/; classtype:trojan-activity;sid:83701238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.229.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838134/; classtype:trojan-activity;sid:83701234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.127.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838135/; classtype:trojan-activity;sid:83701235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.122.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838136/; classtype:trojan-activity;sid:83701236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.5.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838137/; classtype:trojan-activity;sid:83701237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.180.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838132/; classtype:trojan-activity;sid:83701232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.108.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838133/; classtype:trojan-activity;sid:83701233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.44.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838131/; classtype:trojan-activity;sid:83701231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.120.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838130/; classtype:trojan-activity;sid:83701230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838129/; classtype:trojan-activity;sid:83701229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.34.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838128/; classtype:trojan-activity;sid:83701228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.129.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838127/; classtype:trojan-activity;sid:83701227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.100.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838126/; classtype:trojan-activity;sid:83701226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.240.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838125/; classtype:trojan-activity;sid:83701225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.84.110.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838124/; classtype:trojan-activity;sid:83701224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.44.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838123/; classtype:trojan-activity;sid:83701223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.238.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838122/; classtype:trojan-activity;sid:83701222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838120/; classtype:trojan-activity;sid:83701220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.48.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838121/; classtype:trojan-activity;sid:83701221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.120.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838119/; classtype:trojan-activity;sid:83701219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838118/; classtype:trojan-activity;sid:83701218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.147.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838117/; classtype:trojan-activity;sid:83701217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.217.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838116/; classtype:trojan-activity;sid:83701216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.143.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838115/; classtype:trojan-activity;sid:83701215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838114/; classtype:trojan-activity;sid:83701214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838113/; classtype:trojan-activity;sid:83701213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.22.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838111/; classtype:trojan-activity;sid:83701211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.237.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838112/; classtype:trojan-activity;sid:83701212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.249.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838110/; classtype:trojan-activity;sid:83701210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838109/; classtype:trojan-activity;sid:83701209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.116.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838108/; classtype:trojan-activity;sid:83701208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.56.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838107/; classtype:trojan-activity;sid:83701207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.37.3.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838106/; classtype:trojan-activity;sid:83701206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.25.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838105/; classtype:trojan-activity;sid:83701205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.22.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838103/; classtype:trojan-activity;sid:83701203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.56.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838104/; classtype:trojan-activity;sid:83701204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838102/; classtype:trojan-activity;sid:83701202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.6.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838101/; classtype:trojan-activity;sid:83701201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838100/; classtype:trojan-activity;sid:83701200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"115.48.137.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838099/; classtype:trojan-activity;sid:83701199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.56.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838098/; classtype:trojan-activity;sid:83701198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838097/; classtype:trojan-activity;sid:83701197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.22.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838096/; classtype:trojan-activity;sid:83701196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.143.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838095/; classtype:trojan-activity;sid:83701195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.221.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838094/; classtype:trojan-activity;sid:83701194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.254.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838093/; classtype:trojan-activity;sid:83701193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.86.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838091/; classtype:trojan-activity;sid:83701191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/img4.jpg"; depth:13; endswith; nocase; http.host; content:"9s5.biz"; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838092/; classtype:trojan-activity;sid:83701192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.35.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838090/; classtype:trojan-activity;sid:83701190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.25.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838089/; classtype:trojan-activity;sid:83701189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.57.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838088/; classtype:trojan-activity;sid:83701188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.235.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838087/; classtype:trojan-activity;sid:83701187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838086/; classtype:trojan-activity;sid:83701186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.151.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838085/; classtype:trojan-activity;sid:83701185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.149.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838084/; classtype:trojan-activity;sid:83701184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.108.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838083/; classtype:trojan-activity;sid:83701183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.108.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838082/; classtype:trojan-activity;sid:83701182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.250.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838080/; classtype:trojan-activity;sid:83701180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.86.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838081/; classtype:trojan-activity;sid:83701181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.194.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838079/; classtype:trojan-activity;sid:83701179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.1.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838078/; classtype:trojan-activity;sid:83701178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838077/; classtype:trojan-activity;sid:83701177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.63.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838075/; classtype:trojan-activity;sid:83701175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.35.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838076/; classtype:trojan-activity;sid:83701176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838074/; classtype:trojan-activity;sid:83701174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.160.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838073/; classtype:trojan-activity;sid:83701173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.101.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838072/; classtype:trojan-activity;sid:83701172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.250.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838071/; classtype:trojan-activity;sid:83701171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.235.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838070/; classtype:trojan-activity;sid:83701170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.207.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838069/; classtype:trojan-activity;sid:83701169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.194.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838068/; classtype:trojan-activity;sid:83701168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.151.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838067/; classtype:trojan-activity;sid:83701167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.108.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838066/; classtype:trojan-activity;sid:83701166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.148.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838065/; classtype:trojan-activity;sid:83701165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.66.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838064/; classtype:trojan-activity;sid:83701164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.191.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838063/; classtype:trojan-activity;sid:83701163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.209.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838062/; classtype:trojan-activity;sid:83701162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.173.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838060/; classtype:trojan-activity;sid:83701160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.249.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838061/; classtype:trojan-activity;sid:83701161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.102.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838059/; classtype:trojan-activity;sid:83701159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.31.72.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838058/; classtype:trojan-activity;sid:83701158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.125.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838057/; classtype:trojan-activity;sid:83701157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838056/; classtype:trojan-activity;sid:83701156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.1.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838055/; classtype:trojan-activity;sid:83701155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.94.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838054/; classtype:trojan-activity;sid:83701154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.194.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838053/; classtype:trojan-activity;sid:83701153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.32.172.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838052/; classtype:trojan-activity;sid:83701152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.60.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838051/; classtype:trojan-activity;sid:83701151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.160.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838049/; classtype:trojan-activity;sid:83701149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.32.172.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838050/; classtype:trojan-activity;sid:83701150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838048/; classtype:trojan-activity;sid:83701148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.90.68.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838047/; classtype:trojan-activity;sid:83701147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.142.77.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838046/; classtype:trojan-activity;sid:83701146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.9.29"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838044/; classtype:trojan-activity;sid:83701144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.9.29"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838045/; classtype:trojan-activity;sid:83701145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.173.225.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838042/; classtype:trojan-activity;sid:83701142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.31.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838043/; classtype:trojan-activity;sid:83701143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838041/; classtype:trojan-activity;sid:83701141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"104.175.34.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838039/; classtype:trojan-activity;sid:83701139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.160.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838040/; classtype:trojan-activity;sid:83701140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.212.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838038/; classtype:trojan-activity;sid:83701138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838037/; classtype:trojan-activity;sid:83701137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.47.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838035/; classtype:trojan-activity;sid:83701135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838036/; classtype:trojan-activity;sid:83701136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.66.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838033/; classtype:trojan-activity;sid:83701133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.221.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838034/; classtype:trojan-activity;sid:83701134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.240.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838032/; classtype:trojan-activity;sid:83701132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838031/; classtype:trojan-activity;sid:83701131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.99.0.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838029/; classtype:trojan-activity;sid:83701129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.160.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838030/; classtype:trojan-activity;sid:83701130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.2.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838028/; classtype:trojan-activity;sid:83701128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.0.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838027/; classtype:trojan-activity;sid:83701127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.194.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838024/; classtype:trojan-activity;sid:83701124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.43.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838025/; classtype:trojan-activity;sid:83701125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.213.184.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838026/; classtype:trojan-activity;sid:83701126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.137.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838021/; classtype:trojan-activity;sid:83701121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838022/; classtype:trojan-activity;sid:83701122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.173.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838023/; classtype:trojan-activity;sid:83701123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.254.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838017/; classtype:trojan-activity;sid:83701117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.135.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838018/; classtype:trojan-activity;sid:83701118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.29.22.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838019/; classtype:trojan-activity;sid:83701119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838020/; classtype:trojan-activity;sid:83701120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838012/; classtype:trojan-activity;sid:83701112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838013/; classtype:trojan-activity;sid:83701113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.194.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838014/; classtype:trojan-activity;sid:83701114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.61.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838015/; classtype:trojan-activity;sid:83701115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.47.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838016/; classtype:trojan-activity;sid:83701116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.80.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838009/; classtype:trojan-activity;sid:83701109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.249.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838010/; classtype:trojan-activity;sid:83701110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.183.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838011/; classtype:trojan-activity;sid:83701111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838005/; classtype:trojan-activity;sid:83701105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.132.76.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838006/; classtype:trojan-activity;sid:83701106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.29"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838007/; classtype:trojan-activity;sid:83701107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.202.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838008/; classtype:trojan-activity;sid:83701108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.137.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838000/; classtype:trojan-activity;sid:83701100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838001/; classtype:trojan-activity;sid:83701101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.130.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838002/; classtype:trojan-activity;sid:83701102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.41.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838003/; classtype:trojan-activity;sid:83701103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.234.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838004/; classtype:trojan-activity;sid:83701104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.130.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837996/; classtype:trojan-activity;sid:83701096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.150.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837997/; classtype:trojan-activity;sid:83701097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.145.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837998/; classtype:trojan-activity;sid:83701098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/img3.jpg"; depth:13; endswith; nocase; http.host; content:"9s5.biz"; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837999/; classtype:trojan-activity;sid:83701099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837985/; classtype:trojan-activity;sid:83701085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837986/; classtype:trojan-activity;sid:83701086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.183.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837987/; classtype:trojan-activity;sid:83701087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837988/; classtype:trojan-activity;sid:83701088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.217.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837989/; classtype:trojan-activity;sid:83701089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837990/; classtype:trojan-activity;sid:83701090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837991/; classtype:trojan-activity;sid:83701091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.72.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837992/; classtype:trojan-activity;sid:83701092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.124.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837993/; classtype:trojan-activity;sid:83701093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837994/; classtype:trojan-activity;sid:83701094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.50.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837995/; classtype:trojan-activity;sid:83701095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.89.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837979/; classtype:trojan-activity;sid:83701079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.90.68.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837980/; classtype:trojan-activity;sid:83701080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.251.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837981/; classtype:trojan-activity;sid:83701081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.150.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837982/; classtype:trojan-activity;sid:83701082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.94.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837983/; classtype:trojan-activity;sid:83701083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.91.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837984/; classtype:trojan-activity;sid:83701084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.156.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837976/; classtype:trojan-activity;sid:83701076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.235.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837977/; classtype:trojan-activity;sid:83701077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.254.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837978/; classtype:trojan-activity;sid:83701078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.43.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837973/; classtype:trojan-activity;sid:83701073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.56.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837974/; classtype:trojan-activity;sid:83701074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.46.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837975/; classtype:trojan-activity;sid:83701075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zhw10.exe"; depth:10; endswith; nocase; http.host; content:"121.61.248.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837970/; classtype:trojan-activity;sid:83701070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyber2019.exe"; depth:14; endswith; nocase; http.host; content:"121.61.248.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837969/; classtype:trojan-activity;sid:83701069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd.rar"; depth:7; endswith; nocase; http.host; content:"121.61.248.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837968/; classtype:trojan-activity;sid:83701068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchosc.exe"; depth:12; endswith; nocase; http.host; content:"121.61.248.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837967/; classtype:trojan-activity;sid:83701067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yungengxin.exe"; depth:15; endswith; nocase; http.host; content:"121.61.248.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837966/; classtype:trojan-activity;sid:83701066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yileyou.exe"; depth:12; endswith; nocase; http.host; content:"121.61.248.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837965/; classtype:trojan-activity;sid:83701065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.1.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837964/; classtype:trojan-activity;sid:83701064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.251.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837963/; classtype:trojan-activity;sid:83701063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.89.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837962/; classtype:trojan-activity;sid:83701062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.112.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837961/; classtype:trojan-activity;sid:83701061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.127.95.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837960/; classtype:trojan-activity;sid:83701060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.48.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837959/; classtype:trojan-activity;sid:83701059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837958/; classtype:trojan-activity;sid:83701058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.91.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837957/; classtype:trojan-activity;sid:83701057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.129.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837956/; classtype:trojan-activity;sid:83701056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.250.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837955/; classtype:trojan-activity;sid:83701055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.153.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837952/; classtype:trojan-activity;sid:83701052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.219.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837953/; classtype:trojan-activity;sid:83701053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837954/; classtype:trojan-activity;sid:83701054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.156.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837951/; classtype:trojan-activity;sid:83701051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.1.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837950/; classtype:trojan-activity;sid:83701050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.127.95.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837949/; classtype:trojan-activity;sid:83701049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.58.215.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837948/; classtype:trojan-activity;sid:83701048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.225.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837947/; classtype:trojan-activity;sid:83701047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.37.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837946/; classtype:trojan-activity;sid:83701046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.47.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837945/; classtype:trojan-activity;sid:83701045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.93.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837944/; classtype:trojan-activity;sid:83701044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.11.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837943/; classtype:trojan-activity;sid:83701043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.5.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837942/; classtype:trojan-activity;sid:83701042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.174.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837941/; classtype:trojan-activity;sid:83701041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.98.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837940/; classtype:trojan-activity;sid:83701040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.243.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837939/; classtype:trojan-activity;sid:83701039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.251.13.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837938/; classtype:trojan-activity;sid:83701038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.211.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837937/; classtype:trojan-activity;sid:83701037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.37.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837936/; classtype:trojan-activity;sid:83701036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.25.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837935/; classtype:trojan-activity;sid:83701035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837934/; classtype:trojan-activity;sid:83701034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.11.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837933/; classtype:trojan-activity;sid:83701033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.162.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837932/; classtype:trojan-activity;sid:83701032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837931/; classtype:trojan-activity;sid:83701031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carrera/"; depth:9; endswith; nocase; http.host; content:"176.113.115.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837930/; classtype:trojan-activity;sid:83701030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837929/; classtype:trojan-activity;sid:83701029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.162.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837928/; classtype:trojan-activity;sid:83701028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.25.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837927/; classtype:trojan-activity;sid:83701027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837926/; classtype:trojan-activity;sid:83701026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.210.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837925/; classtype:trojan-activity;sid:83701025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.117.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837924/; classtype:trojan-activity;sid:83701024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.150.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837922/; classtype:trojan-activity;sid:83701022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.150.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837923/; classtype:trojan-activity;sid:83701023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.223.27.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837921/; classtype:trojan-activity;sid:83701021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837919/; classtype:trojan-activity;sid:83701019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.4.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837920/; classtype:trojan-activity;sid:83701020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.167.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837918/; classtype:trojan-activity;sid:83701018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.210.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837917/; classtype:trojan-activity;sid:83701017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.5.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837916/; classtype:trojan-activity;sid:83701016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.183.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837915/; classtype:trojan-activity;sid:83701015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.88.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837914/; classtype:trojan-activity;sid:83701014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.223.27.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837913/; classtype:trojan-activity;sid:83701013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837912/; classtype:trojan-activity;sid:83701012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.167.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837911/; classtype:trojan-activity;sid:83701011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.163.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837910/; classtype:trojan-activity;sid:83701010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.66.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837909/; classtype:trojan-activity;sid:83701009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.167.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837908/; classtype:trojan-activity;sid:83701008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.220.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837907/; classtype:trojan-activity;sid:83701007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.61.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837906/; classtype:trojan-activity;sid:83701006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.226.51.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837904/; classtype:trojan-activity;sid:83701004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.235.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837905/; classtype:trojan-activity;sid:83701005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837903/; classtype:trojan-activity;sid:83701003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837902/; classtype:trojan-activity;sid:83701002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.61.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837901/; classtype:trojan-activity;sid:83701001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.217.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837900/; classtype:trojan-activity;sid:83701000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837899/; classtype:trojan-activity;sid:83700999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.253.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837898/; classtype:trojan-activity;sid:83700998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.167.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837897/; classtype:trojan-activity;sid:83700997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837896/; classtype:trojan-activity;sid:83700996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.167.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837895/; classtype:trojan-activity;sid:83700995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.121.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837892/; classtype:trojan-activity;sid:83700992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.238"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837893/; classtype:trojan-activity;sid:83700993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.25.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837894/; classtype:trojan-activity;sid:83700994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.110.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837890/; classtype:trojan-activity;sid:83700990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.45.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837891/; classtype:trojan-activity;sid:83700991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.142.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837889/; classtype:trojan-activity;sid:83700989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.99.201.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837888/; classtype:trojan-activity;sid:83700988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837887/; classtype:trojan-activity;sid:83700987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.191.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837886/; classtype:trojan-activity;sid:83700986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.202.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837885/; classtype:trojan-activity;sid:83700985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.152.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837884/; classtype:trojan-activity;sid:83700984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837883/; classtype:trojan-activity;sid:83700983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.226.51.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837882/; classtype:trojan-activity;sid:83700982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.2.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837881/; classtype:trojan-activity;sid:83700981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.201.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837880/; classtype:trojan-activity;sid:83700980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.238.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837879/; classtype:trojan-activity;sid:83700979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837878/; classtype:trojan-activity;sid:83700978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.163.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837877/; classtype:trojan-activity;sid:83700977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.10.137"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837876/; classtype:trojan-activity;sid:83700976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.135.247.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837875/; classtype:trojan-activity;sid:83700975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837874/; classtype:trojan-activity;sid:83700974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.245.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837873/; classtype:trojan-activity;sid:83700973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.82.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837872/; classtype:trojan-activity;sid:83700972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.225.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837871/; classtype:trojan-activity;sid:83700971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.56.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837870/; classtype:trojan-activity;sid:83700970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837869/; classtype:trojan-activity;sid:83700969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.78.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837868/; classtype:trojan-activity;sid:83700968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.160.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837867/; classtype:trojan-activity;sid:83700967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.57.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837866/; classtype:trojan-activity;sid:83700966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.20.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837865/; classtype:trojan-activity;sid:83700965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.254.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837864/; classtype:trojan-activity;sid:83700964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.98.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837863/; classtype:trojan-activity;sid:83700963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.135.247.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837862/; classtype:trojan-activity;sid:83700962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.78.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837861/; classtype:trojan-activity;sid:83700961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.244.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837859/; classtype:trojan-activity;sid:83700959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.188.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837860/; classtype:trojan-activity;sid:83700960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.79.188.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837857/; classtype:trojan-activity;sid:83700957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.235.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837858/; classtype:trojan-activity;sid:83700958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.78.77.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837856/; classtype:trojan-activity;sid:83700956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.20.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837855/; classtype:trojan-activity;sid:83700955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.34.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837854/; classtype:trojan-activity;sid:83700954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.194.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837853/; classtype:trojan-activity;sid:83700953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/capibara/"; depth:10; endswith; nocase; http.host; content:"176.113.115.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837852/; classtype:trojan-activity;sid:83700952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837851/; classtype:trojan-activity;sid:83700951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.244.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837850/; classtype:trojan-activity;sid:83700950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.184.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837849/; classtype:trojan-activity;sid:83700949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.215.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837848/; classtype:trojan-activity;sid:83700948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.226.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837847/; classtype:trojan-activity;sid:83700947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.49.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837846/; classtype:trojan-activity;sid:83700946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.20.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837845/; classtype:trojan-activity;sid:83700945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.97.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837843/; classtype:trojan-activity;sid:83700943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.181.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837844/; classtype:trojan-activity;sid:83700944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.244.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837842/; classtype:trojan-activity;sid:83700942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837840/; classtype:trojan-activity;sid:83700940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.18.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837841/; classtype:trojan-activity;sid:83700941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.119.199.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837839/; classtype:trojan-activity;sid:83700939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837838/; classtype:trojan-activity;sid:83700938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837837/; classtype:trojan-activity;sid:83700937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.3.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837836/; classtype:trojan-activity;sid:83700936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837835/; classtype:trojan-activity;sid:83700935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.204.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837833/; classtype:trojan-activity;sid:83700933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.215.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837834/; classtype:trojan-activity;sid:83700934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.20.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837832/; classtype:trojan-activity;sid:83700932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.10.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837831/; classtype:trojan-activity;sid:83700931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837830/; classtype:trojan-activity;sid:83700930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.194.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837828/; classtype:trojan-activity;sid:83700928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.66.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837829/; classtype:trojan-activity;sid:83700929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.50.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837827/; classtype:trojan-activity;sid:83700927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.119.199.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837826/; classtype:trojan-activity;sid:83700926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.181.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837825/; classtype:trojan-activity;sid:83700925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837824/; classtype:trojan-activity;sid:83700924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.9.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837823/; classtype:trojan-activity;sid:83700923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.94.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837822/; classtype:trojan-activity;sid:83700922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.245.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837821/; classtype:trojan-activity;sid:83700921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.235.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837820/; classtype:trojan-activity;sid:83700920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.3.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837819/; classtype:trojan-activity;sid:83700919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837818/; classtype:trojan-activity;sid:83700918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837817/; classtype:trojan-activity;sid:83700917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9999"; depth:5; endswith; nocase; http.host; content:"192.207.62.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837816/; classtype:trojan-activity;sid:83700916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.213.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837815/; classtype:trojan-activity;sid:83700915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.66.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837814/; classtype:trojan-activity;sid:83700914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837813/; classtype:trojan-activity;sid:83700913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.7.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837812/; classtype:trojan-activity;sid:83700912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.9.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837811/; classtype:trojan-activity;sid:83700911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.33.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837810/; classtype:trojan-activity;sid:83700910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837809/; classtype:trojan-activity;sid:83700909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.92.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837808/; classtype:trojan-activity;sid:83700908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.203.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837807/; classtype:trojan-activity;sid:83700907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.178.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837806/; classtype:trojan-activity;sid:83700906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837805/; classtype:trojan-activity;sid:83700905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.64.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837804/; classtype:trojan-activity;sid:83700904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.213.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837803/; classtype:trojan-activity;sid:83700903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byfronbypass.html/css/mss/psojnzwt.exe"; depth:39; endswith; nocase; http.host; content:"ghuytyh45.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837801/; classtype:trojan-activity;sid:83700901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byfronbypass.html/css/mss/stelret.exe"; depth:38; endswith; nocase; http.host; content:"ghuytyh45.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837802/; classtype:trojan-activity;sid:83700902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byfronbypass.html/css/mss/chwms.exe"; depth:36; endswith; nocase; http.host; content:"ghuytyh45.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837800/; classtype:trojan-activity;sid:83700900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.11.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837799/; classtype:trojan-activity;sid:83700899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.38.217.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837797/; classtype:trojan-activity;sid:83700897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837798/; classtype:trojan-activity;sid:83700898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.92.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837796/; classtype:trojan-activity;sid:83700896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837795/; classtype:trojan-activity;sid:83700895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837794/; classtype:trojan-activity;sid:83700894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.48.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837793/; classtype:trojan-activity;sid:83700893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.229.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837791/; classtype:trojan-activity;sid:83700891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.243.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837792/; classtype:trojan-activity;sid:83700892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.81.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837790/; classtype:trojan-activity;sid:83700890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.173.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837789/; classtype:trojan-activity;sid:83700889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.80.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837788/; classtype:trojan-activity;sid:83700888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.215.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837787/; classtype:trojan-activity;sid:83700887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.213.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837783/; classtype:trojan-activity;sid:83700883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.179.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837784/; classtype:trojan-activity;sid:83700884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.8.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837785/; classtype:trojan-activity;sid:83700885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.229.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837786/; classtype:trojan-activity;sid:83700886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.132.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837782/; classtype:trojan-activity;sid:83700882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837781/; classtype:trojan-activity;sid:83700881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.205.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837780/; classtype:trojan-activity;sid:83700880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.142.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837779/; classtype:trojan-activity;sid:83700879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837778/; classtype:trojan-activity;sid:83700878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837774/; classtype:trojan-activity;sid:83700874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837775/; classtype:trojan-activity;sid:83700875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4tl"; depth:8; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837776/; classtype:trojan-activity;sid:83700876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837777/; classtype:trojan-activity;sid:83700877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837770/; classtype:trojan-activity;sid:83700870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837771/; classtype:trojan-activity;sid:83700871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837772/; classtype:trojan-activity;sid:83700872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837773/; classtype:trojan-activity;sid:83700873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837767/; classtype:trojan-activity;sid:83700867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837768/; classtype:trojan-activity;sid:83700868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.206.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837769/; classtype:trojan-activity;sid:83700869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4eb"; depth:8; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837765/; classtype:trojan-activity;sid:83700865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc700"; depth:7; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837766/; classtype:trojan-activity;sid:83700866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837759/; classtype:trojan-activity;sid:83700859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837760/; classtype:trojan-activity;sid:83700860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837761/; classtype:trojan-activity;sid:83700861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837762/; classtype:trojan-activity;sid:83700862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837763/; classtype:trojan-activity;sid:83700863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837764/; classtype:trojan-activity;sid:83700864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.216.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837758/; classtype:trojan-activity;sid:83700858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t76434567000.exe"; depth:17; endswith; nocase; http.host; content:"baitalasma.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837757/; classtype:trojan-activity;sid:83700857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.205.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837756/; classtype:trojan-activity;sid:83700856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.177.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837755/; classtype:trojan-activity;sid:83700855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.147.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837754/; classtype:trojan-activity;sid:83700854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837753/; classtype:trojan-activity;sid:83700853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.142.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837751/; classtype:trojan-activity;sid:83700851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.216.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837752/; classtype:trojan-activity;sid:83700852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.124.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837750/; classtype:trojan-activity;sid:83700850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837749/; classtype:trojan-activity;sid:83700849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.35.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837748/; classtype:trojan-activity;sid:83700848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.146.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837747/; classtype:trojan-activity;sid:83700847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.177.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837746/; classtype:trojan-activity;sid:83700846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.206.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837745/; classtype:trojan-activity;sid:83700845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.188.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837744/; classtype:trojan-activity;sid:83700844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.157.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837743/; classtype:trojan-activity;sid:83700843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.200.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837742/; classtype:trojan-activity;sid:83700842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/twentytwentytwo/dark.hta"; depth:43; endswith; nocase; http.host; content:"linktoxic34.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837741/; classtype:trojan-activity;sid:83700841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.198.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837740/; classtype:trojan-activity;sid:83700840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkdsoriqv105.bin"; depth:17; endswith; nocase; http.host; content:"87.121.105.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837737/; classtype:trojan-activity;sid:83700837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.51.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837738/; classtype:trojan-activity;sid:83700838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oxaluria209.smi"; depth:16; endswith; nocase; http.host; content:"87.121.105.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837739/; classtype:trojan-activity;sid:83700839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.196.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837736/; classtype:trojan-activity;sid:83700836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837735/; classtype:trojan-activity;sid:83700835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.163.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837734/; classtype:trojan-activity;sid:83700834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/pz7nj"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837733/; classtype:trojan-activity;sid:83700833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ecmz7z04"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837732/; classtype:trojan-activity;sid:83700832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byfronbypass.html/css/mss/brukie.exe"; depth:37; endswith; nocase; http.host; content:"ghuytyh45.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837731/; classtype:trojan-activity;sid:83700831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nm/xwomay.txt"; depth:14; endswith; nocase; http.host; content:"www.evolve27.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837730/; classtype:trojan-activity;sid:83700830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nm/hvapril.txt"; depth:15; endswith; nocase; http.host; content:"www.evolve27.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837729/; classtype:trojan-activity;sid:83700829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.198.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837727/; classtype:trojan-activity;sid:83700827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.141.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837728/; classtype:trojan-activity;sid:83700828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/vp3shfzm"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837726/; classtype:trojan-activity;sid:83700826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eskgbins.sh"; depth:12; endswith; nocase; http.host; content:"93.123.85.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837725/; classtype:trojan-activity;sid:83700825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837723/; classtype:trojan-activity;sid:83700823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yoyobins.sh"; depth:12; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837724/; classtype:trojan-activity;sid:83700824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.185.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837722/; classtype:trojan-activity;sid:83700822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.146.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837721/; classtype:trojan-activity;sid:83700821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837718/; classtype:trojan-activity;sid:83700818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=14bqcncn4lhjm2gfztm2rvem8n7w_fwok"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837719/; classtype:trojan-activity;sid:83700819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=10m-gy1p-loat1a8cnaeuutobbttqx9wa"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837720/; classtype:trojan-activity;sid:83700820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.225.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837717/; classtype:trojan-activity;sid:83700817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.11.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837716/; classtype:trojan-activity;sid:83700816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.204.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837715/; classtype:trojan-activity;sid:83700815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837714/; classtype:trojan-activity;sid:83700814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837713/; classtype:trojan-activity;sid:83700813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.240.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837712/; classtype:trojan-activity;sid:83700812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.229.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837711/; classtype:trojan-activity;sid:83700811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.51.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837710/; classtype:trojan-activity;sid:83700810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.25.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837709/; classtype:trojan-activity;sid:83700809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837707/; classtype:trojan-activity;sid:83700807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837708/; classtype:trojan-activity;sid:83700808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.198.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837706/; classtype:trojan-activity;sid:83700806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.34.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837705/; classtype:trojan-activity;sid:83700805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.125.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837704/; classtype:trojan-activity;sid:83700804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.161.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837703/; classtype:trojan-activity;sid:83700803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.163.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837702/; classtype:trojan-activity;sid:83700802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837701/; classtype:trojan-activity;sid:83700801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.141.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837700/; classtype:trojan-activity;sid:83700800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gr22.zip"; depth:9; endswith; nocase; http.host; content:"xn42553358.servegame.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837699/; classtype:trojan-activity;sid:83700799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/br03.zip"; depth:9; endswith; nocase; http.host; content:"158.69.171.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837698/; classtype:trojan-activity;sid:83700798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"8.217.250.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837697/; classtype:trojan-activity;sid:83700797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"129.144.180.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837696/; classtype:trojan-activity;sid:83700796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"168.119.173.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837695/; classtype:trojan-activity;sid:83700795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shk"; depth:4; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837694/; classtype:trojan-activity;sid:83700794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.198.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837693/; classtype:trojan-activity;sid:83700793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.185.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837692/; classtype:trojan-activity;sid:83700792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.125.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837691/; classtype:trojan-activity;sid:83700791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837690/; classtype:trojan-activity;sid:83700790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.240.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837689/; classtype:trojan-activity;sid:83700789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837688/; classtype:trojan-activity;sid:83700788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837687/; classtype:trojan-activity;sid:83700787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.231.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837685/; classtype:trojan-activity;sid:83700785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.25.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837686/; classtype:trojan-activity;sid:83700786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.25.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837684/; classtype:trojan-activity;sid:83700784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.177.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837683/; classtype:trojan-activity;sid:83700783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.164.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837682/; classtype:trojan-activity;sid:83700782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.18.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837678/; classtype:trojan-activity;sid:83700778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837679/; classtype:trojan-activity;sid:83700779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.122.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837680/; classtype:trojan-activity;sid:83700780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.229.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837681/; classtype:trojan-activity;sid:83700781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.161.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837677/; classtype:trojan-activity;sid:83700777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837676/; classtype:trojan-activity;sid:83700776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.254.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837675/; classtype:trojan-activity;sid:83700775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.251.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837674/; classtype:trojan-activity;sid:83700774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.229.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837673/; classtype:trojan-activity;sid:83700773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.40.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837672/; classtype:trojan-activity;sid:83700772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.58.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837671/; classtype:trojan-activity;sid:83700771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.60.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837670/; classtype:trojan-activity;sid:83700770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.122.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837669/; classtype:trojan-activity;sid:83700769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.61.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837668/; classtype:trojan-activity;sid:83700768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837667/; classtype:trojan-activity;sid:83700767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837666/; classtype:trojan-activity;sid:83700766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.66.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837665/; classtype:trojan-activity;sid:83700765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.101.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837664/; classtype:trojan-activity;sid:83700764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.231.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837663/; classtype:trojan-activity;sid:83700763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.85.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837662/; classtype:trojan-activity;sid:83700762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.35.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837661/; classtype:trojan-activity;sid:83700761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.92.82.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837659/; classtype:trojan-activity;sid:83700759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.173.137.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837660/; classtype:trojan-activity;sid:83700760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.178.199.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837657/; classtype:trojan-activity;sid:83700757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.54.98.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837658/; classtype:trojan-activity;sid:83700758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.159.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837656/; classtype:trojan-activity;sid:83700756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.198.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837654/; classtype:trojan-activity;sid:83700754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.195.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837655/; classtype:trojan-activity;sid:83700755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.32.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837651/; classtype:trojan-activity;sid:83700751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.35.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837652/; classtype:trojan-activity;sid:83700752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.64.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837653/; classtype:trojan-activity;sid:83700753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.254.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837650/; classtype:trojan-activity;sid:83700750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837649/; classtype:trojan-activity;sid:83700749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837648/; classtype:trojan-activity;sid:83700748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.160.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837647/; classtype:trojan-activity;sid:83700747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837646/; classtype:trojan-activity;sid:83700746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.87.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837645/; classtype:trojan-activity;sid:83700745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.35.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837644/; classtype:trojan-activity;sid:83700744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837643/; classtype:trojan-activity;sid:83700743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.85.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837641/; classtype:trojan-activity;sid:83700741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837642/; classtype:trojan-activity;sid:83700742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.35.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837640/; classtype:trojan-activity;sid:83700740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.60.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837639/; classtype:trojan-activity;sid:83700739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.250.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837638/; classtype:trojan-activity;sid:83700738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.250.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837637/; classtype:trojan-activity;sid:83700737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.178.199.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837636/; classtype:trojan-activity;sid:83700736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.32.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837635/; classtype:trojan-activity;sid:83700735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.159.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837634/; classtype:trojan-activity;sid:83700734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.183.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837633/; classtype:trojan-activity;sid:83700733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837632/; classtype:trojan-activity;sid:83700732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.179.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837631/; classtype:trojan-activity;sid:83700731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.175.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837630/; classtype:trojan-activity;sid:83700730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.149.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837629/; classtype:trojan-activity;sid:83700729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.53.42.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837628/; classtype:trojan-activity;sid:83700728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.87.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837627/; classtype:trojan-activity;sid:83700727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.33.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837626/; classtype:trojan-activity;sid:83700726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.13.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837625/; classtype:trojan-activity;sid:83700725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837624/; classtype:trojan-activity;sid:83700724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.162.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837623/; classtype:trojan-activity;sid:83700723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.217.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837622/; classtype:trojan-activity;sid:83700722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.42.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837620/; classtype:trojan-activity;sid:83700720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.175.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837621/; classtype:trojan-activity;sid:83700721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.27.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837619/; classtype:trojan-activity;sid:83700719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.254.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837616/; classtype:trojan-activity;sid:83700716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.60.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837617/; classtype:trojan-activity;sid:83700717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.250.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837618/; classtype:trojan-activity;sid:83700718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837615/; classtype:trojan-activity;sid:83700715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837614/; classtype:trojan-activity;sid:83700714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.65.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837612/; classtype:trojan-activity;sid:83700712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.156.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837613/; classtype:trojan-activity;sid:83700713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.217.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837611/; classtype:trojan-activity;sid:83700711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.10.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837610/; classtype:trojan-activity;sid:83700710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.177.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837609/; classtype:trojan-activity;sid:83700709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.87.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837607/; classtype:trojan-activity;sid:83700707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/syncq.exe"; depth:16; endswith; nocase; http.host; content:"161.35.56.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837608/; classtype:trojan-activity;sid:83700708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.222.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837606/; classtype:trojan-activity;sid:83700706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.164.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837605/; classtype:trojan-activity;sid:83700705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.149.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837604/; classtype:trojan-activity;sid:83700704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.35.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837603/; classtype:trojan-activity;sid:83700703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.166.5.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837602/; classtype:trojan-activity;sid:83700702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.33.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837601/; classtype:trojan-activity;sid:83700701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837600/; classtype:trojan-activity;sid:83700700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.253.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837599/; classtype:trojan-activity;sid:83700699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.200.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837598/; classtype:trojan-activity;sid:83700698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.27.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837597/; classtype:trojan-activity;sid:83700697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.13.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837596/; classtype:trojan-activity;sid:83700696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837595/; classtype:trojan-activity;sid:83700695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.105.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837594/; classtype:trojan-activity;sid:83700694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.166.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837593/; classtype:trojan-activity;sid:83700693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.10.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837592/; classtype:trojan-activity;sid:83700692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.164.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837591/; classtype:trojan-activity;sid:83700691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.77.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837589/; classtype:trojan-activity;sid:83700689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.250.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837590/; classtype:trojan-activity;sid:83700690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.57.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837588/; classtype:trojan-activity;sid:83700688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.238.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837587/; classtype:trojan-activity;sid:83700687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.226.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837586/; classtype:trojan-activity;sid:83700686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837585/; classtype:trojan-activity;sid:83700685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.178.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837584/; classtype:trojan-activity;sid:83700684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.53.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837583/; classtype:trojan-activity;sid:83700683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.166.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837582/; classtype:trojan-activity;sid:83700682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.17.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837581/; classtype:trojan-activity;sid:83700681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837580/; classtype:trojan-activity;sid:83700680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837579/; classtype:trojan-activity;sid:83700679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.10.89.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837578/; classtype:trojan-activity;sid:83700678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.177.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837577/; classtype:trojan-activity;sid:83700677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837576/; classtype:trojan-activity;sid:83700676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.exe"; depth:6; endswith; nocase; http.host; content:"sp-1300355179.cos.ap-shanghai.myqcloud.com"; depth:42; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837575/; classtype:trojan-activity;sid:83700675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.57.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837573/; classtype:trojan-activity;sid:83700673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/ukca.exe"; depth:14; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837574/; classtype:trojan-activity;sid:83700674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837572/; classtype:trojan-activity;sid:83700672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.226.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837571/; classtype:trojan-activity;sid:83700671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.222.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837570/; classtype:trojan-activity;sid:83700670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.81.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837569/; classtype:trojan-activity;sid:83700669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.239.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837568/; classtype:trojan-activity;sid:83700668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.149.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837567/; classtype:trojan-activity;sid:83700667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.54.188.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837566/; classtype:trojan-activity;sid:83700666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.100.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837565/; classtype:trojan-activity;sid:83700665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.77.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837564/; classtype:trojan-activity;sid:83700664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837563/; classtype:trojan-activity;sid:83700663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837562/; classtype:trojan-activity;sid:83700662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.205.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837561/; classtype:trojan-activity;sid:83700661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.149.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837560/; classtype:trojan-activity;sid:83700660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.177.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837559/; classtype:trojan-activity;sid:83700659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.11.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837558/; classtype:trojan-activity;sid:83700658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.81.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837557/; classtype:trojan-activity;sid:83700657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.212.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837556/; classtype:trojan-activity;sid:83700656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.77.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837555/; classtype:trojan-activity;sid:83700655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.239.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837554/; classtype:trojan-activity;sid:83700654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.144.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837553/; classtype:trojan-activity;sid:83700653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.211.56.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837552/; classtype:trojan-activity;sid:83700652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.205.40.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837551/; classtype:trojan-activity;sid:83700651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.118.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837550/; classtype:trojan-activity;sid:83700650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.243.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837549/; classtype:trojan-activity;sid:83700649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"bzo.demo.betterbuiltdogs.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837548/; classtype:trojan-activity;sid:83700648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.188.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837547/; classtype:trojan-activity;sid:83700647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.0.253.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837546/; classtype:trojan-activity;sid:83700646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.213.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837545/; classtype:trojan-activity;sid:83700645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/khxf80t6conphyb.exe"; depth:25; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837544/; classtype:trojan-activity;sid:83700644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.198.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837543/; classtype:trojan-activity;sid:83700643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.55.231.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837541/; classtype:trojan-activity;sid:83700641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.31.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837542/; classtype:trojan-activity;sid:83700642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.53.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837540/; classtype:trojan-activity;sid:83700640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.77.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837539/; classtype:trojan-activity;sid:83700639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.4.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837538/; classtype:trojan-activity;sid:83700638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.60.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837537/; classtype:trojan-activity;sid:83700637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.167.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837536/; classtype:trojan-activity;sid:83700636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.190.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837535/; classtype:trojan-activity;sid:83700635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837534/; classtype:trojan-activity;sid:83700634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.144.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837533/; classtype:trojan-activity;sid:83700633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.176.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837532/; classtype:trojan-activity;sid:83700632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.0.253.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837531/; classtype:trojan-activity;sid:83700631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.193.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837530/; classtype:trojan-activity;sid:83700630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.212.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837529/; classtype:trojan-activity;sid:83700629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.167.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837528/; classtype:trojan-activity;sid:83700628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.41.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837527/; classtype:trojan-activity;sid:83700627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.249.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837525/; classtype:trojan-activity;sid:83700625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837526/; classtype:trojan-activity;sid:83700626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.60.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837524/; classtype:trojan-activity;sid:83700624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.102.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837523/; classtype:trojan-activity;sid:83700623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.199.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837522/; classtype:trojan-activity;sid:83700622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837521/; classtype:trojan-activity;sid:83700621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.7.231.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837520/; classtype:trojan-activity;sid:83700620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837519/; classtype:trojan-activity;sid:83700619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.218.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837518/; classtype:trojan-activity;sid:83700618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.92.82.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837517/; classtype:trojan-activity;sid:83700617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.192.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837516/; classtype:trojan-activity;sid:83700616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837515/; classtype:trojan-activity;sid:83700615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.9.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837513/; classtype:trojan-activity;sid:83700613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.55.137.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837514/; classtype:trojan-activity;sid:83700614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.59.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837512/; classtype:trojan-activity;sid:83700612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837511/; classtype:trojan-activity;sid:83700611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837509/; classtype:trojan-activity;sid:83700609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.61.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837510/; classtype:trojan-activity;sid:83700610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.127.95.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837508/; classtype:trojan-activity;sid:83700608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.180.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837507/; classtype:trojan-activity;sid:83700607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.81.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837506/; classtype:trojan-activity;sid:83700606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837504/; classtype:trojan-activity;sid:83700604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.255.20.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837505/; classtype:trojan-activity;sid:83700605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.85.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837503/; classtype:trojan-activity;sid:83700603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.156.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837502/; classtype:trojan-activity;sid:83700602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.10.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837501/; classtype:trojan-activity;sid:83700601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.42.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837499/; classtype:trojan-activity;sid:83700599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.244.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837500/; classtype:trojan-activity;sid:83700600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.227.95.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837498/; classtype:trojan-activity;sid:83700598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837497/; classtype:trojan-activity;sid:83700597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.134.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837494/; classtype:trojan-activity;sid:83700594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.125.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837495/; classtype:trojan-activity;sid:83700595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837496/; classtype:trojan-activity;sid:83700596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.178.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837493/; classtype:trojan-activity;sid:83700593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837492/; classtype:trojan-activity;sid:83700592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837491/; classtype:trojan-activity;sid:83700591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.225.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837490/; classtype:trojan-activity;sid:83700590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.133.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837489/; classtype:trojan-activity;sid:83700589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837488/; classtype:trojan-activity;sid:83700588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.85.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837487/; classtype:trojan-activity;sid:83700587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.10.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837486/; classtype:trojan-activity;sid:83700586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.134.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837485/; classtype:trojan-activity;sid:83700585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.156.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837484/; classtype:trojan-activity;sid:83700584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.240.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837483/; classtype:trojan-activity;sid:83700583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.155.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837482/; classtype:trojan-activity;sid:83700582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.27.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837481/; classtype:trojan-activity;sid:83700581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.38.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837479/; classtype:trojan-activity;sid:83700579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837480/; classtype:trojan-activity;sid:83700580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.125.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837478/; classtype:trojan-activity;sid:83700578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.209.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837477/; classtype:trojan-activity;sid:83700577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.32.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837476/; classtype:trojan-activity;sid:83700576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837475/; classtype:trojan-activity;sid:83700575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837474/; classtype:trojan-activity;sid:83700574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837473/; classtype:trojan-activity;sid:83700573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.22.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837472/; classtype:trojan-activity;sid:83700572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.232.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837471/; classtype:trojan-activity;sid:83700571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.93.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837470/; classtype:trojan-activity;sid:83700570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.109.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837469/; classtype:trojan-activity;sid:83700569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837468/; classtype:trojan-activity;sid:83700568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837467/; classtype:trojan-activity;sid:83700567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.183.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837466/; classtype:trojan-activity;sid:83700566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.226.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837464/; classtype:trojan-activity;sid:83700564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.209.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837465/; classtype:trojan-activity;sid:83700565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.118.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837463/; classtype:trojan-activity;sid:83700563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.98.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837462/; classtype:trojan-activity;sid:83700562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.38.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837461/; classtype:trojan-activity;sid:83700561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.240.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837460/; classtype:trojan-activity;sid:83700560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.12.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837459/; classtype:trojan-activity;sid:83700559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.232.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837458/; classtype:trojan-activity;sid:83700558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.222.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837457/; classtype:trojan-activity;sid:83700557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.4.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837456/; classtype:trojan-activity;sid:83700556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.240.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837455/; classtype:trojan-activity;sid:83700555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.109.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837454/; classtype:trojan-activity;sid:83700554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837453/; classtype:trojan-activity;sid:83700553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837452/; classtype:trojan-activity;sid:83700552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837451/; classtype:trojan-activity;sid:83700551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.211.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837450/; classtype:trojan-activity;sid:83700550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.98.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837449/; classtype:trojan-activity;sid:83700549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.240.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837448/; classtype:trojan-activity;sid:83700548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.188.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837447/; classtype:trojan-activity;sid:83700547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.196.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837446/; classtype:trojan-activity;sid:83700546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.153.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837445/; classtype:trojan-activity;sid:83700545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.237.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837444/; classtype:trojan-activity;sid:83700544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.148.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837443/; classtype:trojan-activity;sid:83700543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.157.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837442/; classtype:trojan-activity;sid:83700542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.218.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837441/; classtype:trojan-activity;sid:83700541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.78.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837440/; classtype:trojan-activity;sid:83700540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.15.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837439/; classtype:trojan-activity;sid:83700539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.204.197.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837438/; classtype:trojan-activity;sid:83700538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.114.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837437/; classtype:trojan-activity;sid:83700537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.27.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837436/; classtype:trojan-activity;sid:83700536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.21.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837435/; classtype:trojan-activity;sid:83700535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837434/; classtype:trojan-activity;sid:83700534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.57.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837432/; classtype:trojan-activity;sid:83700532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.187.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837433/; classtype:trojan-activity;sid:83700533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.188.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837431/; classtype:trojan-activity;sid:83700531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.148.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837430/; classtype:trojan-activity;sid:83700530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.153.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837429/; classtype:trojan-activity;sid:83700529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.51.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837428/; classtype:trojan-activity;sid:83700528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.3.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837426/; classtype:trojan-activity;sid:83700526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.196.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837427/; classtype:trojan-activity;sid:83700527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.149.165.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837425/; classtype:trojan-activity;sid:83700525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.237.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837424/; classtype:trojan-activity;sid:83700524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.218.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837423/; classtype:trojan-activity;sid:83700523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.78.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837422/; classtype:trojan-activity;sid:83700522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.43.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837421/; classtype:trojan-activity;sid:83700521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.57.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837420/; classtype:trojan-activity;sid:83700520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837419/; classtype:trojan-activity;sid:83700519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.15.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837418/; classtype:trojan-activity;sid:83700518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.27.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837417/; classtype:trojan-activity;sid:83700517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.243.157.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837416/; classtype:trojan-activity;sid:83700516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.21.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837415/; classtype:trojan-activity;sid:83700515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.90.68.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837414/; classtype:trojan-activity;sid:83700514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.187.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837413/; classtype:trojan-activity;sid:83700513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.233.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837412/; classtype:trojan-activity;sid:83700512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837411/; classtype:trojan-activity;sid:83700511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.179.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837409/; classtype:trojan-activity;sid:83700509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.94.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837410/; classtype:trojan-activity;sid:83700510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.249.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837408/; classtype:trojan-activity;sid:83700508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.164.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837407/; classtype:trojan-activity;sid:83700507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.41.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837406/; classtype:trojan-activity;sid:83700506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837405/; classtype:trojan-activity;sid:83700505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.25.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837404/; classtype:trojan-activity;sid:83700504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.216.34.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837403/; classtype:trojan-activity;sid:83700503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.189.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837402/; classtype:trojan-activity;sid:83700502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.223.130.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837401/; classtype:trojan-activity;sid:83700501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.90.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837400/; classtype:trojan-activity;sid:83700500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.36.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837399/; classtype:trojan-activity;sid:83700499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.53.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837398/; classtype:trojan-activity;sid:83700498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.250.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837397/; classtype:trojan-activity;sid:83700497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837396/; classtype:trojan-activity;sid:83700496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.239.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837395/; classtype:trojan-activity;sid:83700495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.74"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837394/; classtype:trojan-activity;sid:83700494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837393/; classtype:trojan-activity;sid:83700493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.104.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837392/; classtype:trojan-activity;sid:83700492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.83.184.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837391/; classtype:trojan-activity;sid:83700491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.92.144.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837390/; classtype:trojan-activity;sid:83700490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.179.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837389/; classtype:trojan-activity;sid:83700489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.94.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837388/; classtype:trojan-activity;sid:83700488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.164.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837387/; classtype:trojan-activity;sid:83700487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.25.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837386/; classtype:trojan-activity;sid:83700486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837385/; classtype:trojan-activity;sid:83700485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837384/; classtype:trojan-activity;sid:83700484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.172.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837383/; classtype:trojan-activity;sid:83700483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.72.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837382/; classtype:trojan-activity;sid:83700482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837381/; classtype:trojan-activity;sid:83700481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.113.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837380/; classtype:trojan-activity;sid:83700480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.90.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837379/; classtype:trojan-activity;sid:83700479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.150.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837378/; classtype:trojan-activity;sid:83700478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837377/; classtype:trojan-activity;sid:83700477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.239.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837376/; classtype:trojan-activity;sid:83700476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.4.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837375/; classtype:trojan-activity;sid:83700475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.52.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837374/; classtype:trojan-activity;sid:83700474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.30.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837373/; classtype:trojan-activity;sid:83700473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.188.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837372/; classtype:trojan-activity;sid:83700472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.18.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837370/; classtype:trojan-activity;sid:83700470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.4.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837371/; classtype:trojan-activity;sid:83700471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.72.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837369/; classtype:trojan-activity;sid:83700469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.250.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837368/; classtype:trojan-activity;sid:83700468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837367/; classtype:trojan-activity;sid:83700467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.94.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837366/; classtype:trojan-activity;sid:83700466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.113.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837365/; classtype:trojan-activity;sid:83700465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837364/; classtype:trojan-activity;sid:83700464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.90.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837363/; classtype:trojan-activity;sid:83700463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.101.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837361/; classtype:trojan-activity;sid:83700461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.179.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837362/; classtype:trojan-activity;sid:83700462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.234.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837360/; classtype:trojan-activity;sid:83700460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.80.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837359/; classtype:trojan-activity;sid:83700459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.46.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837358/; classtype:trojan-activity;sid:83700458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.97.148.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837357/; classtype:trojan-activity;sid:83700457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.29.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837356/; classtype:trojan-activity;sid:83700456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837355/; classtype:trojan-activity;sid:83700455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"61.83.215.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837354/; classtype:trojan-activity;sid:83700454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.225.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837353/; classtype:trojan-activity;sid:83700453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.55.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837352/; classtype:trojan-activity;sid:83700452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.57.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837351/; classtype:trojan-activity;sid:83700451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.215.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837350/; classtype:trojan-activity;sid:83700450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.0.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837349/; classtype:trojan-activity;sid:83700449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.134.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837348/; classtype:trojan-activity;sid:83700448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.72.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837347/; classtype:trojan-activity;sid:83700447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.29.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837346/; classtype:trojan-activity;sid:83700446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.240.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837345/; classtype:trojan-activity;sid:83700445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.30.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837344/; classtype:trojan-activity;sid:83700444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.155.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837343/; classtype:trojan-activity;sid:83700443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.72.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837342/; classtype:trojan-activity;sid:83700442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.240.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837341/; classtype:trojan-activity;sid:83700441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.97.148.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837340/; classtype:trojan-activity;sid:83700440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.21.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837339/; classtype:trojan-activity;sid:83700439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837338/; classtype:trojan-activity;sid:83700438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.181.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837337/; classtype:trojan-activity;sid:83700437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.254.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837336/; classtype:trojan-activity;sid:83700436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.225.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837335/; classtype:trojan-activity;sid:83700435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.55.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837334/; classtype:trojan-activity;sid:83700434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.3.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837333/; classtype:trojan-activity;sid:83700433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.149.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837332/; classtype:trojan-activity;sid:83700432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.215.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837331/; classtype:trojan-activity;sid:83700431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.155.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837329/; classtype:trojan-activity;sid:83700429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.134.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837330/; classtype:trojan-activity;sid:83700430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837328/; classtype:trojan-activity;sid:83700428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img2.jpg"; depth:9; endswith; nocase; http.host; content:"a0951248.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837327/; classtype:trojan-activity;sid:83700427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.147.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837326/; classtype:trojan-activity;sid:83700426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.18.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837325/; classtype:trojan-activity;sid:83700425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.183.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837324/; classtype:trojan-activity;sid:83700424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.222.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837321/; classtype:trojan-activity;sid:83700421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.49.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837322/; classtype:trojan-activity;sid:83700422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.65.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837323/; classtype:trojan-activity;sid:83700423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837320/; classtype:trojan-activity;sid:83700420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.147.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837319/; classtype:trojan-activity;sid:83700419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837318/; classtype:trojan-activity;sid:83700418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837317/; classtype:trojan-activity;sid:83700417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837316/; classtype:trojan-activity;sid:83700416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.94.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837315/; classtype:trojan-activity;sid:83700415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.26.175.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837314/; classtype:trojan-activity;sid:83700414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.95.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837313/; classtype:trojan-activity;sid:83700413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837312/; classtype:trojan-activity;sid:83700412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837311/; classtype:trojan-activity;sid:83700411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.54.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837310/; classtype:trojan-activity;sid:83700410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.12.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837309/; classtype:trojan-activity;sid:83700409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.78.30.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837308/; classtype:trojan-activity;sid:83700408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whserver.exe"; depth:13; endswith; nocase; http.host; content:"1.92.90.232"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837307/; classtype:trojan-activity;sid:83700407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.9.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837306/; classtype:trojan-activity;sid:83700406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.111.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837305/; classtype:trojan-activity;sid:83700405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837304/; classtype:trojan-activity;sid:83700404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837303/; classtype:trojan-activity;sid:83700403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837302/; classtype:trojan-activity;sid:83700402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837301/; classtype:trojan-activity;sid:83700401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.84.159.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837300/; classtype:trojan-activity;sid:83700400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837299/; classtype:trojan-activity;sid:83700399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.158.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837298/; classtype:trojan-activity;sid:83700398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837297/; classtype:trojan-activity;sid:83700397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.208.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837296/; classtype:trojan-activity;sid:83700396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.139.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837295/; classtype:trojan-activity;sid:83700395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.52.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837294/; classtype:trojan-activity;sid:83700394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.84.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837293/; classtype:trojan-activity;sid:83700393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.78.30.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837292/; classtype:trojan-activity;sid:83700392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"156.155.112.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837290/; classtype:trojan-activity;sid:83700390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.9.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837291/; classtype:trojan-activity;sid:83700391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.95.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837289/; classtype:trojan-activity;sid:83700389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.33.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837288/; classtype:trojan-activity;sid:83700388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837287/; classtype:trojan-activity;sid:83700387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837286/; classtype:trojan-activity;sid:83700386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.71.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837285/; classtype:trojan-activity;sid:83700385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.232.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837284/; classtype:trojan-activity;sid:83700384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.255.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837283/; classtype:trojan-activity;sid:83700383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.86.71.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837282/; classtype:trojan-activity;sid:83700382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837281/; classtype:trojan-activity;sid:83700381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.10.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837280/; classtype:trojan-activity;sid:83700380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.231.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837279/; classtype:trojan-activity;sid:83700379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.36.223.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837278/; classtype:trojan-activity;sid:83700378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.159.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837277/; classtype:trojan-activity;sid:83700377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.165.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837276/; classtype:trojan-activity;sid:83700376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.190.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837274/; classtype:trojan-activity;sid:83700374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.233.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837275/; classtype:trojan-activity;sid:83700375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.204.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837273/; classtype:trojan-activity;sid:83700373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.139.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837272/; classtype:trojan-activity;sid:83700372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.64.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837271/; classtype:trojan-activity;sid:83700371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.208.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837270/; classtype:trojan-activity;sid:83700370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.84.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837269/; classtype:trojan-activity;sid:83700369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.244.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837268/; classtype:trojan-activity;sid:83700368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.141.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837267/; classtype:trojan-activity;sid:83700367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.33.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837265/; classtype:trojan-activity;sid:83700365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.199.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837266/; classtype:trojan-activity;sid:83700366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.36.223.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837264/; classtype:trojan-activity;sid:83700364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837263/; classtype:trojan-activity;sid:83700363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.10.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837262/; classtype:trojan-activity;sid:83700362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.64.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837261/; classtype:trojan-activity;sid:83700361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.242.43.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837259/; classtype:trojan-activity;sid:83700359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837260/; classtype:trojan-activity;sid:83700360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.190.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837258/; classtype:trojan-activity;sid:83700358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.244.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837257/; classtype:trojan-activity;sid:83700357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.91.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837256/; classtype:trojan-activity;sid:83700356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.194.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837255/; classtype:trojan-activity;sid:83700355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.15.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837254/; classtype:trojan-activity;sid:83700354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.153.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837253/; classtype:trojan-activity;sid:83700353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.142.190.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837252/; classtype:trojan-activity;sid:83700352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837251/; classtype:trojan-activity;sid:83700351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.163.252.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837250/; classtype:trojan-activity;sid:83700350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.118.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837249/; classtype:trojan-activity;sid:83700349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.82.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837248/; classtype:trojan-activity;sid:83700348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"npwfg.demo.betterbuiltdogs.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837247/; classtype:trojan-activity;sid:83700347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837246/; classtype:trojan-activity;sid:83700346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.234.186.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837245/; classtype:trojan-activity;sid:83700345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.82.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837244/; classtype:trojan-activity;sid:83700344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.34.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837241/; classtype:trojan-activity;sid:83700341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.82.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837242/; classtype:trojan-activity;sid:83700342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.17.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837243/; classtype:trojan-activity;sid:83700343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.122.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837240/; classtype:trojan-activity;sid:83700340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.62.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837239/; classtype:trojan-activity;sid:83700339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.172.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837236/; classtype:trojan-activity;sid:83700336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.171.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837237/; classtype:trojan-activity;sid:83700337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.94.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837238/; classtype:trojan-activity;sid:83700338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.236.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837235/; classtype:trojan-activity;sid:83700335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837234/; classtype:trojan-activity;sid:83700334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.217.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837232/; classtype:trojan-activity;sid:83700332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.111.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837233/; classtype:trojan-activity;sid:83700333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.149.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837231/; classtype:trojan-activity;sid:83700331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.118.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837230/; classtype:trojan-activity;sid:83700330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.234.186.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837229/; classtype:trojan-activity;sid:83700329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837228/; classtype:trojan-activity;sid:83700328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.81.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837227/; classtype:trojan-activity;sid:83700327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.122.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837226/; classtype:trojan-activity;sid:83700326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.137.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837225/; classtype:trojan-activity;sid:83700325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.41.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837224/; classtype:trojan-activity;sid:83700324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.214.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837223/; classtype:trojan-activity;sid:83700323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.142.61.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837222/; classtype:trojan-activity;sid:83700322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.236.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837221/; classtype:trojan-activity;sid:83700321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.62.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837220/; classtype:trojan-activity;sid:83700320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.234.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837219/; classtype:trojan-activity;sid:83700319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.171.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837218/; classtype:trojan-activity;sid:83700318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837217/; classtype:trojan-activity;sid:83700317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.137.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837216/; classtype:trojan-activity;sid:83700316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"195.158.11.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837215/; classtype:trojan-activity;sid:83700315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.44.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837214/; classtype:trojan-activity;sid:83700314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"net.demo.betterbuiltdogs.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837213/; classtype:trojan-activity;sid:83700313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.234.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837212/; classtype:trojan-activity;sid:83700312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837211/; classtype:trojan-activity;sid:83700311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.223.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837210/; classtype:trojan-activity;sid:83700310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837209/; classtype:trojan-activity;sid:83700309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.26.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837208/; classtype:trojan-activity;sid:83700308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.171.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837206/; classtype:trojan-activity;sid:83700306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.64.74.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837207/; classtype:trojan-activity;sid:83700307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.158.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837205/; classtype:trojan-activity;sid:83700305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.44.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837203/; classtype:trojan-activity;sid:83700303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837204/; classtype:trojan-activity;sid:83700304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.205.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837202/; classtype:trojan-activity;sid:83700302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.200.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837201/; classtype:trojan-activity;sid:83700301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837200/; classtype:trojan-activity;sid:83700300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.121.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837199/; classtype:trojan-activity;sid:83700299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837198/; classtype:trojan-activity;sid:83700298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.254.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837197/; classtype:trojan-activity;sid:83700297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837196/; classtype:trojan-activity;sid:83700296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.231.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837193/; classtype:trojan-activity;sid:83700293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.226.38.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837194/; classtype:trojan-activity;sid:83700294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.44.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837195/; classtype:trojan-activity;sid:83700295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.234.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837191/; classtype:trojan-activity;sid:83700291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.92.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837192/; classtype:trojan-activity;sid:83700292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.158.11.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837190/; classtype:trojan-activity;sid:83700290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.205.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837189/; classtype:trojan-activity;sid:83700289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.95.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837188/; classtype:trojan-activity;sid:83700288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.53.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837187/; classtype:trojan-activity;sid:83700287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.205.30.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837186/; classtype:trojan-activity;sid:83700286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.91.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837185/; classtype:trojan-activity;sid:83700285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bupt"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837184/; classtype:trojan-activity;sid:83700284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.143.36.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837183/; classtype:trojan-activity;sid:83700283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.106.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837182/; classtype:trojan-activity;sid:83700282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837181/; classtype:trojan-activity;sid:83700281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837180/; classtype:trojan-activity;sid:83700280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.10.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837179/; classtype:trojan-activity;sid:83700279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.145.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837178/; classtype:trojan-activity;sid:83700278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.32.172.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837177/; classtype:trojan-activity;sid:83700277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.200.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837176/; classtype:trojan-activity;sid:83700276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.175.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837175/; classtype:trojan-activity;sid:83700275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.92.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837174/; classtype:trojan-activity;sid:83700274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.225.161.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837173/; classtype:trojan-activity;sid:83700273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837172/; classtype:trojan-activity;sid:83700272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.234.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837171/; classtype:trojan-activity;sid:83700271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.83.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837170/; classtype:trojan-activity;sid:83700270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.4.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837169/; classtype:trojan-activity;sid:83700269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.129.242.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837168/; classtype:trojan-activity;sid:83700268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.33.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837167/; classtype:trojan-activity;sid:83700267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.254.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837166/; classtype:trojan-activity;sid:83700266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.158.11.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837165/; classtype:trojan-activity;sid:83700265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.50.186.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837163/; classtype:trojan-activity;sid:83700263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.183.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837164/; classtype:trojan-activity;sid:83700264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.53.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837162/; classtype:trojan-activity;sid:83700262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837161/; classtype:trojan-activity;sid:83700261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.126.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837160/; classtype:trojan-activity;sid:83700260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.205.30.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837159/; classtype:trojan-activity;sid:83700259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837158/; classtype:trojan-activity;sid:83700258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.143.36.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837157/; classtype:trojan-activity;sid:83700257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.121.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837156/; classtype:trojan-activity;sid:83700256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.245.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837155/; classtype:trojan-activity;sid:83700255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.179.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837153/; classtype:trojan-activity;sid:83700253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837154/; classtype:trojan-activity;sid:83700254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837152/; classtype:trojan-activity;sid:83700252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.69.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837151/; classtype:trojan-activity;sid:83700251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.175.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837150/; classtype:trojan-activity;sid:83700250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.126.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837149/; classtype:trojan-activity;sid:83700249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.44.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837148/; classtype:trojan-activity;sid:83700248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.245.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837147/; classtype:trojan-activity;sid:83700247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.0.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837146/; classtype:trojan-activity;sid:83700246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.191.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837145/; classtype:trojan-activity;sid:83700245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.64.68.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837144/; classtype:trojan-activity;sid:83700244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.156.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837143/; classtype:trojan-activity;sid:83700243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837142/; classtype:trojan-activity;sid:83700242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837141/; classtype:trojan-activity;sid:83700241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.7.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837140/; classtype:trojan-activity;sid:83700240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.156.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837139/; classtype:trojan-activity;sid:83700239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837138/; classtype:trojan-activity;sid:83700238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.168.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837137/; classtype:trojan-activity;sid:83700237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.82.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837136/; classtype:trojan-activity;sid:83700236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.241.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837135/; classtype:trojan-activity;sid:83700235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.7.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837134/; classtype:trojan-activity;sid:83700234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.254.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837133/; classtype:trojan-activity;sid:83700233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.168.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837132/; classtype:trojan-activity;sid:83700232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.215.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837131/; classtype:trojan-activity;sid:83700231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837130/; classtype:trojan-activity;sid:83700230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.84.86.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837129/; classtype:trojan-activity;sid:83700229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.241.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837128/; classtype:trojan-activity;sid:83700228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.84.159.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837127/; classtype:trojan-activity;sid:83700227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.253.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837126/; classtype:trojan-activity;sid:83700226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837125/; classtype:trojan-activity;sid:83700225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.57.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837124/; classtype:trojan-activity;sid:83700224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.184.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837123/; classtype:trojan-activity;sid:83700223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.13.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837122/; classtype:trojan-activity;sid:83700222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.84.86.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837121/; classtype:trojan-activity;sid:83700221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837120/; classtype:trojan-activity;sid:83700220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.253.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837119/; classtype:trojan-activity;sid:83700219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.98.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837118/; classtype:trojan-activity;sid:83700218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837117/; classtype:trojan-activity;sid:83700217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ag_injector_latest.apk"; depth:23; endswith; nocase; http.host; content:"dl.aginjector.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.203.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837115/; classtype:trojan-activity;sid:83700215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837114/; classtype:trojan-activity;sid:83700214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.83.168.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837113/; classtype:trojan-activity;sid:83700213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.158.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837112/; classtype:trojan-activity;sid:83700212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837110/; classtype:trojan-activity;sid:83700210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.132.181.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837111/; classtype:trojan-activity;sid:83700211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"www.biancfdaslkljdsfkw.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837109/; classtype:trojan-activity;sid:83700209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//ready.apk"; depth:11; endswith; nocase; http.host; content:"8.210.106.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837108/; classtype:trojan-activity;sid:83700208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.254.55.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837107/; classtype:trojan-activity;sid:83700207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.5.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837106/; classtype:trojan-activity;sid:83700206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.118.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837105/; classtype:trojan-activity;sid:83700205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837104/; classtype:trojan-activity;sid:83700204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.32.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837103/; classtype:trojan-activity;sid:83700203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.185.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837102/; classtype:trojan-activity;sid:83700202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.118.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837101/; classtype:trojan-activity;sid:83700201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837100/; classtype:trojan-activity;sid:83700200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.122.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837099/; classtype:trojan-activity;sid:83700199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837098/; classtype:trojan-activity;sid:83700198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837097/; classtype:trojan-activity;sid:83700197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.235.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837096/; classtype:trojan-activity;sid:83700196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.154.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837095/; classtype:trojan-activity;sid:83700195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.240.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837094/; classtype:trojan-activity;sid:83700194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.241.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837093/; classtype:trojan-activity;sid:83700193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837092/; classtype:trojan-activity;sid:83700192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.232.66.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837091/; classtype:trojan-activity;sid:83700191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.146.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837090/; classtype:trojan-activity;sid:83700190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.185.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837089/; classtype:trojan-activity;sid:83700189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.218.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837088/; classtype:trojan-activity;sid:83700188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.218.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837086/; classtype:trojan-activity;sid:83700186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837087/; classtype:trojan-activity;sid:83700187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.59.107.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837085/; classtype:trojan-activity;sid:83700185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.243.157.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837084/; classtype:trojan-activity;sid:83700184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.1.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837082/; classtype:trojan-activity;sid:83700182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.154.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837083/; classtype:trojan-activity;sid:83700183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.122.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837081/; classtype:trojan-activity;sid:83700181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmq==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; depth:90; endswith; nocase; http.host; content:"77.105.147.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837080/; classtype:trojan-activity;sid:83700180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; depth:49; endswith; nocase; http.host; content:"94.156.79.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837079/; classtype:trojan-activity;sid:83700179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.1.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837078/; classtype:trojan-activity;sid:83700178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.11.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837077/; classtype:trojan-activity;sid:83700177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.235.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837076/; classtype:trojan-activity;sid:83700176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xp3x3bfmkfyx"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837075/; classtype:trojan-activity;sid:83700175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.5.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837074/; classtype:trojan-activity;sid:83700174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837073/; classtype:trojan-activity;sid:83700173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837072/; classtype:trojan-activity;sid:83700172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837070/; classtype:trojan-activity;sid:83700170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837071/; classtype:trojan-activity;sid:83700171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.95.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837069/; classtype:trojan-activity;sid:83700169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xdpoawnndlfp"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837068/; classtype:trojan-activity;sid:83700168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837067/; classtype:trojan-activity;sid:83700167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837066/; classtype:trojan-activity;sid:83700166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.200.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837065/; classtype:trojan-activity;sid:83700165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.241.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837064/; classtype:trojan-activity;sid:83700164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837063/; classtype:trojan-activity;sid:83700163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teaser.mp4"; depth:11; endswith; nocase; http.host; content:"94.156.68.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837057/; classtype:trojan-activity;sid:83700157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tutorial.mp4"; depth:13; endswith; nocase; http.host; content:"94.156.68.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837058/; classtype:trojan-activity;sid:83700158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/space.mp4"; depth:10; endswith; nocase; http.host; content:"94.156.68.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837059/; classtype:trojan-activity;sid:83700159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.mp4"; depth:6; endswith; nocase; http.host; content:"94.156.68.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837060/; classtype:trojan-activity;sid:83700160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/playkit.mp4"; depth:12; endswith; nocase; http.host; content:"94.156.68.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837061/; classtype:trojan-activity;sid:83700161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mesho.mp4"; depth:10; endswith; nocase; http.host; content:"94.156.68.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837062/; classtype:trojan-activity;sid:83700162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.191.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837056/; classtype:trojan-activity;sid:83700156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.201.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837055/; classtype:trojan-activity;sid:83700155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837054/; classtype:trojan-activity;sid:83700154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.50.186.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837052/; classtype:trojan-activity;sid:83700152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.0.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837053/; classtype:trojan-activity;sid:83700153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.120.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837051/; classtype:trojan-activity;sid:83700151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.247.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837050/; classtype:trojan-activity;sid:83700150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.146.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837049/; classtype:trojan-activity;sid:83700149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quwan/4.2.4/ddz_424.apk"; depth:24; endswith; nocase; http.host; content:"ddzandroid-1254106500.cos.ap-shanghai.myqcloud.com"; depth:50; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837048/; classtype:trojan-activity;sid:83700148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837047/; classtype:trojan-activity;sid:83700147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/speed1.apk"; depth:11; endswith; nocase; http.host; content:"8.210.106.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837046/; classtype:trojan-activity;sid:83700146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.94.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837045/; classtype:trojan-activity;sid:83700145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837044/; classtype:trojan-activity;sid:83700144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.104.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837041/; classtype:trojan-activity;sid:83700141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.137.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837042/; classtype:trojan-activity;sid:83700142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.212.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837043/; classtype:trojan-activity;sid:83700143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"185.93.68.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837040/; classtype:trojan-activity;sid:83700140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.148.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837039/; classtype:trojan-activity;sid:83700139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"193.222.96.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837038/; classtype:trojan-activity;sid:83700138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.202.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837037/; classtype:trojan-activity;sid:83700137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.210.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837036/; classtype:trojan-activity;sid:83700136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.105.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837035/; classtype:trojan-activity;sid:83700135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837034/; classtype:trojan-activity;sid:83700134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.145.22.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837032/; classtype:trojan-activity;sid:83700132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.145.22.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837033/; classtype:trojan-activity;sid:83700133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"47.57.184.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837031/; classtype:trojan-activity;sid:83700131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"47.57.184.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837030/; classtype:trojan-activity;sid:83700130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.85.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837029/; classtype:trojan-activity;sid:83700129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.113.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837028/; classtype:trojan-activity;sid:83700128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837027/; classtype:trojan-activity;sid:83700127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837026/; classtype:trojan-activity;sid:83700126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.94.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837025/; classtype:trojan-activity;sid:83700125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837024/; classtype:trojan-activity;sid:83700124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.66.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837023/; classtype:trojan-activity;sid:83700123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.133.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837022/; classtype:trojan-activity;sid:83700122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837014/; classtype:trojan-activity;sid:83700114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837015/; classtype:trojan-activity;sid:83700115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837016/; classtype:trojan-activity;sid:83700116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837017/; classtype:trojan-activity;sid:83700117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837018/; classtype:trojan-activity;sid:83700118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837019/; classtype:trojan-activity;sid:83700119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837020/; classtype:trojan-activity;sid:83700120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837021/; classtype:trojan-activity;sid:83700121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837012/; classtype:trojan-activity;sid:83700112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"204.76.203.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837013/; classtype:trojan-activity;sid:83700113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.86.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837011/; classtype:trojan-activity;sid:83700111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.3.243"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837009/; classtype:trojan-activity;sid:83700109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.85.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837010/; classtype:trojan-activity;sid:83700110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.173.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837008/; classtype:trojan-activity;sid:83700108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.58.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837007/; classtype:trojan-activity;sid:83700107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837006/; classtype:trojan-activity;sid:83700106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.247.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837005/; classtype:trojan-activity;sid:83700105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.91.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837004/; classtype:trojan-activity;sid:83700104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.164.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837003/; classtype:trojan-activity;sid:83700103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837002/; classtype:trojan-activity;sid:83700102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.105.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837001/; classtype:trojan-activity;sid:83700101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837000/; classtype:trojan-activity;sid:83700100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.27.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836999/; classtype:trojan-activity;sid:83700099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.88.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836998/; classtype:trojan-activity;sid:83700098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836997/; classtype:trojan-activity;sid:83700097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.48.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836995/; classtype:trojan-activity;sid:83700095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.133.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836996/; classtype:trojan-activity;sid:83700096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.11.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836994/; classtype:trojan-activity;sid:83700094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.66.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836993/; classtype:trojan-activity;sid:83700093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.58.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836992/; classtype:trojan-activity;sid:83700092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.125.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836991/; classtype:trojan-activity;sid:83700091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.52.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836990/; classtype:trojan-activity;sid:83700090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.158.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836989/; classtype:trojan-activity;sid:83700089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.9.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836988/; classtype:trojan-activity;sid:83700088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.118"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836987/; classtype:trojan-activity;sid:83700087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.90.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836986/; classtype:trojan-activity;sid:83700086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669223850|3f|hash=2zmkdtitdyutko2nigmrkmidog493uvfxuvz0lglfo4|7c|26|7c|dl=z4zczsbhas1vbwn6mw2ymh3st3mtc9wuydmowzfqm8h|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836985/; classtype:trojan-activity;sid:83700085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youhaveonefile.txt"; depth:19; endswith; nocase; http.host; content:"172.245.123.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836984/; classtype:trojan-activity;sid:83700084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.101.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836980/; classtype:trojan-activity;sid:83700080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webeautifultogetitbackwithentirethingstogetinbacktogetbeautifulthingsinhandwithalotofthings___beautifulgirlsheisentirethingstogetitbacktogetinher.doc"; depth:150; endswith; nocase; http.host; content:"172.245.123.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836981/; classtype:trojan-activity;sid:83700081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youhaveonefilefortody.vbs"; depth:26; endswith; nocase; http.host; content:"172.245.123.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836982/; classtype:trojan-activity;sid:83700082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/0krpn"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836983/; classtype:trojan-activity;sid:83700083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836979/; classtype:trojan-activity;sid:83700079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.210.235.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836978/; classtype:trojan-activity;sid:83700078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.18.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836977/; classtype:trojan-activity;sid:83700077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.147.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836976/; classtype:trojan-activity;sid:83700076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.206.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836975/; classtype:trojan-activity;sid:83700075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.9.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836974/; classtype:trojan-activity;sid:83700074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/master.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836973/; classtype:trojan-activity;sid:83700073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.149.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836972/; classtype:trojan-activity;sid:83700072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.125.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836971/; classtype:trojan-activity;sid:83700071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.226.105.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836970/; classtype:trojan-activity;sid:83700070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836969/; classtype:trojan-activity;sid:83700069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.83.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836968/; classtype:trojan-activity;sid:83700068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836967/; classtype:trojan-activity;sid:83700067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836966/; classtype:trojan-activity;sid:83700066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.98.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836965/; classtype:trojan-activity;sid:83700065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836964/; classtype:trojan-activity;sid:83700064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.216.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836963/; classtype:trojan-activity;sid:83700063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836962/; classtype:trojan-activity;sid:83700062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.11.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836961/; classtype:trojan-activity;sid:83700061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836960/; classtype:trojan-activity;sid:83700060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.93.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836959/; classtype:trojan-activity;sid:83700059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.149.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836958/; classtype:trojan-activity;sid:83700058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.91.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836957/; classtype:trojan-activity;sid:83700057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.226.105.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836956/; classtype:trojan-activity;sid:83700056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.48.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836955/; classtype:trojan-activity;sid:83700055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.215.180.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836953/; classtype:trojan-activity;sid:83700053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.157.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836954/; classtype:trojan-activity;sid:83700054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.253.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836952/; classtype:trojan-activity;sid:83700052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.167.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836951/; classtype:trojan-activity;sid:83700051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.189.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836950/; classtype:trojan-activity;sid:83700050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.241.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836949/; classtype:trojan-activity;sid:83700049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.242.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836948/; classtype:trojan-activity;sid:83700048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.222.237.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836947/; classtype:trojan-activity;sid:83700047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.172.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836946/; classtype:trojan-activity;sid:83700046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669220424|3f|hash=mv8znmaze5xs9z9jcxfauvp7kt1jf6udi3gixd1jkew|7c|26|7c|dl=lbgsjpqqdrudbukszifmfzwfthtx5dsrxub1xauspvk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836945/; classtype:trojan-activity;sid:83700045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.27.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836944/; classtype:trojan-activity;sid:83700044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.72.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836943/; classtype:trojan-activity;sid:83700043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.93.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836942/; classtype:trojan-activity;sid:83700042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.197.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836941/; classtype:trojan-activity;sid:83700041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.254.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836940/; classtype:trojan-activity;sid:83700040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.59.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836939/; classtype:trojan-activity;sid:83700039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.183.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836938/; classtype:trojan-activity;sid:83700038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836937/; classtype:trojan-activity;sid:83700037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.139.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836936/; classtype:trojan-activity;sid:83700036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.47.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836934/; classtype:trojan-activity;sid:83700034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.159.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836935/; classtype:trojan-activity;sid:83700035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.187.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836933/; classtype:trojan-activity;sid:83700033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836932/; classtype:trojan-activity;sid:83700032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.229.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836931/; classtype:trojan-activity;sid:83700031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.135.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836930/; classtype:trojan-activity;sid:83700030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.85.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836929/; classtype:trojan-activity;sid:83700029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836928/; classtype:trojan-activity;sid:83700028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.172.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836927/; classtype:trojan-activity;sid:83700027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.217.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836926/; classtype:trojan-activity;sid:83700026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669220450|3f|hash=sqkwzihsaokmwfjysvalkt4swexdz0reglplpzytdol|7c|26|7c|dl=zvwyhcru5hk9zqxo8mqduvg6y0whzondtbai0qjvzyo|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836925/; classtype:trojan-activity;sid:83700025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836924/; classtype:trojan-activity;sid:83700024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.56.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836923/; classtype:trojan-activity;sid:83700023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"94.228.199.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836922/; classtype:trojan-activity;sid:83700022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836921/; classtype:trojan-activity;sid:83700021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836920/; classtype:trojan-activity;sid:83700020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.142.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836919/; classtype:trojan-activity;sid:83700019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.124.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836917/; classtype:trojan-activity;sid:83700017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.179.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836918/; classtype:trojan-activity;sid:83700018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4444.elf"; depth:9; endswith; nocase; http.host; content:"3.131.30.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836916/; classtype:trojan-activity;sid:83700016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.224.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836915/; classtype:trojan-activity;sid:83700015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.159.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836914/; classtype:trojan-activity;sid:83700014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.183.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836913/; classtype:trojan-activity;sid:83700013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.13.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836912/; classtype:trojan-activity;sid:83700012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.246.223.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836911/; classtype:trojan-activity;sid:83700011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.59.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836910/; classtype:trojan-activity;sid:83700010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.175.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836909/; classtype:trojan-activity;sid:83700009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.3.243"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836908/; classtype:trojan-activity;sid:83700008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836907/; classtype:trojan-activity;sid:83700007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836906/; classtype:trojan-activity;sid:83700006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.124.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836905/; classtype:trojan-activity;sid:83700005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.28.7"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836904/; classtype:trojan-activity;sid:83700004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.224.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836903/; classtype:trojan-activity;sid:83700003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.233.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836902/; classtype:trojan-activity;sid:83700002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836901/; classtype:trojan-activity;sid:83700001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.77.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836900/; classtype:trojan-activity;sid:83700000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.235.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836899/; classtype:trojan-activity;sid:83699999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.142.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836898/; classtype:trojan-activity;sid:83699998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.225.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836897/; classtype:trojan-activity;sid:83699997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836896/; classtype:trojan-activity;sid:83699996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.222.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836895/; classtype:trojan-activity;sid:83699995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.175.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836894/; classtype:trojan-activity;sid:83699994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.233.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836893/; classtype:trojan-activity;sid:83699993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.205.218.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836892/; classtype:trojan-activity;sid:83699992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.122.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836891/; classtype:trojan-activity;sid:83699991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.225.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836890/; classtype:trojan-activity;sid:83699990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836889/; classtype:trojan-activity;sid:83699989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836879/; classtype:trojan-activity;sid:83699979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836880/; classtype:trojan-activity;sid:83699980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836881/; classtype:trojan-activity;sid:83699981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836882/; classtype:trojan-activity;sid:83699982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836883/; classtype:trojan-activity;sid:83699983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836884/; classtype:trojan-activity;sid:83699984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836885/; classtype:trojan-activity;sid:83699985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836886/; classtype:trojan-activity;sid:83699986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836887/; classtype:trojan-activity;sid:83699987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836888/; classtype:trojan-activity;sid:83699988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836878/; classtype:trojan-activity;sid:83699978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.39.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836877/; classtype:trojan-activity;sid:83699977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836876/; classtype:trojan-activity;sid:83699976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.127.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836875/; classtype:trojan-activity;sid:83699975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.212.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836874/; classtype:trojan-activity;sid:83699974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.195.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836873/; classtype:trojan-activity;sid:83699973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.60.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836872/; classtype:trojan-activity;sid:83699972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.36.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836871/; classtype:trojan-activity;sid:83699971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.106.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836870/; classtype:trojan-activity;sid:83699970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836869/; classtype:trojan-activity;sid:83699969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.222.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836867/; classtype:trojan-activity;sid:83699967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.48.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836868/; classtype:trojan-activity;sid:83699968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.229.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836866/; classtype:trojan-activity;sid:83699966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.177.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836865/; classtype:trojan-activity;sid:83699965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.146.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836864/; classtype:trojan-activity;sid:83699964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836863/; classtype:trojan-activity;sid:83699963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"43.156.240.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836862/; classtype:trojan-activity;sid:83699962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"209.58.169.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836861/; classtype:trojan-activity;sid:83699961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"54.237.80.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836853/; classtype:trojan-activity;sid:83699953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"103.146.202.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"45.79.237.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836855/; classtype:trojan-activity;sid:83699955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"18.139.227.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836856/; classtype:trojan-activity;sid:83699956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"144.91.106.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836857/; classtype:trojan-activity;sid:83699957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"128.199.111.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836858/; classtype:trojan-activity;sid:83699958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.240.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836859/; classtype:trojan-activity;sid:83699959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"172.104.238.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836860/; classtype:trojan-activity;sid:83699960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"212.227.241.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836841/; classtype:trojan-activity;sid:83699941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"185.17.144.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836842/; classtype:trojan-activity;sid:83699942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.39.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836843/; classtype:trojan-activity;sid:83699943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"195.211.101.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"161.97.102.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836845/; classtype:trojan-activity;sid:83699945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"185.208.172.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836846/; classtype:trojan-activity;sid:83699946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"43.204.230.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836847/; classtype:trojan-activity;sid:83699947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"161.35.56.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836848/; classtype:trojan-activity;sid:83699948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"200.54.37.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836849/; classtype:trojan-activity;sid:83699949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"161.97.152.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836850/; classtype:trojan-activity;sid:83699950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"54.200.196.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836851/; classtype:trojan-activity;sid:83699951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"65.108.61.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836852/; classtype:trojan-activity;sid:83699952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"54.37.139.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836839/; classtype:trojan-activity;sid:83699939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"141.144.230.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836840/; classtype:trojan-activity;sid:83699940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"82.176.77.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836835/; classtype:trojan-activity;sid:83699935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"20.15.225.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836837/; classtype:trojan-activity;sid:83699937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"54.255.204.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836838/; classtype:trojan-activity;sid:83699938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"188.166.160.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836833/; classtype:trojan-activity;sid:83699933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"157.245.23.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836834/; classtype:trojan-activity;sid:83699934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836828/; classtype:trojan-activity;sid:83699928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836829/; classtype:trojan-activity;sid:83699929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836830/; classtype:trojan-activity;sid:83699930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"138.68.144.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836831/; classtype:trojan-activity;sid:83699931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.81.242.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836832/; classtype:trojan-activity;sid:83699932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.124.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836814/; classtype:trojan-activity;sid:83699914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.127.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836797/; classtype:trojan-activity;sid:83699897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.36.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836796/; classtype:trojan-activity;sid:83699896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836795/; classtype:trojan-activity;sid:83699895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/bots_mips"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836794/; classtype:trojan-activity;sid:83699894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.226.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836793/; classtype:trojan-activity;sid:83699893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.155.118.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836792/; classtype:trojan-activity;sid:83699892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836791/; classtype:trojan-activity;sid:83699891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.229.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836790/; classtype:trojan-activity;sid:83699890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.146.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836789/; classtype:trojan-activity;sid:83699889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.132.76.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836788/; classtype:trojan-activity;sid:83699888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.sh4"; depth:15; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836787/; classtype:trojan-activity;sid:83699887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm5"; depth:11; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836780/; classtype:trojan-activity;sid:83699880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm7"; depth:11; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836781/; classtype:trojan-activity;sid:83699881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.x86"; depth:10; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836782/; classtype:trojan-activity;sid:83699882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm6"; depth:16; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836783/; classtype:trojan-activity;sid:83699883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm5"; depth:16; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836784/; classtype:trojan-activity;sid:83699884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm6"; depth:11; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836785/; classtype:trojan-activity;sid:83699885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.x86"; depth:15; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836786/; classtype:trojan-activity;sid:83699886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.spc"; depth:10; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836776/; classtype:trojan-activity;sid:83699876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm"; depth:10; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836777/; classtype:trojan-activity;sid:83699877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.spc"; depth:15; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836778/; classtype:trojan-activity;sid:83699878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm"; depth:15; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836779/; classtype:trojan-activity;sid:83699879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.m68k"; depth:16; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836771/; classtype:trojan-activity;sid:83699871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.m68k"; depth:11; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836772/; classtype:trojan-activity;sid:83699872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.mips"; depth:11; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836773/; classtype:trojan-activity;sid:83699873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.ppc"; depth:15; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836774/; classtype:trojan-activity;sid:83699874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.mpsl"; depth:16; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836775/; classtype:trojan-activity;sid:83699875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.ppc"; depth:10; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836766/; classtype:trojan-activity;sid:83699866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836767/; classtype:trojan-activity;sid:83699867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm7"; depth:16; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836768/; classtype:trojan-activity;sid:83699868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.sh4"; depth:10; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836769/; classtype:trojan-activity;sid:83699869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.mpsl"; depth:11; endswith; nocase; http.host; content:"94.156.71.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836770/; classtype:trojan-activity;sid:83699870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.231.242.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836765/; classtype:trojan-activity;sid:83699865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.184.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836764/; classtype:trojan-activity;sid:83699864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/tvyrs"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836762/; classtype:trojan-activity;sid:83699862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newrpdstuffffff.txt"; depth:20; endswith; nocase; http.host; content:"192.3.101.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836763/; classtype:trojan-activity;sid:83699863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.210.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836761/; classtype:trojan-activity;sid:83699861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.191.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836760/; classtype:trojan-activity;sid:83699860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hotstuffnewrdp.vbs"; depth:19; endswith; nocase; http.host; content:"192.3.101.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836757/; classtype:trojan-activity;sid:83699857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wewanthowthemagicalwordshappeningeverywheretogetmebackwithgoodthingstounderstandtogetmeback___beautifulgirlcallingmefortea.doc"; depth:127; endswith; nocase; http.host; content:"192.3.101.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836758/; classtype:trojan-activity;sid:83699858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.16.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836759/; classtype:trojan-activity;sid:83699859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.186.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836756/; classtype:trojan-activity;sid:83699856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.225.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836754/; classtype:trojan-activity;sid:83699854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.175.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836755/; classtype:trojan-activity;sid:83699855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sylvester.dwp"; depth:14; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836751/; classtype:trojan-activity;sid:83699851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terminaljob.toc"; depth:16; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836752/; classtype:trojan-activity;sid:83699852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/breastweed.lpk"; depth:15; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836753/; classtype:trojan-activity;sid:83699853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xjwsmgxxj86.bin"; depth:16; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836749/; classtype:trojan-activity;sid:83699849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pitaobi.bin"; depth:12; endswith; nocase; http.host; content:"94.156.79.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836750/; classtype:trojan-activity;sid:83699850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.251.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836748/; classtype:trojan-activity;sid:83699848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.68.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836747/; classtype:trojan-activity;sid:83699847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.3.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836746/; classtype:trojan-activity;sid:83699846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.55.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836745/; classtype:trojan-activity;sid:83699845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.183.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836742/; classtype:trojan-activity;sid:83699842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.155.118.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836743/; classtype:trojan-activity;sid:83699843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.209.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836744/; classtype:trojan-activity;sid:83699844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836741/; classtype:trojan-activity;sid:83699841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.231.242.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836740/; classtype:trojan-activity;sid:83699840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.186.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836739/; classtype:trojan-activity;sid:83699839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.184.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836737/; classtype:trojan-activity;sid:83699837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836738/; classtype:trojan-activity;sid:83699838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.132.76.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836736/; classtype:trojan-activity;sid:83699836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836735/; classtype:trojan-activity;sid:83699835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.183.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836734/; classtype:trojan-activity;sid:83699834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.91.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836733/; classtype:trojan-activity;sid:83699833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.185.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836732/; classtype:trojan-activity;sid:83699832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.66.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836731/; classtype:trojan-activity;sid:83699831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.58.188.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836730/; classtype:trojan-activity;sid:83699830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.111.131.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836729/; classtype:trojan-activity;sid:83699829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.68.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836728/; classtype:trojan-activity;sid:83699828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.42.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836727/; classtype:trojan-activity;sid:83699827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.91.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836726/; classtype:trojan-activity;sid:83699826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836725/; classtype:trojan-activity;sid:83699825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.196.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836724/; classtype:trojan-activity;sid:83699824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836723/; classtype:trojan-activity;sid:83699823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836722/; classtype:trojan-activity;sid:83699822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.91.61.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836721/; classtype:trojan-activity;sid:83699821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.251.13.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836720/; classtype:trojan-activity;sid:83699820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.149.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836719/; classtype:trojan-activity;sid:83699819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.90.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836718/; classtype:trojan-activity;sid:83699818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836717/; classtype:trojan-activity;sid:83699817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.58.188.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836716/; classtype:trojan-activity;sid:83699816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.188.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836715/; classtype:trojan-activity;sid:83699815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.42.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836714/; classtype:trojan-activity;sid:83699814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.190.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836713/; classtype:trojan-activity;sid:83699813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836712/; classtype:trojan-activity;sid:83699812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.173.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836711/; classtype:trojan-activity;sid:83699811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.207.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836710/; classtype:trojan-activity;sid:83699810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.31.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836708/; classtype:trojan-activity;sid:83699808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.227.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836709/; classtype:trojan-activity;sid:83699809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.196.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836707/; classtype:trojan-activity;sid:83699807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836706/; classtype:trojan-activity;sid:83699806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.56.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836704/; classtype:trojan-activity;sid:83699804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.238.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836705/; classtype:trojan-activity;sid:83699805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.84.110.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836703/; classtype:trojan-activity;sid:83699803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.22.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836702/; classtype:trojan-activity;sid:83699802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hasleo_backup_suite.exe"; depth:24; endswith; nocase; http.host; content:"lallavedelajuderia.es"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836701/; classtype:trojan-activity;sid:83699801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.46.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836700/; classtype:trojan-activity;sid:83699800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836699/; classtype:trojan-activity;sid:83699799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836698/; classtype:trojan-activity;sid:83699798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.112.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836697/; classtype:trojan-activity;sid:83699797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.190.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836696/; classtype:trojan-activity;sid:83699796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.163.245.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836695/; classtype:trojan-activity;sid:83699795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.92.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836694/; classtype:trojan-activity;sid:83699794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.245.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836693/; classtype:trojan-activity;sid:83699793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.127.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836692/; classtype:trojan-activity;sid:83699792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.238.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836691/; classtype:trojan-activity;sid:83699791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.31.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836689/; classtype:trojan-activity;sid:83699789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.227.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836690/; classtype:trojan-activity;sid:83699790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.202.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836688/; classtype:trojan-activity;sid:83699788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836685/; classtype:trojan-activity;sid:83699785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.253.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836686/; classtype:trojan-activity;sid:83699786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.56.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836687/; classtype:trojan-activity;sid:83699787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836681/; classtype:trojan-activity;sid:83699781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836682/; classtype:trojan-activity;sid:83699782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836683/; classtype:trojan-activity;sid:83699783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.111.96.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836684/; classtype:trojan-activity;sid:83699784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836676/; classtype:trojan-activity;sid:83699776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836677/; classtype:trojan-activity;sid:83699777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836678/; classtype:trojan-activity;sid:83699778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836679/; classtype:trojan-activity;sid:83699779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836680/; classtype:trojan-activity;sid:83699780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836674/; classtype:trojan-activity;sid:83699774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"minuoddos.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836675/; classtype:trojan-activity;sid:83699775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.22.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836672/; classtype:trojan-activity;sid:83699772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836673/; classtype:trojan-activity;sid:83699773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.88.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836671/; classtype:trojan-activity;sid:83699771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836670/; classtype:trojan-activity;sid:83699770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836669/; classtype:trojan-activity;sid:83699769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm"; depth:52; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836665/; classtype:trojan-activity;sid:83699765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836666/; classtype:trojan-activity;sid:83699766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86_64"; depth:55; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836667/; classtype:trojan-activity;sid:83699767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836668/; classtype:trojan-activity;sid:83699768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836660/; classtype:trojan-activity;sid:83699760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836661/; classtype:trojan-activity;sid:83699761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836662/; classtype:trojan-activity;sid:83699762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86_64"; depth:55; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836663/; classtype:trojan-activity;sid:83699763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836664/; classtype:trojan-activity;sid:83699764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836651/; classtype:trojan-activity;sid:83699751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836652/; classtype:trojan-activity;sid:83699752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836653/; classtype:trojan-activity;sid:83699753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836654/; classtype:trojan-activity;sid:83699754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm"; depth:52; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836655/; classtype:trojan-activity;sid:83699755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836656/; classtype:trojan-activity;sid:83699756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836657/; classtype:trojan-activity;sid:83699757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836658/; classtype:trojan-activity;sid:83699758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836659/; classtype:trojan-activity;sid:83699759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836649/; classtype:trojan-activity;sid:83699749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836650/; classtype:trojan-activity;sid:83699750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836645/; classtype:trojan-activity;sid:83699745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836646/; classtype:trojan-activity;sid:83699746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836647/; classtype:trojan-activity;sid:83699747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836648/; classtype:trojan-activity;sid:83699748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836640/; classtype:trojan-activity;sid:83699740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836641/; classtype:trojan-activity;sid:83699741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836642/; classtype:trojan-activity;sid:83699742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836643/; classtype:trojan-activity;sid:83699743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836644/; classtype:trojan-activity;sid:83699744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836636/; classtype:trojan-activity;sid:83699736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836637/; classtype:trojan-activity;sid:83699737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836638/; classtype:trojan-activity;sid:83699738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836639/; classtype:trojan-activity;sid:83699739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836632/; classtype:trojan-activity;sid:83699732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836633/; classtype:trojan-activity;sid:83699733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836634/; classtype:trojan-activity;sid:83699734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836635/; classtype:trojan-activity;sid:83699735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836630/; classtype:trojan-activity;sid:83699730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.20.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836631/; classtype:trojan-activity;sid:83699731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836624/; classtype:trojan-activity;sid:83699724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836625/; classtype:trojan-activity;sid:83699725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836626/; classtype:trojan-activity;sid:83699726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836627/; classtype:trojan-activity;sid:83699727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836628/; classtype:trojan-activity;sid:83699728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836629/; classtype:trojan-activity;sid:83699729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"bobs.kraken11op.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836622/; classtype:trojan-activity;sid:83699722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836623/; classtype:trojan-activity;sid:83699723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836620/; classtype:trojan-activity;sid:83699720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836621/; classtype:trojan-activity;sid:83699721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.34.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836619/; classtype:trojan-activity;sid:83699719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.112.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836618/; classtype:trojan-activity;sid:83699718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.232.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836617/; classtype:trojan-activity;sid:83699717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.85.127.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836616/; classtype:trojan-activity;sid:83699716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836615/; classtype:trojan-activity;sid:83699715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836614/; classtype:trojan-activity;sid:83699714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.89.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836613/; classtype:trojan-activity;sid:83699713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.245.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836612/; classtype:trojan-activity;sid:83699712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836610/; classtype:trojan-activity;sid:83699710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.163.245.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836611/; classtype:trojan-activity;sid:83699711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.197.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836609/; classtype:trojan-activity;sid:83699709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.7.231.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836608/; classtype:trojan-activity;sid:83699708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.88.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836607/; classtype:trojan-activity;sid:83699707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.124.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836606/; classtype:trojan-activity;sid:83699706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.31.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836605/; classtype:trojan-activity;sid:83699705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836604/; classtype:trojan-activity;sid:83699704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.220.146.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836603/; classtype:trojan-activity;sid:83699703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.20.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836602/; classtype:trojan-activity;sid:83699702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.163.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836601/; classtype:trojan-activity;sid:83699701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.50.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836600/; classtype:trojan-activity;sid:83699700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.75.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836599/; classtype:trojan-activity;sid:83699699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836598/; classtype:trojan-activity;sid:83699698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.72.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836597/; classtype:trojan-activity;sid:83699697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.206.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836596/; classtype:trojan-activity;sid:83699696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.75.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836595/; classtype:trojan-activity;sid:83699695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.202.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836594/; classtype:trojan-activity;sid:83699694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.120.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836593/; classtype:trojan-activity;sid:83699693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.187.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836591/; classtype:trojan-activity;sid:83699691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.181.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836592/; classtype:trojan-activity;sid:83699692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836590/; classtype:trojan-activity;sid:83699690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836589/; classtype:trojan-activity;sid:83699689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.50.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836588/; classtype:trojan-activity;sid:83699688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.181.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836587/; classtype:trojan-activity;sid:83699687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.130.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836586/; classtype:trojan-activity;sid:83699686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.133.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836585/; classtype:trojan-activity;sid:83699685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.206.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836584/; classtype:trojan-activity;sid:83699684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.200.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836583/; classtype:trojan-activity;sid:83699683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.83.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836582/; classtype:trojan-activity;sid:83699682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.247.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836581/; classtype:trojan-activity;sid:83699681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/winscp-6.3.2-setup.msix"; depth:30; endswith; nocase; http.host; content:"cdn37.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836575/; classtype:trojan-activity;sid:83699675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/wsj.msix"; depth:15; endswith; nocase; http.host; content:"eprst251.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836576/; classtype:trojan-activity;sid:83699676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sapconcur.msix"; depth:21; endswith; nocase; http.host; content:"eprst251.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836577/; classtype:trojan-activity;sid:83699677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/autodeskfusion.msix"; depth:26; endswith; nocase; http.host; content:"cdn41.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836578/; classtype:trojan-activity;sid:83699678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/asana.msix"; depth:17; endswith; nocase; http.host; content:"cdn41.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836579/; classtype:trojan-activity;sid:83699679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/webex.msix"; depth:17; endswith; nocase; http.host; content:"cdn37.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836580/; classtype:trojan-activity;sid:83699680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan"; depth:6; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836574/; classtype:trojan-activity;sid:83699674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/googlemeet.msix"; depth:22; endswith; nocase; http.host; content:"cdn41.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836572/; classtype:trojan-activity;sid:83699672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/asana.msix"; depth:17; endswith; nocase; http.host; content:"cdn46.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836573/; classtype:trojan-activity;sid:83699673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7z.msix"; depth:14; endswith; nocase; http.host; content:"cdn47.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836565/; classtype:trojan-activity;sid:83699665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dirtypipez"; depth:11; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836566/; classtype:trojan-activity;sid:83699666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/steepwriter_4.0.4.0_x64.msix"; depth:35; endswith; nocase; http.host; content:"msq2323232300000.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836567/; classtype:trojan-activity;sid:83699667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/anydesk.msix"; depth:19; endswith; nocase; http.host; content:"msq2323232300000.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836568/; classtype:trojan-activity;sid:83699668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/npp.installer.x64.msix"; depth:29; endswith; nocase; http.host; content:"msq2323232300000.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836569/; classtype:trojan-activity;sid:83699669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/cnn.msix"; depth:15; endswith; nocase; http.host; content:"cdn41.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836570/; classtype:trojan-activity;sid:83699670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/ciscosmartsoftware.msix"; depth:30; endswith; nocase; http.host; content:"msq2323232300000.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836571/; classtype:trojan-activity;sid:83699671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/quicken.msix"; depth:19; endswith; nocase; http.host; content:"cdn30.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836556/; classtype:trojan-activity;sid:83699656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/hubspot.msix"; depth:19; endswith; nocase; http.host; content:"cdn41.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836557/; classtype:trojan-activity;sid:83699657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sapconcur.msix"; depth:21; endswith; nocase; http.host; content:"cdn41.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836558/; classtype:trojan-activity;sid:83699658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/wsj.msix"; depth:15; endswith; nocase; http.host; content:"cdn41.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836559/; classtype:trojan-activity;sid:83699659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/vkontakte.msix"; depth:21; endswith; nocase; http.host; content:"cdn42.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836560/; classtype:trojan-activity;sid:83699660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/blackrock.msix"; depth:21; endswith; nocase; http.host; content:"cdn41.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836561/; classtype:trojan-activity;sid:83699661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dirtypipez.c"; depth:13; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836562/; classtype:trojan-activity;sid:83699662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/pgadmin4.msix"; depth:20; endswith; nocase; http.host; content:"msq2323232300000.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836563/; classtype:trojan-activity;sid:83699663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/advancedipscanner.msix"; depth:29; endswith; nocase; http.host; content:"eprst431.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836564/; classtype:trojan-activity;sid:83699664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/goto_4.6.5.0_x64.msix"; depth:28; endswith; nocase; http.host; content:"msq2323232300000.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836553/; classtype:trojan-activity;sid:83699653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/googlemeet.msix"; depth:22; endswith; nocase; http.host; content:"cdn40.click"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836554/; classtype:trojan-activity;sid:83699654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/anyconnect-win.msix"; depth:26; endswith; nocase; http.host; content:"cdn25.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836555/; classtype:trojan-activity;sid:83699655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/npp.installer.x64.msix"; depth:29; endswith; nocase; http.host; content:"cdn25.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836538/; classtype:trojan-activity;sid:83699638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/wsj.msix"; depth:15; endswith; nocase; http.host; content:"cdn1124.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836539/; classtype:trojan-activity;sid:83699639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/googlemeet.msix"; depth:22; endswith; nocase; http.host; content:"cdn1124.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836540/; classtype:trojan-activity;sid:83699640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/adobe_protected_pdf.msix"; depth:31; endswith; nocase; http.host; content:"cdn33.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836541/; classtype:trojan-activity;sid:83699641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/airtable-x64.msix"; depth:24; endswith; nocase; http.host; content:"cdn25.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836542/; classtype:trojan-activity;sid:83699642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/workday.msix"; depth:19; endswith; nocase; http.host; content:"cdn34.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836543/; classtype:trojan-activity;sid:83699643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sapconcur.msix"; depth:21; endswith; nocase; http.host; content:"cdn1124.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836544/; classtype:trojan-activity;sid:83699644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/bloombergterminal-x64.msix"; depth:33; endswith; nocase; http.host; content:"cdn25.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836545/; classtype:trojan-activity;sid:83699645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/googlemeet.msix"; depth:22; endswith; nocase; http.host; content:"eprst251.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836546/; classtype:trojan-activity;sid:83699646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/aimp.msix"; depth:16; endswith; nocase; http.host; content:"cdn32.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836547/; classtype:trojan-activity;sid:83699647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/wsj.msix"; depth:15; endswith; nocase; http.host; content:"cdn40.click"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836548/; classtype:trojan-activity;sid:83699648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sapconcur.msix"; depth:21; endswith; nocase; http.host; content:"cdn40.click"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836549/; classtype:trojan-activity;sid:83699649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/document.msix"; depth:20; endswith; nocase; http.host; content:"cdn45.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836550/; classtype:trojan-activity;sid:83699650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/asana.msix"; depth:17; endswith; nocase; http.host; content:"cdn40.click"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836551/; classtype:trojan-activity;sid:83699651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/aimp.msix"; depth:16; endswith; nocase; http.host; content:"cdn47.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836552/; classtype:trojan-activity;sid:83699652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/asana.msix"; depth:17; endswith; nocase; http.host; content:"cdn1124.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836537/; classtype:trojan-activity;sid:83699637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836536/; classtype:trojan-activity;sid:83699636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prnportsixinfromationalprotectiontoundersnadmonekybodyhowmuchgoodtokissherlipswithlotoflovesheneverunderstandanythingwithoutknowingher__beautifulgirlshe.doc"; depth:157; endswith; nocase; http.host; content:"192.3.243.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836534/; classtype:trojan-activity;sid:83699634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/archivenfromationalprotectiontoundersnadmonekybodyhowmuchgoodtokissherlipswithlotoflovesheneverunderstandanythingwithoutknowingher__beautifulgirlshe.doc"; depth:153; endswith; nocase; http.host; content:"192.3.243.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836535/; classtype:trojan-activity;sid:83699635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.38.150.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836533/; classtype:trojan-activity;sid:83699633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.217.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836532/; classtype:trojan-activity;sid:83699632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.6.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836531/; classtype:trojan-activity;sid:83699631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836530/; classtype:trojan-activity;sid:83699630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.205.69.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836529/; classtype:trojan-activity;sid:83699629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.72.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836528/; classtype:trojan-activity;sid:83699628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.10.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836527/; classtype:trojan-activity;sid:83699627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.120.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836526/; classtype:trojan-activity;sid:83699626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.124.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836525/; classtype:trojan-activity;sid:83699625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.115.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836523/; classtype:trojan-activity;sid:83699623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.141.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836524/; classtype:trojan-activity;sid:83699624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.132.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836522/; classtype:trojan-activity;sid:83699622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.1.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836521/; classtype:trojan-activity;sid:83699621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.160.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836518/; classtype:trojan-activity;sid:83699618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.21.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836519/; classtype:trojan-activity;sid:83699619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.247.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836520/; classtype:trojan-activity;sid:83699620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.149.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836517/; classtype:trojan-activity;sid:83699617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.107.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836515/; classtype:trojan-activity;sid:83699615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.36.157.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836516/; classtype:trojan-activity;sid:83699616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.6.73"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836514/; classtype:trojan-activity;sid:83699614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.83.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836513/; classtype:trojan-activity;sid:83699613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.10.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836512/; classtype:trojan-activity;sid:83699612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.102.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836511/; classtype:trojan-activity;sid:83699611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.205.69.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836510/; classtype:trojan-activity;sid:83699610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.59.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836509/; classtype:trojan-activity;sid:83699609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.1.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836508/; classtype:trojan-activity;sid:83699608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.9.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836507/; classtype:trojan-activity;sid:83699607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.117.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836505/; classtype:trojan-activity;sid:83699605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.57.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836506/; classtype:trojan-activity;sid:83699606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.84.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836504/; classtype:trojan-activity;sid:83699604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.206.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836503/; classtype:trojan-activity;sid:83699603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.148.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836502/; classtype:trojan-activity;sid:83699602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.186.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836501/; classtype:trojan-activity;sid:83699601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.170.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836500/; classtype:trojan-activity;sid:83699600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836499/; classtype:trojan-activity;sid:83699599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.134.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836498/; classtype:trojan-activity;sid:83699598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.204.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836497/; classtype:trojan-activity;sid:83699597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.102.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836496/; classtype:trojan-activity;sid:83699596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836495/; classtype:trojan-activity;sid:83699595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.139.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836494/; classtype:trojan-activity;sid:83699594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.9.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836493/; classtype:trojan-activity;sid:83699593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.185.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836492/; classtype:trojan-activity;sid:83699592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.159.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836491/; classtype:trojan-activity;sid:83699591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.182.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836490/; classtype:trojan-activity;sid:83699590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.152.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836488/; classtype:trojan-activity;sid:83699588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.148.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836489/; classtype:trojan-activity;sid:83699589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.84.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836487/; classtype:trojan-activity;sid:83699587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.11.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836486/; classtype:trojan-activity;sid:83699586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.44.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836484/; classtype:trojan-activity;sid:83699584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.149.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836485/; classtype:trojan-activity;sid:83699585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836483/; classtype:trojan-activity;sid:83699583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.206.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836482/; classtype:trojan-activity;sid:83699582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.226.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836481/; classtype:trojan-activity;sid:83699581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.57.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836480/; classtype:trojan-activity;sid:83699580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.65.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836479/; classtype:trojan-activity;sid:83699579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"81.182.189.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836478/; classtype:trojan-activity;sid:83699578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836477/; classtype:trojan-activity;sid:83699577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.67.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836476/; classtype:trojan-activity;sid:83699576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.21.176.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836475/; classtype:trojan-activity;sid:83699575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.253.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836474/; classtype:trojan-activity;sid:83699574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.185.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836473/; classtype:trojan-activity;sid:83699573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.159.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836472/; classtype:trojan-activity;sid:83699572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.152.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836470/; classtype:trojan-activity;sid:83699570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.185.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836471/; classtype:trojan-activity;sid:83699571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836469/; classtype:trojan-activity;sid:83699569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836468/; classtype:trojan-activity;sid:83699568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.139.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836467/; classtype:trojan-activity;sid:83699567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/bdc/shelovedsomeonetounderstandthebeautifulgirlpleasetrytogetherbackfromthebeautifulgirlsheisverybeautifulgirl___ithinksheisbeautifulandverybeautifulgirlsheis.doc"; depth:169; endswith; nocase; http.host; content:"192.3.239.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836466/; classtype:trojan-activity;sid:83699566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.7.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836464/; classtype:trojan-activity;sid:83699564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.126.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836465/; classtype:trojan-activity;sid:83699565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.204.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836463/; classtype:trojan-activity;sid:83699563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.185.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836462/; classtype:trojan-activity;sid:83699562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.190.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836461/; classtype:trojan-activity;sid:83699561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm"; depth:8; endswith; nocase; http.host; content:"94.156.68.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836459/; classtype:trojan-activity;sid:83699559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm7"; depth:9; endswith; nocase; http.host; content:"94.156.68.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836460/; classtype:trojan-activity;sid:83699560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.204.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836458/; classtype:trojan-activity;sid:83699558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836457/; classtype:trojan-activity;sid:83699557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.236.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836454/; classtype:trojan-activity;sid:83699554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.5.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836455/; classtype:trojan-activity;sid:83699555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.57.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836456/; classtype:trojan-activity;sid:83699556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836453/; classtype:trojan-activity;sid:83699553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.215.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836452/; classtype:trojan-activity;sid:83699552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.224.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836451/; classtype:trojan-activity;sid:83699551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.65.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836450/; classtype:trojan-activity;sid:83699550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.215.249.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836449/; classtype:trojan-activity;sid:83699549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.6.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836448/; classtype:trojan-activity;sid:83699548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.16.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836447/; classtype:trojan-activity;sid:83699547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836446/; classtype:trojan-activity;sid:83699546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.148.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836445/; classtype:trojan-activity;sid:83699545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.236.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836444/; classtype:trojan-activity;sid:83699544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836442/; classtype:trojan-activity;sid:83699542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/ff481eed8e53ac2a7061ffcaeee5b75b/neverlose-crack.exe"; depth:57; endswith; nocase; http.host; content:"loader.oxy.st"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836443/; classtype:trojan-activity;sid:83699543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/yohan.exe"; depth:15; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836441/; classtype:trojan-activity;sid:83699541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.80.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836439/; classtype:trojan-activity;sid:83699539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.127.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836440/; classtype:trojan-activity;sid:83699540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836438/; classtype:trojan-activity;sid:83699538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669203810|3f|hash=nfbhg1szkwczc0kyvejf7jox3g8eypk8pjz2c8z8kzx|7c|26|7c|dl=4jrkmugbxbfu2fzmf16dxu9brevnwjvzbhyxtrk22zs|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836437/; classtype:trojan-activity;sid:83699537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.215.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836436/; classtype:trojan-activity;sid:83699536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836434/; classtype:trojan-activity;sid:83699534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.224.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836435/; classtype:trojan-activity;sid:83699535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.217.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836433/; classtype:trojan-activity;sid:83699533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.80.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836432/; classtype:trojan-activity;sid:83699532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.125.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836430/; classtype:trojan-activity;sid:83699530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.42.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836431/; classtype:trojan-activity;sid:83699531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.225.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836427/; classtype:trojan-activity;sid:83699527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.255.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836428/; classtype:trojan-activity;sid:83699528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.134.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836429/; classtype:trojan-activity;sid:83699529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836426/; classtype:trojan-activity;sid:83699526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836425/; classtype:trojan-activity;sid:83699525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.80.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836424/; classtype:trojan-activity;sid:83699524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.148.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836423/; classtype:trojan-activity;sid:83699523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836422/; classtype:trojan-activity;sid:83699522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836421/; classtype:trojan-activity;sid:83699521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836420/; classtype:trojan-activity;sid:83699520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.80.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836418/; classtype:trojan-activity;sid:83699518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.48.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836419/; classtype:trojan-activity;sid:83699519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.63.113.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836417/; classtype:trojan-activity;sid:83699517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.128.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836416/; classtype:trojan-activity;sid:83699516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.91.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836415/; classtype:trojan-activity;sid:83699515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836414/; classtype:trojan-activity;sid:83699514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836413/; classtype:trojan-activity;sid:83699513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836412/; classtype:trojan-activity;sid:83699512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.48.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836411/; classtype:trojan-activity;sid:83699511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.120.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836410/; classtype:trojan-activity;sid:83699510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.80.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836409/; classtype:trojan-activity;sid:83699509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.24.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836407/; classtype:trojan-activity;sid:83699507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.128.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836408/; classtype:trojan-activity;sid:83699508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.63.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836406/; classtype:trojan-activity;sid:83699506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836404/; classtype:trojan-activity;sid:83699504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836405/; classtype:trojan-activity;sid:83699505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.16.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836403/; classtype:trojan-activity;sid:83699503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.173.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836401/; classtype:trojan-activity;sid:83699501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.221.58.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836402/; classtype:trojan-activity;sid:83699502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.118.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836399/; classtype:trojan-activity;sid:83699499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.100.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836400/; classtype:trojan-activity;sid:83699500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.3.239"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836398/; classtype:trojan-activity;sid:83699498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.120.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836397/; classtype:trojan-activity;sid:83699497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.233.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836396/; classtype:trojan-activity;sid:83699496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.237.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836395/; classtype:trojan-activity;sid:83699495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.173.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836394/; classtype:trojan-activity;sid:83699494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.44.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836393/; classtype:trojan-activity;sid:83699493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.73.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836392/; classtype:trojan-activity;sid:83699492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.72.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836391/; classtype:trojan-activity;sid:83699491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.205.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836389/; classtype:trojan-activity;sid:83699489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.9.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836390/; classtype:trojan-activity;sid:83699490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836388/; classtype:trojan-activity;sid:83699488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.72.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836387/; classtype:trojan-activity;sid:83699487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.44.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836386/; classtype:trojan-activity;sid:83699486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.24.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836384/; classtype:trojan-activity;sid:83699484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.222.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836385/; classtype:trojan-activity;sid:83699485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.9.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836383/; classtype:trojan-activity;sid:83699483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.3.239"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836382/; classtype:trojan-activity;sid:83699482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836381/; classtype:trojan-activity;sid:83699481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.100.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836380/; classtype:trojan-activity;sid:83699480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.73.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836379/; classtype:trojan-activity;sid:83699479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.173.94.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836378/; classtype:trojan-activity;sid:83699478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.99.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836377/; classtype:trojan-activity;sid:83699477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.222.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836376/; classtype:trojan-activity;sid:83699476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.130"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836375/; classtype:trojan-activity;sid:83699475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.233.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836374/; classtype:trojan-activity;sid:83699474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836373/; classtype:trojan-activity;sid:83699473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.20.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836372/; classtype:trojan-activity;sid:83699472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.52.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836371/; classtype:trojan-activity;sid:83699471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836369/; classtype:trojan-activity;sid:83699469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.154.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836370/; classtype:trojan-activity;sid:83699470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.44.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836368/; classtype:trojan-activity;sid:83699468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.244.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836367/; classtype:trojan-activity;sid:83699467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.148.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836366/; classtype:trojan-activity;sid:83699466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.39.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836365/; classtype:trojan-activity;sid:83699465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.191.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836364/; classtype:trojan-activity;sid:83699464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.212.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836363/; classtype:trojan-activity;sid:83699463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.87.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836362/; classtype:trojan-activity;sid:83699462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.87.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836361/; classtype:trojan-activity;sid:83699461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.161.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836360/; classtype:trojan-activity;sid:83699460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836359/; classtype:trojan-activity;sid:83699459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.210.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836358/; classtype:trojan-activity;sid:83699458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.94.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836357/; classtype:trojan-activity;sid:83699457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.198.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836356/; classtype:trojan-activity;sid:83699456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.130"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836355/; classtype:trojan-activity;sid:83699455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836354/; classtype:trojan-activity;sid:83699454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.20.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836353/; classtype:trojan-activity;sid:83699453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.59.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836352/; classtype:trojan-activity;sid:83699452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.79.188.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836351/; classtype:trojan-activity;sid:83699451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.110.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836350/; classtype:trojan-activity;sid:83699450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.99.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836349/; classtype:trojan-activity;sid:83699449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.163.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836348/; classtype:trojan-activity;sid:83699448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.212.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836347/; classtype:trojan-activity;sid:83699447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.8.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836346/; classtype:trojan-activity;sid:83699446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836345/; classtype:trojan-activity;sid:83699445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.161.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836344/; classtype:trojan-activity;sid:83699444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.247.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836341/; classtype:trojan-activity;sid:83699441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.152.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836342/; classtype:trojan-activity;sid:83699442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.92.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836343/; classtype:trojan-activity;sid:83699443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.110.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836340/; classtype:trojan-activity;sid:83699440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.188.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836339/; classtype:trojan-activity;sid:83699439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.127.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836338/; classtype:trojan-activity;sid:83699438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.107.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836337/; classtype:trojan-activity;sid:83699437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.79.188.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836336/; classtype:trojan-activity;sid:83699436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836335/; classtype:trojan-activity;sid:83699435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.151.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836334/; classtype:trojan-activity;sid:83699434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.118.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836333/; classtype:trojan-activity;sid:83699433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.235"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836332/; classtype:trojan-activity;sid:83699432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.220.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836330/; classtype:trojan-activity;sid:83699430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.168.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836331/; classtype:trojan-activity;sid:83699431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.86.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836329/; classtype:trojan-activity;sid:83699429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.93.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836328/; classtype:trojan-activity;sid:83699428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836327/; classtype:trojan-activity;sid:83699427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.177.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836326/; classtype:trojan-activity;sid:83699426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.231.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836325/; classtype:trojan-activity;sid:83699425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.53.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836324/; classtype:trojan-activity;sid:83699424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.229.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836321/; classtype:trojan-activity;sid:83699421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.32.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836322/; classtype:trojan-activity;sid:83699422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.229.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836323/; classtype:trojan-activity;sid:83699423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.127.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836320/; classtype:trojan-activity;sid:83699420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.150.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836319/; classtype:trojan-activity;sid:83699419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.86.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836318/; classtype:trojan-activity;sid:83699418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.107.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836317/; classtype:trojan-activity;sid:83699417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"zea.demo.betterbuiltdogs.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836315/; classtype:trojan-activity;sid:83699415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"lmr.demo.betterbuiltdogs.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836316/; classtype:trojan-activity;sid:83699416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669205086|3f|hash=pd9zt2zzvcph9sldb2fswbziw6fxpaajen5rkvravxw|7c|26|7c|dl=ovdzz8owdqmnba9d0lucmoo6gorzi72fnogy4ludzjk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836314/; classtype:trojan-activity;sid:83699414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.168.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836313/; classtype:trojan-activity;sid:83699413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.118.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836312/; classtype:trojan-activity;sid:83699412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.235"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836311/; classtype:trojan-activity;sid:83699411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836310/; classtype:trojan-activity;sid:83699410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.128.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836309/; classtype:trojan-activity;sid:83699409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.63.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836308/; classtype:trojan-activity;sid:83699408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.55.235.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836306/; classtype:trojan-activity;sid:83699406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.92.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836307/; classtype:trojan-activity;sid:83699407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.163.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836305/; classtype:trojan-activity;sid:83699405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.93.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836304/; classtype:trojan-activity;sid:83699404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.121.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836303/; classtype:trojan-activity;sid:83699403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.204.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836302/; classtype:trojan-activity;sid:83699402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.38.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836301/; classtype:trojan-activity;sid:83699401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836300/; classtype:trojan-activity;sid:83699400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.86.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836299/; classtype:trojan-activity;sid:83699399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.217.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836298/; classtype:trojan-activity;sid:83699398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.235.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836297/; classtype:trojan-activity;sid:83699397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.128.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836296/; classtype:trojan-activity;sid:83699396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836295/; classtype:trojan-activity;sid:83699395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836294/; classtype:trojan-activity;sid:83699394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.74.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836293/; classtype:trojan-activity;sid:83699393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.113.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836292/; classtype:trojan-activity;sid:83699392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.125.121.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836291/; classtype:trojan-activity;sid:83699391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.6.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836290/; classtype:trojan-activity;sid:83699390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.45.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836289/; classtype:trojan-activity;sid:83699389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.154.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836287/; classtype:trojan-activity;sid:83699387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836288/; classtype:trojan-activity;sid:83699388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836286/; classtype:trojan-activity;sid:83699386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836285/; classtype:trojan-activity;sid:83699385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.155.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836283/; classtype:trojan-activity;sid:83699383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.224.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836284/; classtype:trojan-activity;sid:83699384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.192.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836282/; classtype:trojan-activity;sid:83699382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.83.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836281/; classtype:trojan-activity;sid:83699381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.128.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836279/; classtype:trojan-activity;sid:83699379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.69.217.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836280/; classtype:trojan-activity;sid:83699380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.252.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836278/; classtype:trojan-activity;sid:83699378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.71.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836276/; classtype:trojan-activity;sid:83699376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.242.46.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836277/; classtype:trojan-activity;sid:83699377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669204581|3f|hash=qb6kdand09kpcmq06ednonfmrz2o4z6mtkvzzdsukhx|7c|26|7c|dl=3kbco67z1uvuzfgdbbqzp5iacgfit5jdfztsz0l9gnw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836275/; classtype:trojan-activity;sid:83699375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.154.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836274/; classtype:trojan-activity;sid:83699374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.155.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836273/; classtype:trojan-activity;sid:83699373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.128.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836272/; classtype:trojan-activity;sid:83699372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.68.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836271/; classtype:trojan-activity;sid:83699371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.120.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836270/; classtype:trojan-activity;sid:83699370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836269/; classtype:trojan-activity;sid:83699369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.56.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836268/; classtype:trojan-activity;sid:83699368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.147.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836267/; classtype:trojan-activity;sid:83699367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.246.205.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836266/; classtype:trojan-activity;sid:83699366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.16.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836265/; classtype:trojan-activity;sid:83699365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.111.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836264/; classtype:trojan-activity;sid:83699364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.191.102.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836263/; classtype:trojan-activity;sid:83699363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836262/; classtype:trojan-activity;sid:83699362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.120.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836261/; classtype:trojan-activity;sid:83699361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teana/simon.exe"; depth:16; endswith; nocase; http.host; content:"5.42.96.7"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836260/; classtype:trojan-activity;sid:83699360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836259/; classtype:trojan-activity;sid:83699359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.195.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836258/; classtype:trojan-activity;sid:83699358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.246.15.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836257/; classtype:trojan-activity;sid:83699357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.84.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836255/; classtype:trojan-activity;sid:83699355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.19.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836256/; classtype:trojan-activity;sid:83699356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.146.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836254/; classtype:trojan-activity;sid:83699354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836253/; classtype:trojan-activity;sid:83699353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836252/; classtype:trojan-activity;sid:83699352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.245.177.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836251/; classtype:trojan-activity;sid:83699351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836250/; classtype:trojan-activity;sid:83699350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-amd64"; depth:11; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836249/; classtype:trojan-activity;sid:83699349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836248/; classtype:trojan-activity;sid:83699348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836245/; classtype:trojan-activity;sid:83699345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836246/; classtype:trojan-activity;sid:83699346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836247/; classtype:trojan-activity;sid:83699347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836236/; classtype:trojan-activity;sid:83699336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836237/; classtype:trojan-activity;sid:83699337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sinfull"; depth:16; endswith; nocase; http.host; content:"94.103.124.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836238/; classtype:trojan-activity;sid:83699338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sinfull"; depth:16; endswith; nocase; http.host; content:"94.103.124.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836239/; classtype:trojan-activity;sid:83699339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sinfull"; depth:16; endswith; nocase; http.host; content:"94.103.124.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836240/; classtype:trojan-activity;sid:83699340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.i686"; depth:13; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836241/; classtype:trojan-activity;sid:83699341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836242/; classtype:trojan-activity;sid:83699342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836243/; classtype:trojan-activity;sid:83699343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libgcc_s.so.1"; depth:14; endswith; nocase; http.host; content:"lax01.moejiang.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836244/; classtype:trojan-activity;sid:83699344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836231/; classtype:trojan-activity;sid:83699331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836232/; classtype:trojan-activity;sid:83699332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sinfull"; depth:16; endswith; nocase; http.host; content:"94.103.124.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836233/; classtype:trojan-activity;sid:83699333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836234/; classtype:trojan-activity;sid:83699334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.172.128.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836235/; classtype:trojan-activity;sid:83699335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836227/; classtype:trojan-activity;sid:83699327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836228/; classtype:trojan-activity;sid:83699328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68"; depth:12; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836229/; classtype:trojan-activity;sid:83699329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836230/; classtype:trojan-activity;sid:83699330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sinfull"; depth:16; endswith; nocase; http.host; content:"94.103.124.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836221/; classtype:trojan-activity;sid:83699321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836222/; classtype:trojan-activity;sid:83699322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836223/; classtype:trojan-activity;sid:83699323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836224/; classtype:trojan-activity;sid:83699324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836225/; classtype:trojan-activity;sid:83699325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836226/; classtype:trojan-activity;sid:83699326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836216/; classtype:trojan-activity;sid:83699316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836217/; classtype:trojan-activity;sid:83699317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sinfull"; depth:16; endswith; nocase; http.host; content:"94.103.124.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836218/; classtype:trojan-activity;sid:83699318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836219/; classtype:trojan-activity;sid:83699319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836220/; classtype:trojan-activity;sid:83699320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836212/; classtype:trojan-activity;sid:83699312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836213/; classtype:trojan-activity;sid:83699313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836214/; classtype:trojan-activity;sid:83699314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836215/; classtype:trojan-activity;sid:83699315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836208/; classtype:trojan-activity;sid:83699308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836209/; classtype:trojan-activity;sid:83699309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836210/; classtype:trojan-activity;sid:83699310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836211/; classtype:trojan-activity;sid:83699311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836205/; classtype:trojan-activity;sid:83699305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836206/; classtype:trojan-activity;sid:83699306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836207/; classtype:trojan-activity;sid:83699307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836204/; classtype:trojan-activity;sid:83699304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836198/; classtype:trojan-activity;sid:83699298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836199/; classtype:trojan-activity;sid:83699299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836200/; classtype:trojan-activity;sid:83699300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836201/; classtype:trojan-activity;sid:83699301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836202/; classtype:trojan-activity;sid:83699302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sinfull"; depth:16; endswith; nocase; http.host; content:"94.103.124.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836203/; classtype:trojan-activity;sid:83699303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"5.182.211.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836195/; classtype:trojan-activity;sid:83699295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"198.98.59.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836196/; classtype:trojan-activity;sid:83699296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836197/; classtype:trojan-activity;sid:83699297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836189/; classtype:trojan-activity;sid:83699289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836190/; classtype:trojan-activity;sid:83699290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836191/; classtype:trojan-activity;sid:83699291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836192/; classtype:trojan-activity;sid:83699292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836193/; classtype:trojan-activity;sid:83699293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"45.61.185.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836194/; classtype:trojan-activity;sid:83699294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836186/; classtype:trojan-activity;sid:83699286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836187/; classtype:trojan-activity;sid:83699287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836188/; classtype:trojan-activity;sid:83699288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.spc"; depth:12; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836179/; classtype:trojan-activity;sid:83699279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.mpsl"; depth:13; endswith; nocase; http.host; content:"5.42.96.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836180/; classtype:trojan-activity;sid:83699280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836181/; classtype:trojan-activity;sid:83699281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836182/; classtype:trojan-activity;sid:83699282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836183/; classtype:trojan-activity;sid:83699283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836184/; classtype:trojan-activity;sid:83699284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"93.123.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836185/; classtype:trojan-activity;sid:83699285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836178/; classtype:trojan-activity;sid:83699278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836175/; classtype:trojan-activity;sid:83699275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836176/; classtype:trojan-activity;sid:83699276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836177/; classtype:trojan-activity;sid:83699277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sinfull"; depth:16; endswith; nocase; http.host; content:"94.103.124.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836170/; classtype:trojan-activity;sid:83699270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836171/; classtype:trojan-activity;sid:83699271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4t"; depth:14; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836172/; classtype:trojan-activity;sid:83699272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.172.128.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836173/; classtype:trojan-activity;sid:83699273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4"; depth:13; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836174/; classtype:trojan-activity;sid:83699274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836166/; classtype:trojan-activity;sid:83699266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836167/; classtype:trojan-activity;sid:83699267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836168/; classtype:trojan-activity;sid:83699268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836169/; classtype:trojan-activity;sid:83699269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836164/; classtype:trojan-activity;sid:83699264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836165/; classtype:trojan-activity;sid:83699265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836162/; classtype:trojan-activity;sid:83699262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"45.9.75.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836163/; classtype:trojan-activity;sid:83699263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836160/; classtype:trojan-activity;sid:83699260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"94.156.71.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836161/; classtype:trojan-activity;sid:83699261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836158/; classtype:trojan-activity;sid:83699258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836159/; classtype:trojan-activity;sid:83699259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.246.205.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836157/; classtype:trojan-activity;sid:83699257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.147.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836156/; classtype:trojan-activity;sid:83699256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836155/; classtype:trojan-activity;sid:83699255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.28.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836154/; classtype:trojan-activity;sid:83699254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836153/; classtype:trojan-activity;sid:83699253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836152/; classtype:trojan-activity;sid:83699252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836151/; classtype:trojan-activity;sid:83699251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.45.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836150/; classtype:trojan-activity;sid:83699250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.127.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836149/; classtype:trojan-activity;sid:83699249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.91.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836147/; classtype:trojan-activity;sid:83699247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.158.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836148/; classtype:trojan-activity;sid:83699248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.169.156.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836146/; classtype:trojan-activity;sid:83699246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.189.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836145/; classtype:trojan-activity;sid:83699245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.19.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836143/; classtype:trojan-activity;sid:83699243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.97.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836144/; classtype:trojan-activity;sid:83699244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.101.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836142/; classtype:trojan-activity;sid:83699242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.45.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836141/; classtype:trojan-activity;sid:83699241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.101.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836140/; classtype:trojan-activity;sid:83699240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836138/; classtype:trojan-activity;sid:83699238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836139/; classtype:trojan-activity;sid:83699239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.146.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836137/; classtype:trojan-activity;sid:83699237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.28.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836136/; classtype:trojan-activity;sid:83699236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.56.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836135/; classtype:trojan-activity;sid:83699235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.134.34.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836134/; classtype:trojan-activity;sid:83699234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xi0tpaxhgmsm"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836133/; classtype:trojan-activity;sid:83699233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.157.33.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836132/; classtype:trojan-activity;sid:83699232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.240.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836130/; classtype:trojan-activity;sid:83699230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.48.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836131/; classtype:trojan-activity;sid:83699231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.27.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836129/; classtype:trojan-activity;sid:83699229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.172.29.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836128/; classtype:trojan-activity;sid:83699228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.91.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836127/; classtype:trojan-activity;sid:83699227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.158.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836126/; classtype:trojan-activity;sid:83699226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.45.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836124/; classtype:trojan-activity;sid:83699224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.27.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836125/; classtype:trojan-activity;sid:83699225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.177.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836123/; classtype:trojan-activity;sid:83699223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836122/; classtype:trojan-activity;sid:83699222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.159.62.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836121/; classtype:trojan-activity;sid:83699221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.85.109"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836120/; classtype:trojan-activity;sid:83699220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.134.34.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836119/; classtype:trojan-activity;sid:83699219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.172.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836118/; classtype:trojan-activity;sid:83699218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.exe"; depth:9; endswith; nocase; http.host; content:"pedomane.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836117/; classtype:trojan-activity;sid:83699217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.117.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836116/; classtype:trojan-activity;sid:83699216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.241.19.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836115/; classtype:trojan-activity;sid:83699215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.214.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836114/; classtype:trojan-activity;sid:83699214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.245.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836113/; classtype:trojan-activity;sid:83699213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.55.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836112/; classtype:trojan-activity;sid:83699212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.172.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836111/; classtype:trojan-activity;sid:83699211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.11.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836110/; classtype:trojan-activity;sid:83699210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836109/; classtype:trojan-activity;sid:83699209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669205597|3f|hash=gvgfmtmhx0w7b0f0tafixxfkgcgl5ub1ycurzh7vqnw|7c|26|7c|dl=qy5lfjqle5uhgj3tpbakk0wyjkdgycbjnmy2055r708|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836108/; classtype:trojan-activity;sid:83699208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.152.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836107/; classtype:trojan-activity;sid:83699207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.85.109"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836106/; classtype:trojan-activity;sid:83699206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836105/; classtype:trojan-activity;sid:83699205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836104/; classtype:trojan-activity;sid:83699204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.172.29.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836103/; classtype:trojan-activity;sid:83699203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.223.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836102/; classtype:trojan-activity;sid:83699202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.19.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836101/; classtype:trojan-activity;sid:83699201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.152.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836100/; classtype:trojan-activity;sid:83699200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.191.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836099/; classtype:trojan-activity;sid:83699199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.18.69.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836098/; classtype:trojan-activity;sid:83699198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.164.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836097/; classtype:trojan-activity;sid:83699197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836096/; classtype:trojan-activity;sid:83699196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.58.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836095/; classtype:trojan-activity;sid:83699195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.249.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836094/; classtype:trojan-activity;sid:83699194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.208.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836093/; classtype:trojan-activity;sid:83699193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836092/; classtype:trojan-activity;sid:83699192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.130.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836091/; classtype:trojan-activity;sid:83699191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.75.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836090/; classtype:trojan-activity;sid:83699190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.249.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836089/; classtype:trojan-activity;sid:83699189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.21.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836088/; classtype:trojan-activity;sid:83699188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.74.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836085/; classtype:trojan-activity;sid:83699185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.211.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836086/; classtype:trojan-activity;sid:83699186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.235.45.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836087/; classtype:trojan-activity;sid:83699187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.187.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836084/; classtype:trojan-activity;sid:83699184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.193.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836083/; classtype:trojan-activity;sid:83699183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836082/; classtype:trojan-activity;sid:83699182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.244.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836081/; classtype:trojan-activity;sid:83699181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836080/; classtype:trojan-activity;sid:83699180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.75.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836079/; classtype:trojan-activity;sid:83699179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.248.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836078/; classtype:trojan-activity;sid:83699178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836077/; classtype:trojan-activity;sid:83699177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.183.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836076/; classtype:trojan-activity;sid:83699176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.208.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836075/; classtype:trojan-activity;sid:83699175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836073/; classtype:trojan-activity;sid:83699173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836074/; classtype:trojan-activity;sid:83699174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.42.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836072/; classtype:trojan-activity;sid:83699172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.204.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836071/; classtype:trojan-activity;sid:83699171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.29.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836070/; classtype:trojan-activity;sid:83699170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"kkcmk.demo.betterbuiltdogs.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836069/; classtype:trojan-activity;sid:83699169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.235.45.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836068/; classtype:trojan-activity;sid:83699168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669204032|3f|hash=zqqoetxzryzwab3andqt1tim9tr2ws3n7rhywxlxo1h|7c|26|7c|dl=tmzbgjr3cazs2rytafpmkezzepvktrdex40hxspdxto|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836067/; classtype:trojan-activity;sid:83699167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.176.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836066/; classtype:trojan-activity;sid:83699166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xkmer5ygtxja"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836065/; classtype:trojan-activity;sid:83699165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.108.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836064/; classtype:trojan-activity;sid:83699164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836063/; classtype:trojan-activity;sid:83699163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836062/; classtype:trojan-activity;sid:83699162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.203.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836061/; classtype:trojan-activity;sid:83699161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.178.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836060/; classtype:trojan-activity;sid:83699160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.182.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836059/; classtype:trojan-activity;sid:83699159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.248.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836058/; classtype:trojan-activity;sid:83699158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.211.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836057/; classtype:trojan-activity;sid:83699157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836056/; classtype:trojan-activity;sid:83699156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.28.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836055/; classtype:trojan-activity;sid:83699155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.183.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836054/; classtype:trojan-activity;sid:83699154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.122.239.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836053/; classtype:trojan-activity;sid:83699153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.225.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836052/; classtype:trojan-activity;sid:83699152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.70.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836051/; classtype:trojan-activity;sid:83699151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836050/; classtype:trojan-activity;sid:83699150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.72.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836046/; classtype:trojan-activity;sid:83699146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.198.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836047/; classtype:trojan-activity;sid:83699147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.163.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836048/; classtype:trojan-activity;sid:83699148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.29.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836049/; classtype:trojan-activity;sid:83699149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.187.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836045/; classtype:trojan-activity;sid:83699145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.8.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836044/; classtype:trojan-activity;sid:83699144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.83.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836043/; classtype:trojan-activity;sid:83699143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.72.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836042/; classtype:trojan-activity;sid:83699142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.67.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836041/; classtype:trojan-activity;sid:83699141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.30.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836040/; classtype:trojan-activity;sid:83699140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.94.31.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836039/; classtype:trojan-activity;sid:83699139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.178.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836038/; classtype:trojan-activity;sid:83699138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.56.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836037/; classtype:trojan-activity;sid:83699137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.102.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836036/; classtype:trojan-activity;sid:83699136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836035/; classtype:trojan-activity;sid:83699135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.200.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836033/; classtype:trojan-activity;sid:83699133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.8.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836034/; classtype:trojan-activity;sid:83699134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.88.108.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836032/; classtype:trojan-activity;sid:83699132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.67.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836031/; classtype:trojan-activity;sid:83699131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.122.239.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836030/; classtype:trojan-activity;sid:83699130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.163.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836029/; classtype:trojan-activity;sid:83699129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.251.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836028/; classtype:trojan-activity;sid:83699128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.175.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836027/; classtype:trojan-activity;sid:83699127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.51.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836026/; classtype:trojan-activity;sid:83699126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.245.255.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836025/; classtype:trojan-activity;sid:83699125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.94.31.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836024/; classtype:trojan-activity;sid:83699124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.144.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836023/; classtype:trojan-activity;sid:83699123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.102.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836022/; classtype:trojan-activity;sid:83699122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.245.255.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836021/; classtype:trojan-activity;sid:83699121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.251.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836020/; classtype:trojan-activity;sid:83699120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.210.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836019/; classtype:trojan-activity;sid:83699119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.83.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836018/; classtype:trojan-activity;sid:83699118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.237.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836017/; classtype:trojan-activity;sid:83699117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.56.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836015/; classtype:trojan-activity;sid:83699115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.144.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836016/; classtype:trojan-activity;sid:83699116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.227.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836014/; classtype:trojan-activity;sid:83699114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.170.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836013/; classtype:trojan-activity;sid:83699113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.34.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836011/; classtype:trojan-activity;sid:83699111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.241.227.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836012/; classtype:trojan-activity;sid:83699112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.83.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836010/; classtype:trojan-activity;sid:83699110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836009/; classtype:trojan-activity;sid:83699109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.69.155.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836007/; classtype:trojan-activity;sid:83699107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.251.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836008/; classtype:trojan-activity;sid:83699108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.210.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836006/; classtype:trojan-activity;sid:83699106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.83.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836005/; classtype:trojan-activity;sid:83699105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.10.12.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836004/; classtype:trojan-activity;sid:83699104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xmmhxgu4rhxy"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836002/; classtype:trojan-activity;sid:83699102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xgqzcc9lz5ad"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836003/; classtype:trojan-activity;sid:83699103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836001/; classtype:trojan-activity;sid:83699101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.28.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836000/; classtype:trojan-activity;sid:83699100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835999/; classtype:trojan-activity;sid:83699099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.56.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835998/; classtype:trojan-activity;sid:83699098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.251.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835997/; classtype:trojan-activity;sid:83699097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.240.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835996/; classtype:trojan-activity;sid:83699096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.227.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835995/; classtype:trojan-activity;sid:83699095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.158.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835994/; classtype:trojan-activity;sid:83699094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.63.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835993/; classtype:trojan-activity;sid:83699093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.61.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835992/; classtype:trojan-activity;sid:83699092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.175.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835991/; classtype:trojan-activity;sid:83699091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/game/index.php"; depth:15; endswith; nocase; http.host; content:"house-rm.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835990/; classtype:trojan-activity;sid:83699090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.19.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835989/; classtype:trojan-activity;sid:83699089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.121.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835987/; classtype:trojan-activity;sid:83699087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.28.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835988/; classtype:trojan-activity;sid:83699088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.162.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835986/; classtype:trojan-activity;sid:83699086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.228.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835983/; classtype:trojan-activity;sid:83699083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.196.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835984/; classtype:trojan-activity;sid:83699084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.166.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835985/; classtype:trojan-activity;sid:83699085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.7.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835982/; classtype:trojan-activity;sid:83699082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835981/; classtype:trojan-activity;sid:83699081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.131.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835978/; classtype:trojan-activity;sid:83699078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.232.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835979/; classtype:trojan-activity;sid:83699079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.181.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835980/; classtype:trojan-activity;sid:83699080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.113.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835977/; classtype:trojan-activity;sid:83699077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835976/; classtype:trojan-activity;sid:83699076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.162.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835975/; classtype:trojan-activity;sid:83699075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.158.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835974/; classtype:trojan-activity;sid:83699074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.15.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835973/; classtype:trojan-activity;sid:83699073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.188.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835971/; classtype:trojan-activity;sid:83699071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.19.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835972/; classtype:trojan-activity;sid:83699072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.53.218.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835970/; classtype:trojan-activity;sid:83699070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835969/; classtype:trojan-activity;sid:83699069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.166.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835968/; classtype:trojan-activity;sid:83699068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.166.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835967/; classtype:trojan-activity;sid:83699067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.71.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835966/; classtype:trojan-activity;sid:83699066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835965/; classtype:trojan-activity;sid:83699065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.152.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835964/; classtype:trojan-activity;sid:83699064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.212.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835961/; classtype:trojan-activity;sid:83699061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.217.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835962/; classtype:trojan-activity;sid:83699062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.15.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835963/; classtype:trojan-activity;sid:83699063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.94.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835960/; classtype:trojan-activity;sid:83699060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.138.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835959/; classtype:trojan-activity;sid:83699059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.70.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835955/; classtype:trojan-activity;sid:83699055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.43.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835956/; classtype:trojan-activity;sid:83699056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.119.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835957/; classtype:trojan-activity;sid:83699057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.151.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835958/; classtype:trojan-activity;sid:83699058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.47.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835954/; classtype:trojan-activity;sid:83699054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.31.67.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835953/; classtype:trojan-activity;sid:83699053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.250.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835952/; classtype:trojan-activity;sid:83699052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.71.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835951/; classtype:trojan-activity;sid:83699051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ixvj.catching.fishingrealinvestments.com"; depth:40; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835950/; classtype:trojan-activity;sid:83699050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.194.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835949/; classtype:trojan-activity;sid:83699049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.37.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835948/; classtype:trojan-activity;sid:83699048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835947/; classtype:trojan-activity;sid:83699047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835945/; classtype:trojan-activity;sid:83699045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.186.40.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835946/; classtype:trojan-activity;sid:83699046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.118.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835944/; classtype:trojan-activity;sid:83699044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.217.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835943/; classtype:trojan-activity;sid:83699043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835942/; classtype:trojan-activity;sid:83699042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.224.246.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835941/; classtype:trojan-activity;sid:83699041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.74.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835940/; classtype:trojan-activity;sid:83699040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.250.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835939/; classtype:trojan-activity;sid:83699039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.94.31.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835938/; classtype:trojan-activity;sid:83699038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.253.218.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835937/; classtype:trojan-activity;sid:83699037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.170.49.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835936/; classtype:trojan-activity;sid:83699036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"167.172.105.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835934/; classtype:trojan-activity;sid:83699034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"167.172.105.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835935/; classtype:trojan-activity;sid:83699035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.74.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835933/; classtype:trojan-activity;sid:83699033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.244.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835932/; classtype:trojan-activity;sid:83699032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835931/; classtype:trojan-activity;sid:83699031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.204.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835930/; classtype:trojan-activity;sid:83699030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.69.155.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835929/; classtype:trojan-activity;sid:83699029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.236.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835928/; classtype:trojan-activity;sid:83699028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.118.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835927/; classtype:trojan-activity;sid:83699027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835926/; classtype:trojan-activity;sid:83699026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.117.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835925/; classtype:trojan-activity;sid:83699025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.24.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835924/; classtype:trojan-activity;sid:83699024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xpmumnkrmzynrk242.bin"; depth:22; endswith; nocase; http.host; content:"enelltd.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835923/; classtype:trojan-activity;sid:83699023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/ef2ic/build22.exe"; depth:22; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835922/; classtype:trojan-activity;sid:83699022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835921/; classtype:trojan-activity;sid:83699021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.31.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835920/; classtype:trojan-activity;sid:83699020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ojug.demo.betterbuiltdogs.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835919/; classtype:trojan-activity;sid:83699019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.232.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835918/; classtype:trojan-activity;sid:83699018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.24.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835917/; classtype:trojan-activity;sid:83699017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.189.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835916/; classtype:trojan-activity;sid:83699016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.253.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835915/; classtype:trojan-activity;sid:83699015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.76.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835914/; classtype:trojan-activity;sid:83699014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.95.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835913/; classtype:trojan-activity;sid:83699013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.206.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835912/; classtype:trojan-activity;sid:83699012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.106.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835911/; classtype:trojan-activity;sid:83699011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.80.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835910/; classtype:trojan-activity;sid:83699010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.214.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835909/; classtype:trojan-activity;sid:83699009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.232.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835908/; classtype:trojan-activity;sid:83699008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.76.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835907/; classtype:trojan-activity;sid:83699007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.80.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835906/; classtype:trojan-activity;sid:83699006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.0.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835905/; classtype:trojan-activity;sid:83699005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.112.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835904/; classtype:trojan-activity;sid:83699004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835903/; classtype:trojan-activity;sid:83699003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669191683|3f|hash=kgc2v40zrx8qex51avaygvlsrnanpkezj8ayjho8icx|7c|26|7c|dl=b6q8yxpseafzvu9jjbfn1a3csaifqq9bl2nhqazfqxt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835902/; classtype:trojan-activity;sid:83699002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.164.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835900/; classtype:trojan-activity;sid:83699000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835901/; classtype:trojan-activity;sid:83699001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.34.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835894/; classtype:trojan-activity;sid:83698994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.214.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835895/; classtype:trojan-activity;sid:83698995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835896/; classtype:trojan-activity;sid:83698996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.148.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835897/; classtype:trojan-activity;sid:83698997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.30.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835898/; classtype:trojan-activity;sid:83698998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835899/; classtype:trojan-activity;sid:83698999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.108.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835885/; classtype:trojan-activity;sid:83698985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.31.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835886/; classtype:trojan-activity;sid:83698986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835887/; classtype:trojan-activity;sid:83698987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.34.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835888/; classtype:trojan-activity;sid:83698988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835889/; classtype:trojan-activity;sid:83698989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.203.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835890/; classtype:trojan-activity;sid:83698990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835891/; classtype:trojan-activity;sid:83698991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835892/; classtype:trojan-activity;sid:83698992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.112.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835893/; classtype:trojan-activity;sid:83698993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.194.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835878/; classtype:trojan-activity;sid:83698978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.194.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835879/; classtype:trojan-activity;sid:83698979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.240.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835880/; classtype:trojan-activity;sid:83698980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.96.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835881/; classtype:trojan-activity;sid:83698981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.15.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835882/; classtype:trojan-activity;sid:83698982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.96.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835883/; classtype:trojan-activity;sid:83698983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.212.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835884/; classtype:trojan-activity;sid:83698984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.70.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835877/; classtype:trojan-activity;sid:83698977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835876/; classtype:trojan-activity;sid:83698976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835875/; classtype:trojan-activity;sid:83698975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835874/; classtype:trojan-activity;sid:83698974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835873/; classtype:trojan-activity;sid:83698973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835872/; classtype:trojan-activity;sid:83698972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835871/; classtype:trojan-activity;sid:83698971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835870/; classtype:trojan-activity;sid:83698970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835869/; classtype:trojan-activity;sid:83698969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835868/; classtype:trojan-activity;sid:83698968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835867/; classtype:trojan-activity;sid:83698967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835866/; classtype:trojan-activity;sid:83698966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835865/; classtype:trojan-activity;sid:83698965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835864/; classtype:trojan-activity;sid:83698964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835863/; classtype:trojan-activity;sid:83698963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835861/; classtype:trojan-activity;sid:83698961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835862/; classtype:trojan-activity;sid:83698962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835860/; classtype:trojan-activity;sid:83698960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835859/; classtype:trojan-activity;sid:83698959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835858/; classtype:trojan-activity;sid:83698958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835857/; classtype:trojan-activity;sid:83698957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835856/; classtype:trojan-activity;sid:83698956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835855/; classtype:trojan-activity;sid:83698955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835854/; classtype:trojan-activity;sid:83698954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835853/; classtype:trojan-activity;sid:83698953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835852/; classtype:trojan-activity;sid:83698952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835851/; classtype:trojan-activity;sid:83698951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835850/; classtype:trojan-activity;sid:83698950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835849/; classtype:trojan-activity;sid:83698949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835848/; classtype:trojan-activity;sid:83698948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835847/; classtype:trojan-activity;sid:83698947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835846/; classtype:trojan-activity;sid:83698946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835845/; classtype:trojan-activity;sid:83698945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835841/; classtype:trojan-activity;sid:83698941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835842/; classtype:trojan-activity;sid:83698942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835843/; classtype:trojan-activity;sid:83698943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835844/; classtype:trojan-activity;sid:83698944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835840/; classtype:trojan-activity;sid:83698940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mm.exe"; depth:7; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835839/; classtype:trojan-activity;sid:83698939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ant.txt"; depth:8; endswith; nocase; http.host; content:"94.156.79.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835838/; classtype:trojan-activity;sid:83698938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835837/; classtype:trojan-activity;sid:83698937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835835/; classtype:trojan-activity;sid:83698935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.105.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835836/; classtype:trojan-activity;sid:83698936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835834/; classtype:trojan-activity;sid:83698934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mm.elf"; depth:7; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835830/; classtype:trojan-activity;sid:83698930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mm2.elf"; depth:8; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835831/; classtype:trojan-activity;sid:83698931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sessions"; depth:9; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835832/; classtype:trojan-activity;sid:83698932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835833/; classtype:trojan-activity;sid:83698933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v.txt"; depth:6; endswith; nocase; http.host; content:"94.156.79.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835829/; classtype:trojan-activity;sid:83698929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.86.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835827/; classtype:trojan-activity;sid:83698927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835828/; classtype:trojan-activity;sid:83698928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mm2.exe"; depth:8; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835825/; classtype:trojan-activity;sid:83698925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.35.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835826/; classtype:trojan-activity;sid:83698926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.189.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835824/; classtype:trojan-activity;sid:83698924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835823/; classtype:trojan-activity;sid:83698923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.178.80.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835822/; classtype:trojan-activity;sid:83698922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ib4.jpg"; depth:8; endswith; nocase; http.host; content:"94.156.79.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835821/; classtype:trojan-activity;sid:83698921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.169.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835819/; classtype:trojan-activity;sid:83698919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtls.exe"; depth:9; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835820/; classtype:trojan-activity;sid:83698920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9020/beautifulrosepictureforcuple.gif"; depth:38; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835818/; classtype:trojan-activity;sid:83698918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835817/; classtype:trojan-activity;sid:83698917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xa6niqxa4ivt"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835815/; classtype:trojan-activity;sid:83698915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.78.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835816/; classtype:trojan-activity;sid:83698916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.213.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835814/; classtype:trojan-activity;sid:83698914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.212.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835813/; classtype:trojan-activity;sid:83698913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835807/; classtype:trojan-activity;sid:83698907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hsts.exe"; depth:9; endswith; nocase; http.host; content:"167.71.205.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835808/; classtype:trojan-activity;sid:83698908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.35.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835809/; classtype:trojan-activity;sid:83698909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.80.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835810/; classtype:trojan-activity;sid:83698910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835811/; classtype:trojan-activity;sid:83698911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup/project/"; depth:16; endswith; nocase; http.host; content:"heko.ro"; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835812/; classtype:trojan-activity;sid:83698912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.5.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835805/; classtype:trojan-activity;sid:83698905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.54.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835806/; classtype:trojan-activity;sid:83698906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835804/; classtype:trojan-activity;sid:83698904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.217.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835800/; classtype:trojan-activity;sid:83698900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.151.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835801/; classtype:trojan-activity;sid:83698901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xwuiws01uiwz"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835802/; classtype:trojan-activity;sid:83698902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835803/; classtype:trojan-activity;sid:83698903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/het.jpg"; depth:8; endswith; nocase; http.host; content:"85.239.240.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835797/; classtype:trojan-activity;sid:83698897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gdd3.txt"; depth:9; endswith; nocase; http.host; content:"198.12.81.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835798/; classtype:trojan-activity;sid:83698898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835799/; classtype:trojan-activity;sid:83698899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/images/images/img.jpg"; depth:31; endswith; nocase; http.host; content:"totalhorsehealth.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835795/; classtype:trojan-activity;sid:83698895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.105.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835796/; classtype:trojan-activity;sid:83698896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.136.88.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835794/; classtype:trojan-activity;sid:83698894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.215.205.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835793/; classtype:trojan-activity;sid:83698893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85.apk"; depth:7; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835790/; classtype:trojan-activity;sid:83698890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backgroundremover-setup.exe"; depth:28; endswith; nocase; http.host; content:"lallavedelajuderia.es"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835791/; classtype:trojan-activity;sid:83698891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9020/kbo/beautifulroseipictureiseenitsshowingasabeautifulflowerwhichcomingfromtheworldanditsshowinghowbeautiful___sheiswhenthatroseonhairbeautiful.doc"; depth:151; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835792/; classtype:trojan-activity;sid:83698892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835789/; classtype:trojan-activity;sid:83698889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.252.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835788/; classtype:trojan-activity;sid:83698888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.222.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835787/; classtype:trojan-activity;sid:83698887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flash.cn.exe"; depth:13; endswith; nocase; http.host; content:"152.136.35.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835784/; classtype:trojan-activity;sid:83698884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.34.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835785/; classtype:trojan-activity;sid:83698885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835786/; classtype:trojan-activity;sid:83698886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.223.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835783/; classtype:trojan-activity;sid:83698883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.41.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835781/; classtype:trojan-activity;sid:83698881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i4.txt"; depth:7; endswith; nocase; http.host; content:"94.156.79.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835782/; classtype:trojan-activity;sid:83698882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83.apk"; depth:7; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835780/; classtype:trojan-activity;sid:83698880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.txt"; depth:6; endswith; nocase; http.host; content:"94.156.79.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835776/; classtype:trojan-activity;sid:83698876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9020/kbff.txt"; depth:14; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835777/; classtype:trojan-activity;sid:83698877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fucked.txt"; depth:11; endswith; nocase; http.host; content:"85.239.240.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835778/; classtype:trojan-activity;sid:83698878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.jpg"; depth:6; endswith; nocase; http.host; content:"198.12.81.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835779/; classtype:trojan-activity;sid:83698879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.11.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835775/; classtype:trojan-activity;sid:83698875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.27.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835769/; classtype:trojan-activity;sid:83698869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.10.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835770/; classtype:trojan-activity;sid:83698870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.136.88.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835771/; classtype:trojan-activity;sid:83698871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.149.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835772/; classtype:trojan-activity;sid:83698872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.149.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835773/; classtype:trojan-activity;sid:83698873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.178.80.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835774/; classtype:trojan-activity;sid:83698874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whqwpyhkpfairrmb.jpg"; depth:21; endswith; nocase; http.host; content:"104.243.38.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835763/; classtype:trojan-activity;sid:83698863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.151.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835764/; classtype:trojan-activity;sid:83698864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.86.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835765/; classtype:trojan-activity;sid:83698865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.241.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835766/; classtype:trojan-activity;sid:83698866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/0fq71"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835767/; classtype:trojan-activity;sid:83698867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ib.jpg"; depth:8; endswith; nocase; http.host; content:"94.156.79.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835768/; classtype:trojan-activity;sid:83698868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgaltypqicmixdhx.txt"; depth:21; endswith; nocase; http.host; content:"104.243.38.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835760/; classtype:trojan-activity;sid:83698860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/44.txt"; depth:7; endswith; nocase; http.host; content:"198.12.81.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835761/; classtype:trojan-activity;sid:83698861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.50.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835762/; classtype:trojan-activity;sid:83698862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835758/; classtype:trojan-activity;sid:83698858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/go.sh"; depth:6; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835759/; classtype:trojan-activity;sid:83698859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82.apk"; depth:7; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835755/; classtype:trojan-activity;sid:83698855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84.apk"; depth:7; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835756/; classtype:trojan-activity;sid:83698856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86.apk"; depth:7; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835757/; classtype:trojan-activity;sid:83698857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835754/; classtype:trojan-activity;sid:83698854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835753/; classtype:trojan-activity;sid:83698853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835752/; classtype:trojan-activity;sid:83698852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835751/; classtype:trojan-activity;sid:83698851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835750/; classtype:trojan-activity;sid:83698850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835749/; classtype:trojan-activity;sid:83698849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835748/; classtype:trojan-activity;sid:83698848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835747/; classtype:trojan-activity;sid:83698847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835746/; classtype:trojan-activity;sid:83698846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835745/; classtype:trojan-activity;sid:83698845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835744/; classtype:trojan-activity;sid:83698844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835743/; classtype:trojan-activity;sid:83698843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835742/; classtype:trojan-activity;sid:83698842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835741/; classtype:trojan-activity;sid:83698841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835740/; classtype:trojan-activity;sid:83698840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835739/; classtype:trojan-activity;sid:83698839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835738/; classtype:trojan-activity;sid:83698838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835737/; classtype:trojan-activity;sid:83698837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835736/; classtype:trojan-activity;sid:83698836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835735/; classtype:trojan-activity;sid:83698835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835734/; classtype:trojan-activity;sid:83698834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835733/; classtype:trojan-activity;sid:83698833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835732/; classtype:trojan-activity;sid:83698832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835731/; classtype:trojan-activity;sid:83698831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835730/; classtype:trojan-activity;sid:83698830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835729/; classtype:trojan-activity;sid:83698829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835728/; classtype:trojan-activity;sid:83698828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835727/; classtype:trojan-activity;sid:83698827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835726/; classtype:trojan-activity;sid:83698826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835725/; classtype:trojan-activity;sid:83698825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835724/; classtype:trojan-activity;sid:83698824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835723/; classtype:trojan-activity;sid:83698823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835722/; classtype:trojan-activity;sid:83698822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835721/; classtype:trojan-activity;sid:83698821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835719/; classtype:trojan-activity;sid:83698819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835720/; classtype:trojan-activity;sid:83698820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835718/; classtype:trojan-activity;sid:83698818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835717/; classtype:trojan-activity;sid:83698817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835716/; classtype:trojan-activity;sid:83698816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835715/; classtype:trojan-activity;sid:83698815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835714/; classtype:trojan-activity;sid:83698814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835711/; classtype:trojan-activity;sid:83698811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835712/; classtype:trojan-activity;sid:83698812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835713/; classtype:trojan-activity;sid:83698813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835710/; classtype:trojan-activity;sid:83698810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835709/; classtype:trojan-activity;sid:83698809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835708/; classtype:trojan-activity;sid:83698808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835707/; classtype:trojan-activity;sid:83698807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835706/; classtype:trojan-activity;sid:83698806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835704/; classtype:trojan-activity;sid:83698804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835705/; classtype:trojan-activity;sid:83698805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835703/; classtype:trojan-activity;sid:83698803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835702/; classtype:trojan-activity;sid:83698802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835701/; classtype:trojan-activity;sid:83698801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835699/; classtype:trojan-activity;sid:83698799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835700/; classtype:trojan-activity;sid:83698800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835698/; classtype:trojan-activity;sid:83698798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835697/; classtype:trojan-activity;sid:83698797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835696/; classtype:trojan-activity;sid:83698796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835695/; classtype:trojan-activity;sid:83698795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835694/; classtype:trojan-activity;sid:83698794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.54.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835693/; classtype:trojan-activity;sid:83698793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835692/; classtype:trojan-activity;sid:83698792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835686/; classtype:trojan-activity;sid:83698786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835687/; classtype:trojan-activity;sid:83698787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835688/; classtype:trojan-activity;sid:83698788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835689/; classtype:trojan-activity;sid:83698789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835690/; classtype:trojan-activity;sid:83698790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835691/; classtype:trojan-activity;sid:83698791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835685/; classtype:trojan-activity;sid:83698785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835684/; classtype:trojan-activity;sid:83698784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835683/; classtype:trojan-activity;sid:83698783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835682/; classtype:trojan-activity;sid:83698782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835681/; classtype:trojan-activity;sid:83698781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835680/; classtype:trojan-activity;sid:83698780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835679/; classtype:trojan-activity;sid:83698779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835678/; classtype:trojan-activity;sid:83698778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835677/; classtype:trojan-activity;sid:83698777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835676/; classtype:trojan-activity;sid:83698776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.116.155.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835675/; classtype:trojan-activity;sid:83698775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835674/; classtype:trojan-activity;sid:83698774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835673/; classtype:trojan-activity;sid:83698773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835672/; classtype:trojan-activity;sid:83698772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835671/; classtype:trojan-activity;sid:83698771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835670/; classtype:trojan-activity;sid:83698770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835669/; classtype:trojan-activity;sid:83698769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835668/; classtype:trojan-activity;sid:83698768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835667/; classtype:trojan-activity;sid:83698767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835666/; classtype:trojan-activity;sid:83698766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835665/; classtype:trojan-activity;sid:83698765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835664/; classtype:trojan-activity;sid:83698764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835663/; classtype:trojan-activity;sid:83698763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835662/; classtype:trojan-activity;sid:83698762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835661/; classtype:trojan-activity;sid:83698761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835660/; classtype:trojan-activity;sid:83698760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835659/; classtype:trojan-activity;sid:83698759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835658/; classtype:trojan-activity;sid:83698758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835657/; classtype:trojan-activity;sid:83698757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835656/; classtype:trojan-activity;sid:83698756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835655/; classtype:trojan-activity;sid:83698755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daemon_v2.3301.apk"; depth:19; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835654/; classtype:trojan-activity;sid:83698754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835653/; classtype:trojan-activity;sid:83698753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835652/; classtype:trojan-activity;sid:83698752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835651/; classtype:trojan-activity;sid:83698751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835650/; classtype:trojan-activity;sid:83698750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835649/; classtype:trojan-activity;sid:83698749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835648/; classtype:trojan-activity;sid:83698748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835647/; classtype:trojan-activity;sid:83698747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835645/; classtype:trojan-activity;sid:83698745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835646/; classtype:trojan-activity;sid:83698746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835644/; classtype:trojan-activity;sid:83698744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835643/; classtype:trojan-activity;sid:83698743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835642/; classtype:trojan-activity;sid:83698742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835641/; classtype:trojan-activity;sid:83698741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835640/; classtype:trojan-activity;sid:83698740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835639/; classtype:trojan-activity;sid:83698739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835638/; classtype:trojan-activity;sid:83698738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835637/; classtype:trojan-activity;sid:83698737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835636/; classtype:trojan-activity;sid:83698736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.217.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835635/; classtype:trojan-activity;sid:83698735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835633/; classtype:trojan-activity;sid:83698733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835634/; classtype:trojan-activity;sid:83698734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835632/; classtype:trojan-activity;sid:83698732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835631/; classtype:trojan-activity;sid:83698731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835630/; classtype:trojan-activity;sid:83698730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835628/; classtype:trojan-activity;sid:83698728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835629/; classtype:trojan-activity;sid:83698729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.216.70.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835627/; classtype:trojan-activity;sid:83698727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.232.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835626/; classtype:trojan-activity;sid:83698726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.92.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835624/; classtype:trojan-activity;sid:83698724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.113.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835625/; classtype:trojan-activity;sid:83698725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835623/; classtype:trojan-activity;sid:83698723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835622/; classtype:trojan-activity;sid:83698722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835621/; classtype:trojan-activity;sid:83698721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835618/; classtype:trojan-activity;sid:83698718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835619/; classtype:trojan-activity;sid:83698719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835620/; classtype:trojan-activity;sid:83698720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835617/; classtype:trojan-activity;sid:83698717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835615/; classtype:trojan-activity;sid:83698715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835616/; classtype:trojan-activity;sid:83698716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835614/; classtype:trojan-activity;sid:83698714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835613/; classtype:trojan-activity;sid:83698713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835612/; classtype:trojan-activity;sid:83698712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835611/; classtype:trojan-activity;sid:83698711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835610/; classtype:trojan-activity;sid:83698710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835607/; classtype:trojan-activity;sid:83698707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835608/; classtype:trojan-activity;sid:83698708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835609/; classtype:trojan-activity;sid:83698709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835600/; classtype:trojan-activity;sid:83698700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835601/; classtype:trojan-activity;sid:83698701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835602/; classtype:trojan-activity;sid:83698702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835603/; classtype:trojan-activity;sid:83698703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835604/; classtype:trojan-activity;sid:83698704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835605/; classtype:trojan-activity;sid:83698705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835606/; classtype:trojan-activity;sid:83698706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835598/; classtype:trojan-activity;sid:83698698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835599/; classtype:trojan-activity;sid:83698699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835596/; classtype:trojan-activity;sid:83698696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835597/; classtype:trojan-activity;sid:83698697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835593/; classtype:trojan-activity;sid:83698693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835594/; classtype:trojan-activity;sid:83698694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835595/; classtype:trojan-activity;sid:83698695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835592/; classtype:trojan-activity;sid:83698692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835591/; classtype:trojan-activity;sid:83698691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835590/; classtype:trojan-activity;sid:83698690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835589/; classtype:trojan-activity;sid:83698689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835588/; classtype:trojan-activity;sid:83698688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835586/; classtype:trojan-activity;sid:83698686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835587/; classtype:trojan-activity;sid:83698687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835585/; classtype:trojan-activity;sid:83698685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835584/; classtype:trojan-activity;sid:83698684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.114.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835583/; classtype:trojan-activity;sid:83698683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.172.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835582/; classtype:trojan-activity;sid:83698682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835581/; classtype:trojan-activity;sid:83698681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835577/; classtype:trojan-activity;sid:83698677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835578/; classtype:trojan-activity;sid:83698678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835579/; classtype:trojan-activity;sid:83698679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835580/; classtype:trojan-activity;sid:83698680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835576/; classtype:trojan-activity;sid:83698676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835573/; classtype:trojan-activity;sid:83698673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835574/; classtype:trojan-activity;sid:83698674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835575/; classtype:trojan-activity;sid:83698675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835572/; classtype:trojan-activity;sid:83698672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835569/; classtype:trojan-activity;sid:83698669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835570/; classtype:trojan-activity;sid:83698670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835571/; classtype:trojan-activity;sid:83698671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835565/; classtype:trojan-activity;sid:83698665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835566/; classtype:trojan-activity;sid:83698666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835567/; classtype:trojan-activity;sid:83698667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835568/; classtype:trojan-activity;sid:83698668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835562/; classtype:trojan-activity;sid:83698662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835563/; classtype:trojan-activity;sid:83698663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835564/; classtype:trojan-activity;sid:83698664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835560/; classtype:trojan-activity;sid:83698660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835561/; classtype:trojan-activity;sid:83698661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835559/; classtype:trojan-activity;sid:83698659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835556/; classtype:trojan-activity;sid:83698656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835557/; classtype:trojan-activity;sid:83698657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835558/; classtype:trojan-activity;sid:83698658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835555/; classtype:trojan-activity;sid:83698655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835553/; classtype:trojan-activity;sid:83698653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835554/; classtype:trojan-activity;sid:83698654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835552/; classtype:trojan-activity;sid:83698652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; depth:33; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835551/; classtype:trojan-activity;sid:83698651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; depth:33; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835549/; classtype:trojan-activity;sid:83698649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; depth:33; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835550/; classtype:trojan-activity;sid:83698650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; depth:34; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835548/; classtype:trojan-activity;sid:83698648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.242.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835545/; classtype:trojan-activity;sid:83698645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opp.scr"; depth:8; endswith; nocase; http.host; content:"universalmovies.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835546/; classtype:trojan-activity;sid:83698646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835547/; classtype:trojan-activity;sid:83698647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.52.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835544/; classtype:trojan-activity;sid:83698644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.1.142"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835543/; classtype:trojan-activity;sid:83698643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.178.196.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835540/; classtype:trojan-activity;sid:83698640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.71.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835541/; classtype:trojan-activity;sid:83698641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.113.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835542/; classtype:trojan-activity;sid:83698642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.24.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835539/; classtype:trojan-activity;sid:83698639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cost/lenin.exe"; depth:15; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835538/; classtype:trojan-activity;sid:83698638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cost/sok.exe"; depth:13; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835537/; classtype:trojan-activity;sid:83698637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.166.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835536/; classtype:trojan-activity;sid:83698636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.95.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835535/; classtype:trojan-activity;sid:83698635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnnsafmwpwdxgy95.bin"; depth:21; endswith; nocase; http.host; content:"www.duelvalenza.it"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835534/; classtype:trojan-activity;sid:83698634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.113.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835533/; classtype:trojan-activity;sid:83698633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.92.82.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835531/; classtype:trojan-activity;sid:83698631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.130.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835532/; classtype:trojan-activity;sid:83698632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835530/; classtype:trojan-activity;sid:83698630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.133.165.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835529/; classtype:trojan-activity;sid:83698629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"60.18.118.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835528/; classtype:trojan-activity;sid:83698628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"113.228.145.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835527/; classtype:trojan-activity;sid:83698627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835523/; classtype:trojan-activity;sid:83698623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"42.57.217.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835524/; classtype:trojan-activity;sid:83698624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"42.57.218.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835525/; classtype:trojan-activity;sid:83698625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"113.228.147.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835526/; classtype:trojan-activity;sid:83698626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835521/; classtype:trojan-activity;sid:83698621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"113.228.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835522/; classtype:trojan-activity;sid:83698622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81.apk"; depth:7; endswith; nocase; http.host; content:"42.57.27.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835520/; classtype:trojan-activity;sid:83698620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.172.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835519/; classtype:trojan-activity;sid:83698619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.181.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835518/; classtype:trojan-activity;sid:83698618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.50.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835517/; classtype:trojan-activity;sid:83698617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.242.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835516/; classtype:trojan-activity;sid:83698616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.92.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835515/; classtype:trojan-activity;sid:83698615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/plykmde/zibbdbq101.bin"; depth:35; endswith; nocase; http.host; content:"thequirkyartman.co.uk"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835514/; classtype:trojan-activity;sid:83698614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gvv.exe"; depth:8; endswith; nocase; http.host; content:"23.94.54.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835512/; classtype:trojan-activity;sid:83698612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.5.138"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835513/; classtype:trojan-activity;sid:83698613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.190.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835511/; classtype:trojan-activity;sid:83698611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835510/; classtype:trojan-activity;sid:83698610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403311739_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835509/; classtype:trojan-activity;sid:83698609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403250811_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835494/; classtype:trojan-activity;sid:83698594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403301248_wwtt.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835495/; classtype:trojan-activity;sid:83698595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404080026_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835496/; classtype:trojan-activity;sid:83698596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404080935_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835497/; classtype:trojan-activity;sid:83698597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403180946_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835498/; classtype:trojan-activity;sid:83698598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404011554_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835499/; classtype:trojan-activity;sid:83698599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403310503_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835500/; classtype:trojan-activity;sid:83698600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404071211_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835501/; classtype:trojan-activity;sid:83698601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404040111_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835502/; classtype:trojan-activity;sid:83698602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403241003_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835503/; classtype:trojan-activity;sid:83698603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403250805_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835504/; classtype:trojan-activity;sid:83698604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403310129_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835505/; classtype:trojan-activity;sid:83698605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404081420_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835506/; classtype:trojan-activity;sid:83698606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403190714_mbjd.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835507/; classtype:trojan-activity;sid:83698607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403190950_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835508/; classtype:trojan-activity;sid:83698608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403252135_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835476/; classtype:trojan-activity;sid:83698576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404052347_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835477/; classtype:trojan-activity;sid:83698577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404062144_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835478/; classtype:trojan-activity;sid:83698578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403241336_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835479/; classtype:trojan-activity;sid:83698579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404062037_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835480/; classtype:trojan-activity;sid:83698580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403251712_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835481/; classtype:trojan-activity;sid:83698581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404062147_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835482/; classtype:trojan-activity;sid:83698582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403190040_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835483/; classtype:trojan-activity;sid:83698583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403190902_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835484/; classtype:trojan-activity;sid:83698584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404070957_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835485/; classtype:trojan-activity;sid:83698585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403311704_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835486/; classtype:trojan-activity;sid:83698586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404062248_hjgclsh.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835487/; classtype:trojan-activity;sid:83698587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404010938_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835488/; classtype:trojan-activity;sid:83698588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403260543_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835489/; classtype:trojan-activity;sid:83698589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404031458_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835490/; classtype:trojan-activity;sid:83698590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403241223_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835491/; classtype:trojan-activity;sid:83698591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403240205_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835492/; classtype:trojan-activity;sid:83698592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404012213_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835493/; classtype:trojan-activity;sid:83698593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404080940_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835445/; classtype:trojan-activity;sid:83698545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403220747_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835446/; classtype:trojan-activity;sid:83698546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403222023_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835447/; classtype:trojan-activity;sid:83698547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403221349_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835448/; classtype:trojan-activity;sid:83698548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403230623_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835449/; classtype:trojan-activity;sid:83698549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403310332_51pincha.apk"; depth:31; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835450/; classtype:trojan-activity;sid:83698550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404051054_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835451/; classtype:trojan-activity;sid:83698551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403230926_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835452/; classtype:trojan-activity;sid:83698552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403212157_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835453/; classtype:trojan-activity;sid:83698553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404081417_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835454/; classtype:trojan-activity;sid:83698554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404070641_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835455/; classtype:trojan-activity;sid:83698555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403310504_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835456/; classtype:trojan-activity;sid:83698556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403230911_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835457/; classtype:trojan-activity;sid:83698557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403270440_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835458/; classtype:trojan-activity;sid:83698558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403241959_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835459/; classtype:trojan-activity;sid:83698559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404050356_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835460/; classtype:trojan-activity;sid:83698560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404030102_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835461/; classtype:trojan-activity;sid:83698561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403190209_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835462/; classtype:trojan-activity;sid:83698562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403222004_wwtt.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835463/; classtype:trojan-activity;sid:83698563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404030306_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835464/; classtype:trojan-activity;sid:83698564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403290703_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835465/; classtype:trojan-activity;sid:83698565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403180943_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835466/; classtype:trojan-activity;sid:83698566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403251956_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835467/; classtype:trojan-activity;sid:83698567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403181410_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835468/; classtype:trojan-activity;sid:83698568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404070953_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835469/; classtype:trojan-activity;sid:83698569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404050326_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835470/; classtype:trojan-activity;sid:83698570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403191443_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835471/; classtype:trojan-activity;sid:83698571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403210234_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835472/; classtype:trojan-activity;sid:83698572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403240135_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835473/; classtype:trojan-activity;sid:83698573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404072343_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835474/; classtype:trojan-activity;sid:83698574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404081042_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835475/; classtype:trojan-activity;sid:83698575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403220917_gd7u.apk"; depth:27; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835441/; classtype:trojan-activity;sid:83698541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202404070645_anwajnq.apk"; depth:30; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835442/; classtype:trojan-activity;sid:83698542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403300153_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835443/; classtype:trojan-activity;sid:83698543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403310409_haijiashq.apk"; depth:32; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835444/; classtype:trojan-activity;sid:83698544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.apk"; depth:6; endswith; nocase; http.host; content:"flm2.vip"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835440/; classtype:trojan-activity;sid:83698540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835439/; classtype:trojan-activity;sid:83698539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835438/; classtype:trojan-activity;sid:83698538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835437/; classtype:trojan-activity;sid:83698537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.216.34.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835436/; classtype:trojan-activity;sid:83698536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835433/; classtype:trojan-activity;sid:83698533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835434/; classtype:trojan-activity;sid:83698534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835435/; classtype:trojan-activity;sid:83698535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835429/; classtype:trojan-activity;sid:83698529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835430/; classtype:trojan-activity;sid:83698530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835431/; classtype:trojan-activity;sid:83698531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835432/; classtype:trojan-activity;sid:83698532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/ryancv/demo/01/rtx.exe"; depth:41; endswith; nocase; http.host; content:"zolfaghar.info"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835427/; classtype:trojan-activity;sid:83698527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835428/; classtype:trojan-activity;sid:83698528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.181.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835424/; classtype:trojan-activity;sid:83698524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835425/; classtype:trojan-activity;sid:83698525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.228.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835426/; classtype:trojan-activity;sid:83698526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.2.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835419/; classtype:trojan-activity;sid:83698519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cost/go.exe"; depth:12; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835420/; classtype:trojan-activity;sid:83698520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.2.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835421/; classtype:trojan-activity;sid:83698521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835422/; classtype:trojan-activity;sid:83698522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.170.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835423/; classtype:trojan-activity;sid:83698523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835415/; classtype:trojan-activity;sid:83698515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.125.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835416/; classtype:trojan-activity;sid:83698516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.45.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835417/; classtype:trojan-activity;sid:83698517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iiawkakwdkaow"; depth:14; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835418/; classtype:trojan-activity;sid:83698518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.180.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835405/; classtype:trojan-activity;sid:83698505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.24.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835406/; classtype:trojan-activity;sid:83698506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835407/; classtype:trojan-activity;sid:83698507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.50.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835408/; classtype:trojan-activity;sid:83698508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.61.110.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835409/; classtype:trojan-activity;sid:83698509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.154.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835410/; classtype:trojan-activity;sid:83698510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.61.110.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835411/; classtype:trojan-activity;sid:83698511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.180.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835412/; classtype:trojan-activity;sid:83698512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.88.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835413/; classtype:trojan-activity;sid:83698513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.104.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835414/; classtype:trojan-activity;sid:83698514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.154.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835402/; classtype:trojan-activity;sid:83698502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.186.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835403/; classtype:trojan-activity;sid:83698503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.178.196.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835404/; classtype:trojan-activity;sid:83698504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.85.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835399/; classtype:trojan-activity;sid:83698499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.177.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835400/; classtype:trojan-activity;sid:83698500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.11.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835401/; classtype:trojan-activity;sid:83698501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.80.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835397/; classtype:trojan-activity;sid:83698497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.156.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835398/; classtype:trojan-activity;sid:83698498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.156.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835395/; classtype:trojan-activity;sid:83698495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"103.77.208.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835396/; classtype:trojan-activity;sid:83698496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.20.192.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835394/; classtype:trojan-activity;sid:83698494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/gd7u/gd7u_2.7.0_240413_8.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835393/; classtype:trojan-activity;sid:83698493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/awjq/awjq_1.4.0_240419_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835392/; classtype:trojan-activity;sid:83698492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/awjq/awjq_1.4.0_240418_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835391/; classtype:trojan-activity;sid:83698491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/51lieqi/51lieqi_1.5.0_240413_2.apk"; depth:42; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835390/; classtype:trojan-activity;sid:83698490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjgj/hjgj_1.1.0_240418_1.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835389/; classtype:trojan-activity;sid:83698489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/gd7u/gd7u_2.7.0_240417_5.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835388/; classtype:trojan-activity;sid:83698488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/51lieqi/51lieqi_1.5.0_240418_1.apk"; depth:42; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835387/; classtype:trojan-activity;sid:83698487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/cgw/cgw_0326100.apk"; depth:26; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835386/; classtype:trojan-activity;sid:83698486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/mbjd/mbjd_1.1.0_240417_5.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835385/; classtype:trojan-activity;sid:83698485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/awjq/awjq_1.4.0_240415_2.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835384/; classtype:trojan-activity;sid:83698484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240413_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835383/; classtype:trojan-activity;sid:83698483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/51lieqi/51lieqi_1.5.0_240417_4.apk"; depth:42; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835382/; classtype:trojan-activity;sid:83698482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240421_2.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835381/; classtype:trojan-activity;sid:83698481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/awjq/awjq_1.4.0_240418_5.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835380/; classtype:trojan-activity;sid:83698480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240419_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835379/; classtype:trojan-activity;sid:83698479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjgj/hjgj_1.1.0_240414_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835378/; classtype:trojan-activity;sid:83698478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/gd7u/gd7u_2.7.0_240419_5.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835377/; classtype:trojan-activity;sid:83698477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240416_5.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835376/; classtype:trojan-activity;sid:83698476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240415_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835375/; classtype:trojan-activity;sid:83698475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240412_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835374/; classtype:trojan-activity;sid:83698474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/91pf/91pf_121_03161720.apk"; depth:33; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835373/; classtype:trojan-activity;sid:83698473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/awjq/awjq_1.4.0_240420_2.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835372/; classtype:trojan-activity;sid:83698472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/awjq/awjq_1.4.0_240410_5.apk"; depth:35; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835371/; classtype:trojan-activity;sid:83698471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240415_6.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835370/; classtype:trojan-activity;sid:83698470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/awloly/awloly_2.0.4_240420_1.apk"; depth:39; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835368/; classtype:trojan-activity;sid:83698468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjgj/hjgj_1.1.0_240414_2.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835369/; classtype:trojan-activity;sid:83698469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240418_4.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835367/; classtype:trojan-activity;sid:83698467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240415_1.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835366/; classtype:trojan-activity;sid:83698466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240417_2.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835365/; classtype:trojan-activity;sid:83698465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/awjq/awjq_1.4.0_240422_1.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835364/; classtype:trojan-activity;sid:83698464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//antss/antandroid-v2.6.5-240104.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835363/; classtype:trojan-activity;sid:83698463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240416_2.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835362/; classtype:trojan-activity;sid:83698462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/awjq/awjq_1.4.0_240421_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835360/; classtype:trojan-activity;sid:83698460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/gdpj/gdpj_3.9.0_240411_3.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835361/; classtype:trojan-activity;sid:83698461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjgj/hjgj_1.1.0_240421_1.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835359/; classtype:trojan-activity;sid:83698459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/aiss/aiss_0222_v1.5.0.apk"; depth:32; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835358/; classtype:trojan-activity;sid:83698458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/hjsq/hjsq_1.8.0_240418_2.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835357/; classtype:trojan-activity;sid:83698457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/51sq/v_1.1.5b_2001.apk"; depth:29; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835356/; classtype:trojan-activity;sid:83698456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/51kt/51kt_3.4.3_240420_2.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835355/; classtype:trojan-activity;sid:83698455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240501_4.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835354/; classtype:trojan-activity;sid:83698454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240408_1.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835353/; classtype:trojan-activity;sid:83698453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.4_240407_6.apk"; depth:38; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835352/; classtype:trojan-activity;sid:83698452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240422_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835351/; classtype:trojan-activity;sid:83698451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240502_2.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835350/; classtype:trojan-activity;sid:83698450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gdpj/gdpj_3.9.0_240406_2.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835349/; classtype:trojan-activity;sid:83698449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/91dy/91dy_1.0.1_240502_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835348/; classtype:trojan-activity;sid:83698448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240430_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835347/; classtype:trojan-activity;sid:83698447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/didi2/didi2_2.2.0_240402_3.apk"; depth:36; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835346/; classtype:trojan-activity;sid:83698446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/xlp/xlp_4.6.3_240414_1.apk"; depth:34; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835345/; classtype:trojan-activity;sid:83698445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240501_2.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835344/; classtype:trojan-activity;sid:83698444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/cgw/cgw_0326100.apk"; depth:25; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835343/; classtype:trojan-activity;sid:83698443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/51kt/51kt_3.4.3_240420_1.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835342/; classtype:trojan-activity;sid:83698442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/mbjd/mbjd_1.1.0_240501_5.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835341/; classtype:trojan-activity;sid:83698441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240429_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835340/; classtype:trojan-activity;sid:83698440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240409_3.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835339/; classtype:trojan-activity;sid:83698439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240425_3.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835338/; classtype:trojan-activity;sid:83698438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240428_4.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835337/; classtype:trojan-activity;sid:83698437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51sq/v_1.1.5b_2001.apk"; depth:28; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835336/; classtype:trojan-activity;sid:83698436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/gd7u/gd7u_2.7.0_240414_1.apk"; depth:36; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835335/; classtype:trojan-activity;sid:83698435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/tiktok/tiktok_2.3.0_240411_3.apk"; depth:39; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835334/; classtype:trojan-activity;sid:83698434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240427_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835333/; classtype:trojan-activity;sid:83698433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240410_1.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835332/; classtype:trojan-activity;sid:83698432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/zpcpj/zpcpj_1.7.0_240501_6.apk"; depth:36; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835331/; classtype:trojan-activity;sid:83698431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.4.1_240428_2.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835330/; classtype:trojan-activity;sid:83698430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hls/hls_1.0.1_240501_6.apk"; depth:32; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835329/; classtype:trojan-activity;sid:83698429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.7.0_240501_2.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835328/; classtype:trojan-activity;sid:83698428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240424_4.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835327/; classtype:trojan-activity;sid:83698427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240428_1.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835326/; classtype:trojan-activity;sid:83698426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51lieqi/51lieqi_1.5.0_240422_1.apk"; depth:40; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835325/; classtype:trojan-activity;sid:83698425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gdpj/gdpj_3.9.0_240408_5.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835324/; classtype:trojan-activity;sid:83698424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/wwtt/wwtt_04081359_v1.0.0.apk"; depth:35; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835323/; classtype:trojan-activity;sid:83698423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/xlp/xlp_4.6.3_240409_1.apk"; depth:32; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835322/; classtype:trojan-activity;sid:83698422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51lieqi/51lieqi_1.5.0_240430_4.apk"; depth:40; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835321/; classtype:trojan-activity;sid:83698421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.4_240427_2.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835320/; classtype:trojan-activity;sid:83698420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51sq/v_1.1.5b_2001.apk"; depth:28; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835319/; classtype:trojan-activity;sid:83698419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240501_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835318/; classtype:trojan-activity;sid:83698418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240424_4.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835317/; classtype:trojan-activity;sid:83698417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.4_240404_5.apk"; depth:38; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835316/; classtype:trojan-activity;sid:83698416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/91dy/91dy_1.0.1_240430_5.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835314/; classtype:trojan-activity;sid:83698414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51lieqi/51lieqi_1.5.0_240329_5.apk"; depth:40; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835315/; classtype:trojan-activity;sid:83698415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gtv/gtv_2.0.2_231114_1.apk"; depth:32; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835312/; classtype:trojan-activity;sid:83698412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51lieqi/51lieqi_1.5.0_240501_2.apk"; depth:40; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835313/; classtype:trojan-activity;sid:83698413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240424_5.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835310/; classtype:trojan-activity;sid:83698410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hls/hls_1.0.1_240430_1.apk"; depth:32; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835311/; classtype:trojan-activity;sid:83698411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51lieqi/51lieqi_1.5.0_240329_1.apk"; depth:40; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835309/; classtype:trojan-activity;sid:83698409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/qd/qd_4.0.0_240320_2.apk"; depth:30; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835308/; classtype:trojan-activity;sid:83698408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.4_240424_2.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835307/; classtype:trojan-activity;sid:83698407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240430_5.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835306/; classtype:trojan-activity;sid:83698406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/pz/pz_0318100.apk"; depth:23; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835305/; classtype:trojan-activity;sid:83698405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/wwtt/wwtt_1.0.0_240430_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835304/; classtype:trojan-activity;sid:83698404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240424_3.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835303/; classtype:trojan-activity;sid:83698403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hls/hls_1.0.1_240428_6.apk"; depth:32; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835302/; classtype:trojan-activity;sid:83698402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/aiss/aiss_0222_v1.5.0.apk"; depth:31; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835301/; classtype:trojan-activity;sid:83698401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.4_240425_1.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835300/; classtype:trojan-activity;sid:83698400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/gdpj/gdpj_3.9.0_240415_4.apk"; depth:35; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835299/; classtype:trojan-activity;sid:83698399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.7.0_240430_5.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835298/; classtype:trojan-activity;sid:83698398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240428_4.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835297/; classtype:trojan-activity;sid:83698397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240430_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835296/; classtype:trojan-activity;sid:83698396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240402_4.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835295/; classtype:trojan-activity;sid:83698395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antss/antandroid-v2.6.5-240104.apk"; depth:35; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835294/; classtype:trojan-activity;sid:83698394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240502_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835290/; classtype:trojan-activity;sid:83698390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240410_4.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835291/; classtype:trojan-activity;sid:83698391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240428_2.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835292/; classtype:trojan-activity;sid:83698392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240428_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835293/; classtype:trojan-activity;sid:83698393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240423_3.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835288/; classtype:trojan-activity;sid:83698388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/91dy/91dy_1.0.1_240430_4.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835289/; classtype:trojan-activity;sid:83698389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240427_3.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835287/; classtype:trojan-activity;sid:83698387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/mbjd/mbjd_1.1.0_240430_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835285/; classtype:trojan-activity;sid:83698385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51lieqi/51lieqi_1.5.0_240321_1.apk"; depth:40; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835286/; classtype:trojan-activity;sid:83698386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/wwtt/wwtt_1.0.0_240502_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835284/; classtype:trojan-activity;sid:83698384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240501_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835283/; classtype:trojan-activity;sid:83698383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/qd/qd_4.0.0_240320_2.apk"; depth:30; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835282/; classtype:trojan-activity;sid:83698382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.5_240501_2.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835281/; classtype:trojan-activity;sid:83698381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hls/hls_1.0.1_240430_2.apk"; depth:32; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835280/; classtype:trojan-activity;sid:83698380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antss/antandroid-v2.6.5-240104.apk"; depth:35; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835279/; classtype:trojan-activity;sid:83698379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.4_240422_2.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835278/; classtype:trojan-activity;sid:83698378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gdpj/gdpj_3.9.0_240410_2.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835277/; classtype:trojan-activity;sid:83698377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/sgp/sgp_0429.apk"; depth:22; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835276/; classtype:trojan-activity;sid:83698376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240422_5.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835275/; classtype:trojan-activity;sid:83698375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.7.0_240501_6.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835272/; classtype:trojan-activity;sid:83698372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240427_3.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835273/; classtype:trojan-activity;sid:83698373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.7.0_240429_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835274/; classtype:trojan-activity;sid:83698374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/mrds/mrds_110_03312147.apk"; depth:32; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835271/; classtype:trojan-activity;sid:83698371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antss/antandroid-v2.6.5-240104.apk"; depth:35; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835270/; classtype:trojan-activity;sid:83698370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240426_5.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835268/; classtype:trojan-activity;sid:83698368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/91pf/91pf_121_03161720.apk"; depth:32; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835269/; classtype:trojan-activity;sid:83698369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240426_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835267/; classtype:trojan-activity;sid:83698367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/qd/qd_4.0.1_240501_1.apk"; depth:30; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835266/; classtype:trojan-activity;sid:83698366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.6.0_240410_3.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835265/; classtype:trojan-activity;sid:83698365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240422_3.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835264/; classtype:trojan-activity;sid:83698364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.5_240430_2.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835261/; classtype:trojan-activity;sid:83698361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/wwtt/wwtt_1.0.0_240501_2.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835262/; classtype:trojan-activity;sid:83698362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/qd/qd_4.0.0_240320_2.apk"; depth:30; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835263/; classtype:trojan-activity;sid:83698363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/91dy/91dy_1.0.1_240424_3.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835260/; classtype:trojan-activity;sid:83698360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240428_6.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835259/; classtype:trojan-activity;sid:83698359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/wwtt/wwtt_1.0.0_240501_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835257/; classtype:trojan-activity;sid:83698357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/xlp/xlp_4.6.3_240429_1.apk"; depth:32; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835258/; classtype:trojan-activity;sid:83698358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240426_4.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835256/; classtype:trojan-activity;sid:83698356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.4_240427_3.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835255/; classtype:trojan-activity;sid:83698355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240428_5.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835254/; classtype:trojan-activity;sid:83698354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/aiss/aiss_0222_v1.5.0.apk"; depth:31; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835252/; classtype:trojan-activity;sid:83698352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240501_6.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835253/; classtype:trojan-activity;sid:83698353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240502_2.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835251/; classtype:trojan-activity;sid:83698351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.5_240501_6.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835248/; classtype:trojan-activity;sid:83698348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.7.0_240430_3.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835249/; classtype:trojan-activity;sid:83698349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gdpj/gdpj_3.9.0_240321_1.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835250/; classtype:trojan-activity;sid:83698350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/android/sosojsq_05.10.apk"; depth:26; endswith; nocase; http.host; content:"down.sosoz.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835245/; classtype:trojan-activity;sid:83698345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240410_3.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835246/; classtype:trojan-activity;sid:83698346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/mbjd/mbjd_1.1.0_240428_5.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835247/; classtype:trojan-activity;sid:83698347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/zpcpj/zpcpj_1.7.0_240502_1.apk"; depth:36; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835244/; classtype:trojan-activity;sid:83698344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/qd/qd_4.0.1_240501_4.apk"; depth:30; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835243/; classtype:trojan-activity;sid:83698343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gdpj/gdpj_3.9.0_240407_2.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835242/; classtype:trojan-activity;sid:83698342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240429_4.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835241/; classtype:trojan-activity;sid:83698341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240501_4.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835240/; classtype:trojan-activity;sid:83698340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/cgw/cgw_0323100.apk"; depth:25; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835239/; classtype:trojan-activity;sid:83698339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240502_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835237/; classtype:trojan-activity;sid:83698337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.5_240429_5.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835238/; classtype:trojan-activity;sid:83698338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hls/hls_1.0.1_240501_5.apk"; depth:32; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835236/; classtype:trojan-activity;sid:83698336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.7.0_240426_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835235/; classtype:trojan-activity;sid:83698335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/qd/qd_4.0.1_240430_5.apk"; depth:30; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835234/; classtype:trojan-activity;sid:83698334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.5_240502_1.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835233/; classtype:trojan-activity;sid:83698333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240427_2.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835231/; classtype:trojan-activity;sid:83698331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240410_5.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835232/; classtype:trojan-activity;sid:83698332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/wwtt/wwtt_1.0.0_240501_4.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835230/; classtype:trojan-activity;sid:83698330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240424_2.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835229/; classtype:trojan-activity;sid:83698329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gdpj/gdpj_3.9.0_240404_4.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835228/; classtype:trojan-activity;sid:83698328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240430_6.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835227/; classtype:trojan-activity;sid:83698327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///down/51lieqi/51lieqi_1.5.0_240413_4.apk"; depth:42; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835223/; classtype:trojan-activity;sid:83698323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.7.0_240430_6.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835224/; classtype:trojan-activity;sid:83698324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240428_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835225/; classtype:trojan-activity;sid:83698325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240502_1.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835226/; classtype:trojan-activity;sid:83698326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240428_4.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835222/; classtype:trojan-activity;sid:83698322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240428_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835220/; classtype:trojan-activity;sid:83698320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gdpj/gdpj_3.9.0_240321_2.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835221/; classtype:trojan-activity;sid:83698321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240430_2.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835218/; classtype:trojan-activity;sid:83698318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240409_2.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835219/; classtype:trojan-activity;sid:83698319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240501_5.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835216/; classtype:trojan-activity;sid:83698316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/91dy/91dy_1.0.1_240427_1.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835217/; classtype:trojan-activity;sid:83698317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/gd7u/gd7u_2.6.0_240408_2.apk"; depth:34; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835215/; classtype:trojan-activity;sid:83698315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240424_1.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835213/; classtype:trojan-activity;sid:83698313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/mrds/mrds_120_04242229.apk"; depth:32; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835214/; classtype:trojan-activity;sid:83698314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awjq/awjq_1.4.0_240408_2.apk|3f|v=1"; depth:41; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835212/; classtype:trojan-activity;sid:83698312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/awloly/awloly_2.0.5_240501_5.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835211/; classtype:trojan-activity;sid:83698311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240424_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835210/; classtype:trojan-activity;sid:83698310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240428_5.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835209/; classtype:trojan-activity;sid:83698309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/gdpj/gdpj_3.9.0_240415_4.apk"; depth:35; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835208/; classtype:trojan-activity;sid:83698308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjgj/hjgj_1.1.0_240501_6.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835206/; classtype:trojan-activity;sid:83698306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/qd/qd_4.0.0_240319_4.apk"; depth:30; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835207/; classtype:trojan-activity;sid:83698307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240425_6.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835205/; classtype:trojan-activity;sid:83698305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240430_2.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835204/; classtype:trojan-activity;sid:83698304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51lieqi/51lieqi_1.5.0_240501_3.apk"; depth:40; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835202/; classtype:trojan-activity;sid:83698302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hjsq/hjsq_1.8.0_240429_6.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835203/; classtype:trojan-activity;sid:83698303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/android/sosojsq_05.10.apk"; depth:26; endswith; nocase; http.host; content:"down.sosoo.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835201/; classtype:trojan-activity;sid:83698301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/91pf/91pf_121_03161720.apk"; depth:32; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835199/; classtype:trojan-activity;sid:83698299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/qd/qd_4.0.1_240502_2.apk"; depth:30; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835200/; classtype:trojan-activity;sid:83698300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lu/lusir_0422.apk"; depth:18; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835196/; classtype:trojan-activity;sid:83698296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/mrds/mrds_120_04301402.apk"; depth:32; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835197/; classtype:trojan-activity;sid:83698297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/aiss/aiss_0222_v1.5.0.apk"; depth:31; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835198/; classtype:trojan-activity;sid:83698298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/mrds/mrds_111_03051715.apk"; depth:32; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835195/; classtype:trojan-activity;sid:83698295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240430_4.apk"; depth:34; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835193/; classtype:trojan-activity;sid:83698293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/hls/hls_1.0.1_240427_2.apk"; depth:32; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835194/; classtype:trojan-activity;sid:83698294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/51kt/51kt_3.4.3_240428_2.apk"; depth:34; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835192/; classtype:trojan-activity;sid:83698292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/202403211335_xlp.apk"; depth:26; endswith; nocase; http.host; content:"d2mlls8dsnofna.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835191/; classtype:trojan-activity;sid:83698291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.220.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835190/; classtype:trojan-activity;sid:83698290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.249.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835189/; classtype:trojan-activity;sid:83698289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.179.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835188/; classtype:trojan-activity;sid:83698288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.104.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835187/; classtype:trojan-activity;sid:83698287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.49.65.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835186/; classtype:trojan-activity;sid:83698286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.53.36.200"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835185/; classtype:trojan-activity;sid:83698285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.202.90.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835184/; classtype:trojan-activity;sid:83698284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.76.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835183/; classtype:trojan-activity;sid:83698283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.115.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835181/; classtype:trojan-activity;sid:83698281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.18.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835182/; classtype:trojan-activity;sid:83698282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835180/; classtype:trojan-activity;sid:83698280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkw7e0xiz2yghzoa0lemotip9z-inpwklffl_2khwae4q3fg4wtrrpesxks45sxs3znv9jpwv6-_v-nqvxvbudsvdkbetiyqrcwdynbaoh-th3pksz8ajokvpg0ewkx4xz9rkwspd811m3lzy6_jup-v184lcbgvdlk1xini06lt3-n8/ln5yfcyz9suo71g/enquiry.tgz"; depth:205; endswith; nocase; http.host; content:"download2324.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835179/; classtype:trojan-activity;sid:83698279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.187.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835178/; classtype:trojan-activity;sid:83698278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.147.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835177/; classtype:trojan-activity;sid:83698277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.177.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835176/; classtype:trojan-activity;sid:83698276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.220.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835175/; classtype:trojan-activity;sid:83698275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.210.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835174/; classtype:trojan-activity;sid:83698274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.72.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835173/; classtype:trojan-activity;sid:83698273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.176.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835172/; classtype:trojan-activity;sid:83698272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.164.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835171/; classtype:trojan-activity;sid:83698271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.179.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835170/; classtype:trojan-activity;sid:83698270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.82.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835169/; classtype:trojan-activity;sid:83698269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.147.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835168/; classtype:trojan-activity;sid:83698268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/download.php|3f|c=1000"; depth:28; endswith; nocase; http.host; content:"d2m54y8a2kdtj1.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835167/; classtype:trojan-activity;sid:83698267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.152.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835166/; classtype:trojan-activity;sid:83698266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.93.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835164/; classtype:trojan-activity;sid:83698264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.116.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835165/; classtype:trojan-activity;sid:83698265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/tiktok/tiktok_2.3.0_240415_1.apk"; depth:39; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835160/; classtype:trojan-activity;sid:83698260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/tiktok/tiktok_2.3.0_240413_5.apk"; depth:39; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835161/; classtype:trojan-activity;sid:83698261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/tiktok/tiktok_2.3.0_240414_4.apk"; depth:39; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835162/; classtype:trojan-activity;sid:83698262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/tiktok/tiktok_2.3.0_240420_3.apk"; depth:39; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835163/; classtype:trojan-activity;sid:83698263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/tiktok/tiktok_2.3.0_240412_3.apk"; depth:39; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835158/; classtype:trojan-activity;sid:83698258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//down/tiktok/tiktok_2.3.0_240414_5.apk"; depth:39; endswith; nocase; http.host; content:"d26r44l4vrn00m.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835159/; classtype:trojan-activity;sid:83698259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.4.1_240427_1.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835157/; classtype:trojan-activity;sid:83698257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.4.1_240501_6.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835156/; classtype:trojan-activity;sid:83698256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.4.1_240427_6.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835152/; classtype:trojan-activity;sid:83698252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.3.0_240402_3.apk"; depth:38; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835153/; classtype:trojan-activity;sid:83698253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.3.0_240409_1.apk"; depth:38; endswith; nocase; http.host; content:"db4djqkh4h9v0.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835154/; classtype:trojan-activity;sid:83698254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.4.1_240426_7.apk"; depth:38; endswith; nocase; http.host; content:"d36e0jkwnyz61b.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835155/; classtype:trojan-activity;sid:83698255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.4.1_240430_3.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835151/; classtype:trojan-activity;sid:83698251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.4.1_240501_5.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835150/; classtype:trojan-activity;sid:83698250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.112.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835149/; classtype:trojan-activity;sid:83698249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.70.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835148/; classtype:trojan-activity;sid:83698248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835147/; classtype:trojan-activity;sid:83698247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.37.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835146/; classtype:trojan-activity;sid:83698246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.112.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835145/; classtype:trojan-activity;sid:83698245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tiktok/tiktok_2.4.1_240502_1.apk"; depth:38; endswith; nocase; http.host; content:"d2kdqj6gjm17ok.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835144/; classtype:trojan-activity;sid:83698244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.164.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835142/; classtype:trojan-activity;sid:83698242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835143/; classtype:trojan-activity;sid:83698243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.61.149.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835141/; classtype:trojan-activity;sid:83698241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/tt/ready.apk"; depth:20; endswith; nocase; http.host; content:"tk.coachesinspain.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835140/; classtype:trojan-activity;sid:83698240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"eku365.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835139/; classtype:trojan-activity;sid:83698239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"68tiyu.tv"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835137/; classtype:trojan-activity;sid:83698237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"68tiyu.net"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835138/; classtype:trojan-activity;sid:83698238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"bcshopfe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835123/; classtype:trojan-activity;sid:83698223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/tiktok/ready.apk"; depth:24; endswith; nocase; http.host; content:"gawx.florenda.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835124/; classtype:trojan-activity;sid:83698224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"m.68tiyu.net"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835125/; classtype:trojan-activity;sid:83698225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"m.68tiyu.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835126/; classtype:trojan-activity;sid:83698226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"m.68tiyu.tv"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835127/; classtype:trojan-activity;sid:83698227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"www.68tiyu.tv"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835128/; classtype:trojan-activity;sid:83698228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"www.68tiyu.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835129/; classtype:trojan-activity;sid:83698229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"68tiyu.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835130/; classtype:trojan-activity;sid:83698230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"www.68tiyu.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835131/; classtype:trojan-activity;sid:83698231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/tiktok/ready.apk"; depth:24; endswith; nocase; http.host; content:"tiktok.florenda.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835132/; classtype:trojan-activity;sid:83698232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"m.68tiyu.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835133/; classtype:trojan-activity;sid:83698233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"68tiyu.cc"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835134/; classtype:trojan-activity;sid:83698234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"www.68tiyu.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835135/; classtype:trojan-activity;sid:83698235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"login.rubioguzman.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835136/; classtype:trojan-activity;sid:83698236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/tt/ready.apk"; depth:20; endswith; nocase; http.host; content:"tk.coachesinspain.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835121/; classtype:trojan-activity;sid:83698221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/tiktok/ready.apk"; depth:24; endswith; nocase; http.host; content:"gawx.florenda.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835122/; classtype:trojan-activity;sid:83698222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/kk/ready.apk"; depth:20; endswith; nocase; http.host; content:"tt.coachesinspain.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835120/; classtype:trojan-activity;sid:83698220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/kk/ready.apk"; depth:20; endswith; nocase; http.host; content:"tt.coachesinspain.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835119/; classtype:trojan-activity;sid:83698219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiktok/ready.apk"; depth:17; endswith; nocase; http.host; content:"tiktok.coachesinspain.comstatic"; depth:31; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835117/; classtype:trojan-activity;sid:83698217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiktok/ready.apk"; depth:17; endswith; nocase; http.host; content:"tiktok.coachesinspain.comstatic"; depth:31; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835118/; classtype:trojan-activity;sid:83698218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.164.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835116/; classtype:trojan-activity;sid:83698216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cost/sarra.exe"; depth:15; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835115/; classtype:trojan-activity;sid:83698215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.186.60.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835114/; classtype:trojan-activity;sid:83698214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835113/; classtype:trojan-activity;sid:83698213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.45.128.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835112/; classtype:trojan-activity;sid:83698212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.199.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835111/; classtype:trojan-activity;sid:83698211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"103.99.62.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835110/; classtype:trojan-activity;sid:83698210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"103.99.62.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835109/; classtype:trojan-activity;sid:83698209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"103.99.62.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835108/; classtype:trojan-activity;sid:83698208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"103.99.62.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835107/; classtype:trojan-activity;sid:83698207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"103.99.62.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835105/; classtype:trojan-activity;sid:83698205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"103.99.62.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835106/; classtype:trojan-activity;sid:83698206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"47.57.184.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835104/; classtype:trojan-activity;sid:83698204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"47.57.184.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835103/; classtype:trojan-activity;sid:83698203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835101/; classtype:trojan-activity;sid:83698201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.242.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835102/; classtype:trojan-activity;sid:83698202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835100/; classtype:trojan-activity;sid:83698200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.245.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835096/; classtype:trojan-activity;sid:83698196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.221.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835097/; classtype:trojan-activity;sid:83698197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.29.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835098/; classtype:trojan-activity;sid:83698198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.37.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835099/; classtype:trojan-activity;sid:83698199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.255.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835094/; classtype:trojan-activity;sid:83698194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.191.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835095/; classtype:trojan-activity;sid:83698195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"202.95.1.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835093/; classtype:trojan-activity;sid:83698193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.145.22.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835091/; classtype:trojan-activity;sid:83698191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.145.22.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835092/; classtype:trojan-activity;sid:83698192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.145.22.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835090/; classtype:trojan-activity;sid:83698190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"47.57.7.44"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835089/; classtype:trojan-activity;sid:83698189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"47.57.7.44"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835088/; classtype:trojan-activity;sid:83698188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.145.22.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835087/; classtype:trojan-activity;sid:83698187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.148.125.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835085/; classtype:trojan-activity;sid:83698185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.148.125.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835086/; classtype:trojan-activity;sid:83698186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.145.22.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835084/; classtype:trojan-activity;sid:83698184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835083/; classtype:trojan-activity;sid:83698183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.145.22.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835082/; classtype:trojan-activity;sid:83698182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"185.93.68.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835081/; classtype:trojan-activity;sid:83698181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready1.apk"; depth:11; endswith; nocase; http.host; content:"103.148.125.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835080/; classtype:trojan-activity;sid:83698180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.142.244.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835079/; classtype:trojan-activity;sid:83698179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"95.214.177.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835077/; classtype:trojan-activity;sid:83698177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"103.142.244.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835078/; classtype:trojan-activity;sid:83698178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"95.214.177.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835076/; classtype:trojan-activity;sid:83698176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/ready.apk"; depth:20; endswith; nocase; http.host; content:"43.159.133.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835075/; classtype:trojan-activity;sid:83698175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.113.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835074/; classtype:trojan-activity;sid:83698174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.235.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835073/; classtype:trojan-activity;sid:83698173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.82.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835072/; classtype:trojan-activity;sid:83698172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835071/; classtype:trojan-activity;sid:83698171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.201.110.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835069/; classtype:trojan-activity;sid:83698169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835070/; classtype:trojan-activity;sid:83698170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835068/; classtype:trojan-activity;sid:83698168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"154.9.255.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835067/; classtype:trojan-activity;sid:83698167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udvejningernes.aaf"; depth:19; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835066/; classtype:trojan-activity;sid:83698166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svileh127.bin"; depth:14; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835065/; classtype:trojan-activity;sid:83698165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"149.88.85.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835063/; classtype:trojan-activity;sid:83698163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk%20(2)"; depth:16; endswith; nocase; http.host; content:"149.88.85.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835064/; classtype:trojan-activity;sid:83698164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.62.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835062/; classtype:trojan-activity;sid:83698162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.182.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835061/; classtype:trojan-activity;sid:83698161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.56.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835060/; classtype:trojan-activity;sid:83698160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.52.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835059/; classtype:trojan-activity;sid:83698159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835058/; classtype:trojan-activity;sid:83698158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.78.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835057/; classtype:trojan-activity;sid:83698157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cost/random.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835056/; classtype:trojan-activity;sid:83698156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.236.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835055/; classtype:trojan-activity;sid:83698155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.61.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835054/; classtype:trojan-activity;sid:83698154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.181.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835053/; classtype:trojan-activity;sid:83698153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.137.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835052/; classtype:trojan-activity;sid:83698152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.74.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835051/; classtype:trojan-activity;sid:83698151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.62.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835050/; classtype:trojan-activity;sid:83698150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835049/; classtype:trojan-activity;sid:83698149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.52.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835048/; classtype:trojan-activity;sid:83698148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.244.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835047/; classtype:trojan-activity;sid:83698147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.105.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835046/; classtype:trojan-activity;sid:83698146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.137.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835045/; classtype:trojan-activity;sid:83698145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.187.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835044/; classtype:trojan-activity;sid:83698144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.61.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835043/; classtype:trojan-activity;sid:83698143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noa.exe"; depth:8; endswith; nocase; http.host; content:"192.3.239.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835042/; classtype:trojan-activity;sid:83698142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uws0pm"; depth:7; endswith; nocase; http.host; content:"wheel.to"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835041/; classtype:trojan-activity;sid:83698141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835040/; classtype:trojan-activity;sid:83698140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.5.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835039/; classtype:trojan-activity;sid:83698139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.187.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835038/; classtype:trojan-activity;sid:83698138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.80.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835037/; classtype:trojan-activity;sid:83698137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mine/amert.exe"; depth:15; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835036/; classtype:trojan-activity;sid:83698136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mine/random.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835035/; classtype:trojan-activity;sid:83698135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835034/; classtype:trojan-activity;sid:83698134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.194.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835033/; classtype:trojan-activity;sid:83698133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.95.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835032/; classtype:trojan-activity;sid:83698132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.74.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835031/; classtype:trojan-activity;sid:83698131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.244.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835030/; classtype:trojan-activity;sid:83698130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.56.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835029/; classtype:trojan-activity;sid:83698129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835028/; classtype:trojan-activity;sid:83698128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835027/; classtype:trojan-activity;sid:83698127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.51.54.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835026/; classtype:trojan-activity;sid:83698126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.76.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835024/; classtype:trojan-activity;sid:83698124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.185.101.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835025/; classtype:trojan-activity;sid:83698125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.237.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835023/; classtype:trojan-activity;sid:83698123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.80.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835022/; classtype:trojan-activity;sid:83698122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.11.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835021/; classtype:trojan-activity;sid:83698121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.2.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835020/; classtype:trojan-activity;sid:83698120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.95.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835019/; classtype:trojan-activity;sid:83698119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835016/; classtype:trojan-activity;sid:83698116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.215.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835017/; classtype:trojan-activity;sid:83698117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.16.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835018/; classtype:trojan-activity;sid:83698118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835015/; classtype:trojan-activity;sid:83698115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.49.75.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835013/; classtype:trojan-activity;sid:83698113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835014/; classtype:trojan-activity;sid:83698114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835012/; classtype:trojan-activity;sid:83698112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.2.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835011/; classtype:trojan-activity;sid:83698111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835010/; classtype:trojan-activity;sid:83698110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835009/; classtype:trojan-activity;sid:83698109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.117.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835008/; classtype:trojan-activity;sid:83698108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.213.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835007/; classtype:trojan-activity;sid:83698107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.235.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835006/; classtype:trojan-activity;sid:83698106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835004/; classtype:trojan-activity;sid:83698104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835005/; classtype:trojan-activity;sid:83698105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.52.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835003/; classtype:trojan-activity;sid:83698103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.232.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835002/; classtype:trojan-activity;sid:83698102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.75.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835001/; classtype:trojan-activity;sid:83698101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.193.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835000/; classtype:trojan-activity;sid:83698100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834999/; classtype:trojan-activity;sid:83698099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834998/; classtype:trojan-activity;sid:83698098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/loader-1000.exe"; depth:21; endswith; nocase; http.host; content:"dkgxxh1czdosr.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834997/; classtype:trojan-activity;sid:83698097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.156.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834996/; classtype:trojan-activity;sid:83698096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834995/; classtype:trojan-activity;sid:83698095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.164.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834994/; classtype:trojan-activity;sid:83698094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834993/; classtype:trojan-activity;sid:83698093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.93.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834992/; classtype:trojan-activity;sid:83698092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.176.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834988/; classtype:trojan-activity;sid:83698088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834989/; classtype:trojan-activity;sid:83698089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.151.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834990/; classtype:trojan-activity;sid:83698090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.208.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834991/; classtype:trojan-activity;sid:83698091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834987/; classtype:trojan-activity;sid:83698087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.83.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834986/; classtype:trojan-activity;sid:83698086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.161.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834985/; classtype:trojan-activity;sid:83698085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834984/; classtype:trojan-activity;sid:83698084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.75.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834983/; classtype:trojan-activity;sid:83698083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/2r47k8ub"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834982/; classtype:trojan-activity;sid:83698082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.69.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834981/; classtype:trojan-activity;sid:83698081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.181.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834980/; classtype:trojan-activity;sid:83698080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.3.243"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834979/; classtype:trojan-activity;sid:83698079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.193.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834978/; classtype:trojan-activity;sid:83698078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834977/; classtype:trojan-activity;sid:83698077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834976/; classtype:trojan-activity;sid:83698076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.180.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834975/; classtype:trojan-activity;sid:83698075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.83.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834974/; classtype:trojan-activity;sid:83698074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.182.189.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834973/; classtype:trojan-activity;sid:83698073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834972/; classtype:trojan-activity;sid:83698072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834971/; classtype:trojan-activity;sid:83698071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.61.149.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834970/; classtype:trojan-activity;sid:83698070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.47.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834969/; classtype:trojan-activity;sid:83698069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.175.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834968/; classtype:trojan-activity;sid:83698068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834967/; classtype:trojan-activity;sid:83698067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.69.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834966/; classtype:trojan-activity;sid:83698066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.78.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834965/; classtype:trojan-activity;sid:83698065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing"; depth:8; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834964/; classtype:trojan-activity;sid:83698064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing_aarch64"; depth:16; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834963/; classtype:trojan-activity;sid:83698063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libsystem.so"; depth:13; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834957/; classtype:trojan-activity;sid:83698057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834958/; classtype:trojan-activity;sid:83698058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834959/; classtype:trojan-activity;sid:83698059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834960/; classtype:trojan-activity;sid:83698060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834961/; classtype:trojan-activity;sid:83698061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834962/; classtype:trojan-activity;sid:83698062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tf.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834955/; classtype:trojan-activity;sid:83698055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lh.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834956/; classtype:trojan-activity;sid:83698056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-adm64"; depth:11; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834954/; classtype:trojan-activity;sid:83698054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.189.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834953/; classtype:trojan-activity;sid:83698053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.80.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834952/; classtype:trojan-activity;sid:83698052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.182.189.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834951/; classtype:trojan-activity;sid:83698051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834950/; classtype:trojan-activity;sid:83698050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.91.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834949/; classtype:trojan-activity;sid:83698049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.mpsl"; depth:16; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834948/; classtype:trojan-activity;sid:83698048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834947/; classtype:trojan-activity;sid:83698047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.200.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834946/; classtype:trojan-activity;sid:83698046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.sh"; depth:5; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834945/; classtype:trojan-activity;sid:83698045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sy25"; depth:5; endswith; nocase; http.host; content:"209.141.36.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834944/; classtype:trojan-activity;sid:83698044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mobaxterm_personal_24.1%20-%20%e5%bf%ab%e6%8d%b7%e6%96%b9%e5%bc%8f"; depth:67; endswith; nocase; http.host; content:"209.141.36.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834943/; classtype:trojan-activity;sid:83698043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tf"; depth:3; endswith; nocase; http.host; content:"209.141.36.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834942/; classtype:trojan-activity;sid:83698042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834941/; classtype:trojan-activity;sid:83698041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.51.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834940/; classtype:trojan-activity;sid:83698040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834938/; classtype:trojan-activity;sid:83698038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834939/; classtype:trojan-activity;sid:83698039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.189.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834937/; classtype:trojan-activity;sid:83698037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm7"; depth:16; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834932/; classtype:trojan-activity;sid:83698032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834933/; classtype:trojan-activity;sid:83698033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834934/; classtype:trojan-activity;sid:83698034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834935/; classtype:trojan-activity;sid:83698035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834936/; classtype:trojan-activity;sid:83698036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.ppc"; depth:10; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834923/; classtype:trojan-activity;sid:83698023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm5"; depth:11; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834924/; classtype:trojan-activity;sid:83698024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm6"; depth:11; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834925/; classtype:trojan-activity;sid:83698025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834926/; classtype:trojan-activity;sid:83698026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.x86"; depth:15; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834927/; classtype:trojan-activity;sid:83698027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.sh4"; depth:15; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834928/; classtype:trojan-activity;sid:83698028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.x86"; depth:15; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834929/; classtype:trojan-activity;sid:83698029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.x86"; depth:10; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834930/; classtype:trojan-activity;sid:83698030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm7"; depth:11; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834931/; classtype:trojan-activity;sid:83698031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.ppc"; depth:15; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834922/; classtype:trojan-activity;sid:83698022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm5"; depth:16; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834916/; classtype:trojan-activity;sid:83698016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.mips"; depth:16; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834917/; classtype:trojan-activity;sid:83698017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm6"; depth:16; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834918/; classtype:trojan-activity;sid:83698018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834919/; classtype:trojan-activity;sid:83698019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.spc"; depth:10; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834920/; classtype:trojan-activity;sid:83698020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834921/; classtype:trojan-activity;sid:83698021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm7"; depth:11; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834910/; classtype:trojan-activity;sid:83698010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm"; depth:10; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834911/; classtype:trojan-activity;sid:83698011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm5"; depth:16; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834912/; classtype:trojan-activity;sid:83698012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.mips"; depth:11; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834913/; classtype:trojan-activity;sid:83698013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm5"; depth:11; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834914/; classtype:trojan-activity;sid:83698014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.ppc"; depth:15; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834915/; classtype:trojan-activity;sid:83698015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm6"; depth:16; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834905/; classtype:trojan-activity;sid:83698005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm"; depth:15; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834906/; classtype:trojan-activity;sid:83698006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.mips"; depth:16; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834907/; classtype:trojan-activity;sid:83698007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm"; depth:15; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834908/; classtype:trojan-activity;sid:83698008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.m68k"; depth:16; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834909/; classtype:trojan-activity;sid:83698009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.sh4"; depth:10; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834901/; classtype:trojan-activity;sid:83698001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.spc"; depth:10; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834902/; classtype:trojan-activity;sid:83698002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.spc"; depth:15; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834903/; classtype:trojan-activity;sid:83698003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.x86"; depth:10; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834904/; classtype:trojan-activity;sid:83698004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.ppc"; depth:10; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834900/; classtype:trojan-activity;sid:83698000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.sh4"; depth:15; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834893/; classtype:trojan-activity;sid:83697993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.mips"; depth:11; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834894/; classtype:trojan-activity;sid:83697994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.mpsl"; depth:11; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834895/; classtype:trojan-activity;sid:83697995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm7"; depth:16; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834896/; classtype:trojan-activity;sid:83697996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm6"; depth:11; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834897/; classtype:trojan-activity;sid:83697997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.sh4"; depth:10; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834898/; classtype:trojan-activity;sid:83697998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.spc"; depth:15; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834899/; classtype:trojan-activity;sid:83697999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834892/; classtype:trojan-activity;sid:83697992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834890/; classtype:trojan-activity;sid:83697990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm"; depth:10; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834891/; classtype:trojan-activity;sid:83697991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.mpsl"; depth:11; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834888/; classtype:trojan-activity;sid:83697988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.m68k"; depth:11; endswith; nocase; http.host; content:"fbmarket-place.info"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834889/; classtype:trojan-activity;sid:83697989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.m68k"; depth:11; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834886/; classtype:trojan-activity;sid:83697986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834887/; classtype:trojan-activity;sid:83697987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.m68k"; depth:16; endswith; nocase; http.host; content:"www.fbmarket-place.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834884/; classtype:trojan-activity;sid:83697984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"xijinping.mov"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834885/; classtype:trojan-activity;sid:83697985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.4.163.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834883/; classtype:trojan-activity;sid:83697983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.147.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834882/; classtype:trojan-activity;sid:83697982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.157.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834881/; classtype:trojan-activity;sid:83697981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.132.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834880/; classtype:trojan-activity;sid:83697980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834879/; classtype:trojan-activity;sid:83697979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834878/; classtype:trojan-activity;sid:83697978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834877/; classtype:trojan-activity;sid:83697977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834876/; classtype:trojan-activity;sid:83697976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834873/; classtype:trojan-activity;sid:83697973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834874/; classtype:trojan-activity;sid:83697974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834875/; classtype:trojan-activity;sid:83697975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834871/; classtype:trojan-activity;sid:83697971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"apibnng.servehttp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834872/; classtype:trojan-activity;sid:83697972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.35.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834870/; classtype:trojan-activity;sid:83697970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.84.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834869/; classtype:trojan-activity;sid:83697969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.198.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834867/; classtype:trojan-activity;sid:83697967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.130.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834868/; classtype:trojan-activity;sid:83697968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.48.145.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834865/; classtype:trojan-activity;sid:83697965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"76.81.220.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834866/; classtype:trojan-activity;sid:83697966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.51.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834864/; classtype:trojan-activity;sid:83697964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.mips"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834853/; classtype:trojan-activity;sid:83697953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.arm6"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834854/; classtype:trojan-activity;sid:83697954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.mpsl"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834855/; classtype:trojan-activity;sid:83697955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.m68k"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834856/; classtype:trojan-activity;sid:83697956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.arm4"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834857/; classtype:trojan-activity;sid:83697957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.ppc"; depth:8; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834858/; classtype:trojan-activity;sid:83697958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.x86"; depth:8; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834859/; classtype:trojan-activity;sid:83697959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.arm7"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834860/; classtype:trojan-activity;sid:83697960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.arm5"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834861/; classtype:trojan-activity;sid:83697961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.i686"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834862/; classtype:trojan-activity;sid:83697962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.sh4"; depth:8; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834863/; classtype:trojan-activity;sid:83697963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/request_for_quote.exe"; depth:22; endswith; nocase; http.host; content:"crowninter.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834852/; classtype:trojan-activity;sid:83697952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.254.55.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834851/; classtype:trojan-activity;sid:83697951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.221.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834850/; classtype:trojan-activity;sid:83697950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.61.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834849/; classtype:trojan-activity;sid:83697949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"91.92.252.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834848/; classtype:trojan-activity;sid:83697948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.84.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834847/; classtype:trojan-activity;sid:83697947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834843/; classtype:trojan-activity;sid:83697943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834844/; classtype:trojan-activity;sid:83697944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834845/; classtype:trojan-activity;sid:83697945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834846/; classtype:trojan-activity;sid:83697946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834842/; classtype:trojan-activity;sid:83697942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834837/; classtype:trojan-activity;sid:83697937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834838/; classtype:trojan-activity;sid:83697938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834839/; classtype:trojan-activity;sid:83697939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834840/; classtype:trojan-activity;sid:83697940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834841/; classtype:trojan-activity;sid:83697941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834835/; classtype:trojan-activity;sid:83697935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834836/; classtype:trojan-activity;sid:83697936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.87.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834834/; classtype:trojan-activity;sid:83697934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.235.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834833/; classtype:trojan-activity;sid:83697933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.35.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834832/; classtype:trojan-activity;sid:83697932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.197.49.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834831/; classtype:trojan-activity;sid:83697931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.103.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834830/; classtype:trojan-activity;sid:83697930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.92.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834829/; classtype:trojan-activity;sid:83697929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834828/; classtype:trojan-activity;sid:83697928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.254.55.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834827/; classtype:trojan-activity;sid:83697927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.27.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834826/; classtype:trojan-activity;sid:83697926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834825/; classtype:trojan-activity;sid:83697925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.x86_64"; depth:14; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834822/; classtype:trojan-activity;sid:83697922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.arm7"; depth:12; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834823/; classtype:trojan-activity;sid:83697923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.mips"; depth:12; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834824/; classtype:trojan-activity;sid:83697924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.mpsl"; depth:12; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834817/; classtype:trojan-activity;sid:83697917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.19.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834818/; classtype:trojan-activity;sid:83697918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.arm6"; depth:12; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834819/; classtype:trojan-activity;sid:83697919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.arm"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834820/; classtype:trojan-activity;sid:83697920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.arm5"; depth:12; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834821/; classtype:trojan-activity;sid:83697921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.spc"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834812/; classtype:trojan-activity;sid:83697912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.x86"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834813/; classtype:trojan-activity;sid:83697913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.ppc"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834814/; classtype:trojan-activity;sid:83697914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.sh4"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834815/; classtype:trojan-activity;sid:83697915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m/bot.m68k"; depth:12; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834816/; classtype:trojan-activity;sid:83697916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.84.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834811/; classtype:trojan-activity;sid:83697911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834810/; classtype:trojan-activity;sid:83697910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tee.scr"; depth:8; endswith; nocase; http.host; content:"dukeenergyltd.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834809/; classtype:trojan-activity;sid:83697909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.221.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834808/; classtype:trojan-activity;sid:83697908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834807/; classtype:trojan-activity;sid:83697907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834806/; classtype:trojan-activity;sid:83697906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834805/; classtype:trojan-activity;sid:83697905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.193.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834804/; classtype:trojan-activity;sid:83697904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.0.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834803/; classtype:trojan-activity;sid:83697903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.107.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834802/; classtype:trojan-activity;sid:83697902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.206.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834801/; classtype:trojan-activity;sid:83697901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.19.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834800/; classtype:trojan-activity;sid:83697900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.50.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834799/; classtype:trojan-activity;sid:83697899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834798/; classtype:trojan-activity;sid:83697898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.114.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834797/; classtype:trojan-activity;sid:83697897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.27.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834796/; classtype:trojan-activity;sid:83697896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834795/; classtype:trojan-activity;sid:83697895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.213.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834794/; classtype:trojan-activity;sid:83697894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834793/; classtype:trojan-activity;sid:83697893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834792/; classtype:trojan-activity;sid:83697892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.199.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834790/; classtype:trojan-activity;sid:83697890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.105.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834791/; classtype:trojan-activity;sid:83697891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.206.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834789/; classtype:trojan-activity;sid:83697889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.253.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834788/; classtype:trojan-activity;sid:83697888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669174517|3f|hash=yh2vzc7uwzjkrjyzsieznthijyzzvxyemdbnx060pqd|7c|26|7c|dl=ynwa0oyyjfmzxkzghyzwacbp3hioca5lchcwsztvgu8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834787/; classtype:trojan-activity;sid:83697887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834786/; classtype:trojan-activity;sid:83697886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.48.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834784/; classtype:trojan-activity;sid:83697884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.137.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834785/; classtype:trojan-activity;sid:83697885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.48.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834783/; classtype:trojan-activity;sid:83697883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.110.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834782/; classtype:trojan-activity;sid:83697882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.144.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834781/; classtype:trojan-activity;sid:83697881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.179.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834779/; classtype:trojan-activity;sid:83697879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.114.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834780/; classtype:trojan-activity;sid:83697880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.214.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834778/; classtype:trojan-activity;sid:83697878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.125.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834777/; classtype:trojan-activity;sid:83697877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/6046/setup%e6%9f%a5%e7%9c%8b_6046.exe"; depth:40; endswith; nocase; http.host; content:"innd.ink"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834776/; classtype:trojan-activity;sid:83697876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.201.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834775/; classtype:trojan-activity;sid:83697875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.30.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834774/; classtype:trojan-activity;sid:83697874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.6.30"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834773/; classtype:trojan-activity;sid:83697873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.99.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834771/; classtype:trojan-activity;sid:83697871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.39.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834772/; classtype:trojan-activity;sid:83697872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.95.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834769/; classtype:trojan-activity;sid:83697869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.237.109.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834770/; classtype:trojan-activity;sid:83697870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.104.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834768/; classtype:trojan-activity;sid:83697868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.179.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834766/; classtype:trojan-activity;sid:83697866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.238.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834767/; classtype:trojan-activity;sid:83697867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.12.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834765/; classtype:trojan-activity;sid:83697865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.31.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834764/; classtype:trojan-activity;sid:83697864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.43.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834763/; classtype:trojan-activity;sid:83697863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.95.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834762/; classtype:trojan-activity;sid:83697862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.27.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834761/; classtype:trojan-activity;sid:83697861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834760/; classtype:trojan-activity;sid:83697860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.56.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834759/; classtype:trojan-activity;sid:83697859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.190.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834758/; classtype:trojan-activity;sid:83697858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.178.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834757/; classtype:trojan-activity;sid:83697857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.122.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834756/; classtype:trojan-activity;sid:83697856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.188.174.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834755/; classtype:trojan-activity;sid:83697855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.237.109.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834754/; classtype:trojan-activity;sid:83697854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.95.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834753/; classtype:trojan-activity;sid:83697853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.30.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834752/; classtype:trojan-activity;sid:83697852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=11l32ednrgm4l1bn8f-xau1jbmyfuxrhj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834750/; classtype:trojan-activity;sid:83697850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1br5ov9jchr-ahw-bktzyy_6omqifflx8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834751/; classtype:trojan-activity;sid:83697851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/e5433cad6e99dcbffcb19fe8a2ead3fe/xile_client.exe"; depth:53; endswith; nocase; http.host; content:"loader.oxy.st"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834749/; classtype:trojan-activity;sid:83697849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834748/; classtype:trojan-activity;sid:83697848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.213.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834745/; classtype:trojan-activity;sid:83697845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.33.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834746/; classtype:trojan-activity;sid:83697846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.11.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834747/; classtype:trojan-activity;sid:83697847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.242.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834742/; classtype:trojan-activity;sid:83697842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.212.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834743/; classtype:trojan-activity;sid:83697843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.53.159.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834744/; classtype:trojan-activity;sid:83697844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.190.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834741/; classtype:trojan-activity;sid:83697841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.202.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834740/; classtype:trojan-activity;sid:83697840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.115.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834739/; classtype:trojan-activity;sid:83697839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834738/; classtype:trojan-activity;sid:83697838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.188.174.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834737/; classtype:trojan-activity;sid:83697837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.49.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834734/; classtype:trojan-activity;sid:83697834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.122.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834735/; classtype:trojan-activity;sid:83697835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.57.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834736/; classtype:trojan-activity;sid:83697836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.113.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834733/; classtype:trojan-activity;sid:83697833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.11.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834732/; classtype:trojan-activity;sid:83697832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.33.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834731/; classtype:trojan-activity;sid:83697831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.213.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834730/; classtype:trojan-activity;sid:83697830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.248.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834729/; classtype:trojan-activity;sid:83697829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.182.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834728/; classtype:trojan-activity;sid:83697828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.115.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834727/; classtype:trojan-activity;sid:83697827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.38.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834726/; classtype:trojan-activity;sid:83697826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.23.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834725/; classtype:trojan-activity;sid:83697825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.190.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834724/; classtype:trojan-activity;sid:83697824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.222.237.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834723/; classtype:trojan-activity;sid:83697823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834722/; classtype:trojan-activity;sid:83697822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.228.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834721/; classtype:trojan-activity;sid:83697821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.240.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834720/; classtype:trojan-activity;sid:83697820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"148.103.220.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834719/; classtype:trojan-activity;sid:83697819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.182.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834718/; classtype:trojan-activity;sid:83697818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.117.117.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834717/; classtype:trojan-activity;sid:83697817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.3.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834716/; classtype:trojan-activity;sid:83697816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.197.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834715/; classtype:trojan-activity;sid:83697815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.11.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834714/; classtype:trojan-activity;sid:83697814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.246.205.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834713/; classtype:trojan-activity;sid:83697813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.52.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834712/; classtype:trojan-activity;sid:83697812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834711/; classtype:trojan-activity;sid:83697811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.31.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834710/; classtype:trojan-activity;sid:83697810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.218.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834709/; classtype:trojan-activity;sid:83697809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"148.103.220.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834708/; classtype:trojan-activity;sid:83697808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.14.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834707/; classtype:trojan-activity;sid:83697807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.33.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834706/; classtype:trojan-activity;sid:83697806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.239.70.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834705/; classtype:trojan-activity;sid:83697805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.179.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834704/; classtype:trojan-activity;sid:83697804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.41.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834703/; classtype:trojan-activity;sid:83697803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.245.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834702/; classtype:trojan-activity;sid:83697802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834700/; classtype:trojan-activity;sid:83697800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.11.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834701/; classtype:trojan-activity;sid:83697801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.147.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834698/; classtype:trojan-activity;sid:83697798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.218.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834699/; classtype:trojan-activity;sid:83697799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.127.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834697/; classtype:trojan-activity;sid:83697797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.14.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834696/; classtype:trojan-activity;sid:83697796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834695/; classtype:trojan-activity;sid:83697795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.150.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834694/; classtype:trojan-activity;sid:83697794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.110.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834693/; classtype:trojan-activity;sid:83697793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.220.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834692/; classtype:trojan-activity;sid:83697792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.127.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834691/; classtype:trojan-activity;sid:83697791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834688/; classtype:trojan-activity;sid:83697788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.196.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834689/; classtype:trojan-activity;sid:83697789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834690/; classtype:trojan-activity;sid:83697790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.103.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834687/; classtype:trojan-activity;sid:83697787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834686/; classtype:trojan-activity;sid:83697786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.67.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834685/; classtype:trojan-activity;sid:83697785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.86.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834684/; classtype:trojan-activity;sid:83697784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834683/; classtype:trojan-activity;sid:83697783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834682/; classtype:trojan-activity;sid:83697782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.147.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834681/; classtype:trojan-activity;sid:83697781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.226.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834680/; classtype:trojan-activity;sid:83697780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.42.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834679/; classtype:trojan-activity;sid:83697779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.245.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834678/; classtype:trojan-activity;sid:83697778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.175.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834677/; classtype:trojan-activity;sid:83697777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.82.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834676/; classtype:trojan-activity;sid:83697776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.132.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834675/; classtype:trojan-activity;sid:83697775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.56.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834673/; classtype:trojan-activity;sid:83697773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.78.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834674/; classtype:trojan-activity;sid:83697774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.11.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834672/; classtype:trojan-activity;sid:83697772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834671/; classtype:trojan-activity;sid:83697771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.59.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834670/; classtype:trojan-activity;sid:83697770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.226.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834669/; classtype:trojan-activity;sid:83697769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.67.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834668/; classtype:trojan-activity;sid:83697768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.184.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834667/; classtype:trojan-activity;sid:83697767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834666/; classtype:trojan-activity;sid:83697766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.243.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834665/; classtype:trojan-activity;sid:83697765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.226.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834664/; classtype:trojan-activity;sid:83697764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.71.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834662/; classtype:trojan-activity;sid:83697762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.252.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834663/; classtype:trojan-activity;sid:83697763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.32.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834661/; classtype:trojan-activity;sid:83697761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834660/; classtype:trojan-activity;sid:83697760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834659/; classtype:trojan-activity;sid:83697759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.32.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834658/; classtype:trojan-activity;sid:83697758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.87.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834657/; classtype:trojan-activity;sid:83697757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amervh79.bin"; depth:13; endswith; nocase; http.host; content:"94.156.79.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834656/; classtype:trojan-activity;sid:83697756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrqyribqcevemosuimafmdd44.bin"; depth:30; endswith; nocase; http.host; content:"94.156.79.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834655/; classtype:trojan-activity;sid:83697755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.0.131"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834654/; classtype:trojan-activity;sid:83697754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.42.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834653/; classtype:trojan-activity;sid:83697753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.59.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834652/; classtype:trojan-activity;sid:83697752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.182.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834651/; classtype:trojan-activity;sid:83697751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834650/; classtype:trojan-activity;sid:83697750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.41.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834649/; classtype:trojan-activity;sid:83697749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.105.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834648/; classtype:trojan-activity;sid:83697748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.200.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834646/; classtype:trojan-activity;sid:83697746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834647/; classtype:trojan-activity;sid:83697747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/lexisnexis.msix"; depth:22; endswith; nocase; http.host; content:"eprst281.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834644/; classtype:trojan-activity;sid:83697744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/asana.msix"; depth:17; endswith; nocase; http.host; content:"eprst251.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834645/; classtype:trojan-activity;sid:83697745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/get.ps1"; depth:12; endswith; nocase; http.host; content:"massgira.fun"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834640/; classtype:trojan-activity;sid:83697740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/asana.msix"; depth:17; endswith; nocase; http.host; content:"138.124.184.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834641/; classtype:trojan-activity;sid:83697741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/asana.msix"; depth:17; endswith; nocase; http.host; content:"138.124.184.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834642/; classtype:trojan-activity;sid:83697742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/blackrock.msix"; depth:21; endswith; nocase; http.host; content:"138.124.184.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834643/; classtype:trojan-activity;sid:83697743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/blackrock.msix"; depth:21; endswith; nocase; http.host; content:"eprst281.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834635/; classtype:trojan-activity;sid:83697735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/blackrock.msix"; depth:21; endswith; nocase; http.host; content:"138.124.184.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834636/; classtype:trojan-activity;sid:83697736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/netsupport28.zip"; depth:23; endswith; nocase; http.host; content:"eprst281.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834637/; classtype:trojan-activity;sid:83697737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/netsupport25.zip"; depth:23; endswith; nocase; http.host; content:"eprst251.boo"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834638/; classtype:trojan-activity;sid:83697738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te1/tstreds.gagg"; depth:17; endswith; nocase; http.host; content:"timeandremind.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834639/; classtype:trojan-activity;sid:83697739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te1/ggg.text"; depth:13; endswith; nocase; http.host; content:"timeandremind.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834634/; classtype:trojan-activity;sid:83697734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.php"; depth:13; endswith; nocase; http.host; content:"lexisnexis.day"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834633/; classtype:trojan-activity;sid:83697733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.229.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834631/; classtype:trojan-activity;sid:83697731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.5.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834632/; classtype:trojan-activity;sid:83697732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"gvw.demo.betterbuiltdogs.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834630/; classtype:trojan-activity;sid:83697730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.22.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834629/; classtype:trojan-activity;sid:83697729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834628/; classtype:trojan-activity;sid:83697728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834627/; classtype:trojan-activity;sid:83697727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"ben-advanced.fra1.digitaloceanspaces.com"; depth:40; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834626/; classtype:trojan-activity;sid:83697726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.54.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834624/; classtype:trojan-activity;sid:83697724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.212.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834625/; classtype:trojan-activity;sid:83697725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.50.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834623/; classtype:trojan-activity;sid:83697723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.230.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834622/; classtype:trojan-activity;sid:83697722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.200.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834621/; classtype:trojan-activity;sid:83697721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.32.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834620/; classtype:trojan-activity;sid:83697720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.50.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834619/; classtype:trojan-activity;sid:83697719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834618/; classtype:trojan-activity;sid:83697718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.48.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834616/; classtype:trojan-activity;sid:83697716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.131.60.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834617/; classtype:trojan-activity;sid:83697717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.136.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834615/; classtype:trojan-activity;sid:83697715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.13.244.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834614/; classtype:trojan-activity;sid:83697714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.100.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834613/; classtype:trojan-activity;sid:83697713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.22.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834612/; classtype:trojan-activity;sid:83697712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.229.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834611/; classtype:trojan-activity;sid:83697711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.54.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834610/; classtype:trojan-activity;sid:83697710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834609/; classtype:trojan-activity;sid:83697709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.50.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834608/; classtype:trojan-activity;sid:83697708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.230.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834606/; classtype:trojan-activity;sid:83697706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834607/; classtype:trojan-activity;sid:83697707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.212.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834605/; classtype:trojan-activity;sid:83697705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834603/; classtype:trojan-activity;sid:83697703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.136.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834604/; classtype:trojan-activity;sid:83697704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.181.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834602/; classtype:trojan-activity;sid:83697702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.48.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834601/; classtype:trojan-activity;sid:83697701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.206.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834600/; classtype:trojan-activity;sid:83697700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.105.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834599/; classtype:trojan-activity;sid:83697699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.86.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834598/; classtype:trojan-activity;sid:83697698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.164.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834597/; classtype:trojan-activity;sid:83697697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.5.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834596/; classtype:trojan-activity;sid:83697696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.120.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834595/; classtype:trojan-activity;sid:83697695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.95.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834594/; classtype:trojan-activity;sid:83697694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"tyd.demo.betterbuiltdogs.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834593/; classtype:trojan-activity;sid:83697693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.240.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834592/; classtype:trojan-activity;sid:83697692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.234.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834591/; classtype:trojan-activity;sid:83697691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.55.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834589/; classtype:trojan-activity;sid:83697689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.52.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834590/; classtype:trojan-activity;sid:83697690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.22.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834588/; classtype:trojan-activity;sid:83697688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.189.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834587/; classtype:trojan-activity;sid:83697687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.206.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834586/; classtype:trojan-activity;sid:83697686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834585/; classtype:trojan-activity;sid:83697685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834584/; classtype:trojan-activity;sid:83697684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.180.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834583/; classtype:trojan-activity;sid:83697683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.240.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834582/; classtype:trojan-activity;sid:83697682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.160.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834581/; classtype:trojan-activity;sid:83697681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.255.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834579/; classtype:trojan-activity;sid:83697679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.231.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834580/; classtype:trojan-activity;sid:83697680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.22.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834578/; classtype:trojan-activity;sid:83697678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.189.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834577/; classtype:trojan-activity;sid:83697677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.193.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834576/; classtype:trojan-activity;sid:83697676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.107.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834574/; classtype:trojan-activity;sid:83697674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.126.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834575/; classtype:trojan-activity;sid:83697675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.223.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834573/; classtype:trojan-activity;sid:83697673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.77.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834572/; classtype:trojan-activity;sid:83697672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.180.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834571/; classtype:trojan-activity;sid:83697671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834570/; classtype:trojan-activity;sid:83697670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.166.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834568/; classtype:trojan-activity;sid:83697668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.61.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834569/; classtype:trojan-activity;sid:83697669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.37.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834567/; classtype:trojan-activity;sid:83697667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.157.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834566/; classtype:trojan-activity;sid:83697666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834565/; classtype:trojan-activity;sid:83697665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.255.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834564/; classtype:trojan-activity;sid:83697664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.193.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834563/; classtype:trojan-activity;sid:83697663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.115.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834562/; classtype:trojan-activity;sid:83697662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.160.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834561/; classtype:trojan-activity;sid:83697661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.ppc"; depth:15; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834560/; classtype:trojan-activity;sid:83697660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.spc"; depth:15; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834559/; classtype:trojan-activity;sid:83697659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.126.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834558/; classtype:trojan-activity;sid:83697658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.33.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834557/; classtype:trojan-activity;sid:83697657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rumba/buben.exe"; depth:16; endswith; nocase; http.host; content:"5.42.96.7"; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834556/; classtype:trojan-activity;sid:83697656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm7"; depth:16; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834553/; classtype:trojan-activity;sid:83697653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.mips"; depth:16; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834554/; classtype:trojan-activity;sid:83697654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm5"; depth:16; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834555/; classtype:trojan-activity;sid:83697655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834548/; classtype:trojan-activity;sid:83697648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834549/; classtype:trojan-activity;sid:83697649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm"; depth:15; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834550/; classtype:trojan-activity;sid:83697650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.x86"; depth:15; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834551/; classtype:trojan-activity;sid:83697651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.mpsl"; depth:16; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834552/; classtype:trojan-activity;sid:83697652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.4.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834547/; classtype:trojan-activity;sid:83697647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.176.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834546/; classtype:trojan-activity;sid:83697646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.170.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834544/; classtype:trojan-activity;sid:83697644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.162.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834545/; classtype:trojan-activity;sid:83697645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.arm6"; depth:16; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834542/; classtype:trojan-activity;sid:83697642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kelly.m68k"; depth:16; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834543/; classtype:trojan-activity;sid:83697643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.120.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834541/; classtype:trojan-activity;sid:83697641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.19.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834540/; classtype:trojan-activity;sid:83697640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.231.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834539/; classtype:trojan-activity;sid:83697639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.61.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834537/; classtype:trojan-activity;sid:83697637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.23.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834538/; classtype:trojan-activity;sid:83697638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"193.234.64.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834536/; classtype:trojan-activity;sid:83697636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.166.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834535/; classtype:trojan-activity;sid:83697635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.91.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834534/; classtype:trojan-activity;sid:83697634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.189.21.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834533/; classtype:trojan-activity;sid:83697633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.186.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834532/; classtype:trojan-activity;sid:83697632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.227.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834530/; classtype:trojan-activity;sid:83697630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.121.83.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834531/; classtype:trojan-activity;sid:83697631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.56.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834529/; classtype:trojan-activity;sid:83697629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.57.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834528/; classtype:trojan-activity;sid:83697628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.126.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834526/; classtype:trojan-activity;sid:83697626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.57.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834527/; classtype:trojan-activity;sid:83697627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.233.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834525/; classtype:trojan-activity;sid:83697625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.35.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834524/; classtype:trojan-activity;sid:83697624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834523/; classtype:trojan-activity;sid:83697623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.23.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834521/; classtype:trojan-activity;sid:83697621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.30.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834522/; classtype:trojan-activity;sid:83697622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834518/; classtype:trojan-activity;sid:83697618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.209.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834519/; classtype:trojan-activity;sid:83697619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.247.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834520/; classtype:trojan-activity;sid:83697620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"139.84.143.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834517/; classtype:trojan-activity;sid:83697617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-mips"; depth:13; endswith; nocase; http.host; content:"104.207.134.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834516/; classtype:trojan-activity;sid:83697616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"64.190.113.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834514/; classtype:trojan-activity;sid:83697614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-mips"; depth:13; endswith; nocase; http.host; content:"193.200.134.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834515/; classtype:trojan-activity;sid:83697615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"212.227.241.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834512/; classtype:trojan-activity;sid:83697612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"217.69.6.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834513/; classtype:trojan-activity;sid:83697613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"194.156.100.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834511/; classtype:trojan-activity;sid:83697611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc"; depth:3; endswith; nocase; http.host; content:"217.69.6.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834509/; classtype:trojan-activity;sid:83697609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x64"; depth:4; endswith; nocase; http.host; content:"217.69.6.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834510/; classtype:trojan-activity;sid:83697610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.txt"; depth:6; endswith; nocase; http.host; content:"38.180.160.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834507/; classtype:trojan-activity;sid:83697607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.txt"; depth:6; endswith; nocase; http.host; content:"169.239.130.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834508/; classtype:trojan-activity;sid:83697608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.236.161.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834505/; classtype:trojan-activity;sid:83697605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"104.129.31.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834506/; classtype:trojan-activity;sid:83697606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.mips"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834504/; classtype:trojan-activity;sid:83697604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834502/; classtype:trojan-activity;sid:83697602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.x86"; depth:10; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834503/; classtype:trojan-activity;sid:83697603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3"; depth:2; endswith; nocase; http.host; content:"45.95.169.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834501/; classtype:trojan-activity;sid:83697601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.x86_64"; depth:13; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834499/; classtype:trojan-activity;sid:83697599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.snoopy"; depth:15; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834500/; classtype:trojan-activity;sid:83697600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"45.13.199.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834498/; classtype:trojan-activity;sid:83697598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.165.172.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834497/; classtype:trojan-activity;sid:83697597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"209.141.36.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834496/; classtype:trojan-activity;sid:83697596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834495/; classtype:trojan-activity;sid:83697595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"194.156.100.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834493/; classtype:trojan-activity;sid:83697593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834494/; classtype:trojan-activity;sid:83697594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834492/; classtype:trojan-activity;sid:83697592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"104.152.49.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834486/; classtype:trojan-activity;sid:83697586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.m68k"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834487/; classtype:trojan-activity;sid:83697587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834488/; classtype:trojan-activity;sid:83697588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.185.50.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834489/; classtype:trojan-activity;sid:83697589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh4"; depth:9; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834490/; classtype:trojan-activity;sid:83697590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"45.76.205.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834491/; classtype:trojan-activity;sid:83697591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834484/; classtype:trojan-activity;sid:83697584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834485/; classtype:trojan-activity;sid:83697585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834482/; classtype:trojan-activity;sid:83697582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834483/; classtype:trojan-activity;sid:83697583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-mipsel"; depth:15; endswith; nocase; http.host; content:"158.247.232.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834480/; classtype:trojan-activity;sid:83697580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"45.76.228.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834481/; classtype:trojan-activity;sid:83697581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834477/; classtype:trojan-activity;sid:83697577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm6"; depth:11; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834478/; classtype:trojan-activity;sid:83697578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.snoopy"; depth:14; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834479/; classtype:trojan-activity;sid:83697579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.snoopy"; depth:15; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834473/; classtype:trojan-activity;sid:83697573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.snoopy"; depth:15; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834474/; classtype:trojan-activity;sid:83697574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834475/; classtype:trojan-activity;sid:83697575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834476/; classtype:trojan-activity;sid:83697576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"85.114.145.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834471/; classtype:trojan-activity;sid:83697571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"192.187.121.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834472/; classtype:trojan-activity;sid:83697572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/st"; depth:3; endswith; nocase; http.host; content:"149.28.34.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834468/; classtype:trojan-activity;sid:83697568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"158.247.251.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834469/; classtype:trojan-activity;sid:83697569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.ppc"; depth:10; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834470/; classtype:trojan-activity;sid:83697570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.249.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"216.45.57.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834463/; classtype:trojan-activity;sid:83697563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.x86"; depth:10; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834464/; classtype:trojan-activity;sid:83697564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.x86"; depth:15; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834465/; classtype:trojan-activity;sid:83697565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.snoopy"; depth:15; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834466/; classtype:trojan-activity;sid:83697566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834462/; classtype:trojan-activity;sid:83697562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.snoopy"; depth:15; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834460/; classtype:trojan-activity;sid:83697560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834461/; classtype:trojan-activity;sid:83697561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834458/; classtype:trojan-activity;sid:83697558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"45.76.122.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834459/; classtype:trojan-activity;sid:83697559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.spc"; depth:10; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834455/; classtype:trojan-activity;sid:83697555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"217.160.6.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834456/; classtype:trojan-activity;sid:83697556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834457/; classtype:trojan-activity;sid:83697557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834454/; classtype:trojan-activity;sid:83697554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"192.187.121.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834451/; classtype:trojan-activity;sid:83697551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834452/; classtype:trojan-activity;sid:83697552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"192.187.121.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834453/; classtype:trojan-activity;sid:83697553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"46.41.139.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834450/; classtype:trojan-activity;sid:83697550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.ppc"; depth:15; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834448/; classtype:trojan-activity;sid:83697548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mips"; depth:10; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834449/; classtype:trojan-activity;sid:83697549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.snoopy"; depth:15; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834446/; classtype:trojan-activity;sid:83697546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.245.204.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834447/; classtype:trojan-activity;sid:83697547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.snoopy"; depth:14; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834443/; classtype:trojan-activity;sid:83697543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834444/; classtype:trojan-activity;sid:83697544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.arm6"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834445/; classtype:trojan-activity;sid:83697545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834438/; classtype:trojan-activity;sid:83697538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834439/; classtype:trojan-activity;sid:83697539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i386"; depth:5; endswith; nocase; http.host; content:"103.171.181.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834440/; classtype:trojan-activity;sid:83697540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.snoopy"; depth:14; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834441/; classtype:trojan-activity;sid:83697541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"192.187.121.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834436/; classtype:trojan-activity;sid:83697536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.m68k"; depth:11; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834437/; classtype:trojan-activity;sid:83697537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.arm5"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834435/; classtype:trojan-activity;sid:83697535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-mips"; depth:13; endswith; nocase; http.host; content:"158.247.195.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834433/; classtype:trojan-activity;sid:83697533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"212.132.121.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834434/; classtype:trojan-activity;sid:83697534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.snoopy"; depth:15; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834432/; classtype:trojan-activity;sid:83697532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834430/; classtype:trojan-activity;sid:83697530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"149.28.146.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834431/; classtype:trojan-activity;sid:83697531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm5"; depth:10; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834427/; classtype:trojan-activity;sid:83697527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834428/; classtype:trojan-activity;sid:83697528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.arm7"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834429/; classtype:trojan-activity;sid:83697529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834423/; classtype:trojan-activity;sid:83697523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"91.92.252.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834424/; classtype:trojan-activity;sid:83697524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834425/; classtype:trojan-activity;sid:83697525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834426/; classtype:trojan-activity;sid:83697526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834422/; classtype:trojan-activity;sid:83697522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.spc"; depth:10; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834418/; classtype:trojan-activity;sid:83697518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"140.82.24.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834419/; classtype:trojan-activity;sid:83697519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"50.21.179.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834420/; classtype:trojan-activity;sid:83697520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.mpsl"; depth:11; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834421/; classtype:trojan-activity;sid:83697521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.snoopy"; depth:15; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834415/; classtype:trojan-activity;sid:83697515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"185.144.156.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834416/; classtype:trojan-activity;sid:83697516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834417/; classtype:trojan-activity;sid:83697517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"141.164.47.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834410/; classtype:trojan-activity;sid:83697510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.snoopy"; depth:15; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834411/; classtype:trojan-activity;sid:83697511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.arm"; depth:10; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834412/; classtype:trojan-activity;sid:83697512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.m68k"; depth:16; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834413/; classtype:trojan-activity;sid:83697513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834414/; classtype:trojan-activity;sid:83697514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.snoopy"; depth:14; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834408/; classtype:trojan-activity;sid:83697508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.snoopy"; depth:15; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834409/; classtype:trojan-activity;sid:83697509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"209.182.219.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834406/; classtype:trojan-activity;sid:83697506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834407/; classtype:trojan-activity;sid:83697507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.spc"; depth:15; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834403/; classtype:trojan-activity;sid:83697503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm"; depth:10; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834404/; classtype:trojan-activity;sid:83697504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834405/; classtype:trojan-activity;sid:83697505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.arm"; depth:15; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834402/; classtype:trojan-activity;sid:83697502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834401/; classtype:trojan-activity;sid:83697501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.snoopy"; depth:15; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834399/; classtype:trojan-activity;sid:83697499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.snoopy"; depth:14; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834397/; classtype:trojan-activity;sid:83697497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc"; depth:3; endswith; nocase; http.host; content:"85.215.183.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834398/; classtype:trojan-activity;sid:83697498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm"; depth:9; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834395/; classtype:trojan-activity;sid:83697495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834396/; classtype:trojan-activity;sid:83697496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"193.200.134.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834394/; classtype:trojan-activity;sid:83697494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.spc"; depth:9; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834390/; classtype:trojan-activity;sid:83697490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nano"; depth:5; endswith; nocase; http.host; content:"139.180.186.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834391/; classtype:trojan-activity;sid:83697491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"192.187.121.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834392/; classtype:trojan-activity;sid:83697492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834393/; classtype:trojan-activity;sid:83697493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.arm5"; depth:16; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834388/; classtype:trojan-activity;sid:83697488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.ppc"; depth:10; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834389/; classtype:trojan-activity;sid:83697489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/bot.sh4"; depth:10; endswith; nocase; http.host; content:"cs.proxy1.bf"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834384/; classtype:trojan-activity;sid:83697484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834385/; classtype:trojan-activity;sid:83697485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834386/; classtype:trojan-activity;sid:83697486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834382/; classtype:trojan-activity;sid:83697482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"85.114.141.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834383/; classtype:trojan-activity;sid:83697483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.snoopy"; depth:15; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834380/; classtype:trojan-activity;sid:83697480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834381/; classtype:trojan-activity;sid:83697481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834379/; classtype:trojan-activity;sid:83697479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834377/; classtype:trojan-activity;sid:83697477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.mips"; depth:9; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834378/; classtype:trojan-activity;sid:83697478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834375/; classtype:trojan-activity;sid:83697475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.m68k"; depth:10; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834376/; classtype:trojan-activity;sid:83697476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.162.132.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834374/; classtype:trojan-activity;sid:83697474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834371/; classtype:trojan-activity;sid:83697471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834373/; classtype:trojan-activity;sid:83697473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.sh4"; depth:10; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834367/; classtype:trojan-activity;sid:83697467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.snoopy"; depth:15; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834368/; classtype:trojan-activity;sid:83697468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834369/; classtype:trojan-activity;sid:83697469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.sh4"; depth:15; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834370/; classtype:trojan-activity;sid:83697470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834362/; classtype:trojan-activity;sid:83697462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834363/; classtype:trojan-activity;sid:83697463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"103.171.181.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834364/; classtype:trojan-activity;sid:83697464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.mpsl"; depth:16; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834365/; classtype:trojan-activity;sid:83697465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm6"; depth:10; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834366/; classtype:trojan-activity;sid:83697466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm7"; depth:10; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834358/; classtype:trojan-activity;sid:83697458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm5"; depth:11; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834359/; classtype:trojan-activity;sid:83697459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834360/; classtype:trojan-activity;sid:83697460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834361/; classtype:trojan-activity;sid:83697461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.snoopy"; depth:15; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834356/; classtype:trojan-activity;sid:83697456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834357/; classtype:trojan-activity;sid:83697457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834353/; classtype:trojan-activity;sid:83697453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834354/; classtype:trojan-activity;sid:83697454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.sh4"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834355/; classtype:trojan-activity;sid:83697455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834352/; classtype:trojan-activity;sid:83697452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834349/; classtype:trojan-activity;sid:83697449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.mips"; depth:16; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834350/; classtype:trojan-activity;sid:83697450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834351/; classtype:trojan-activity;sid:83697451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834347/; classtype:trojan-activity;sid:83697447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834348/; classtype:trojan-activity;sid:83697448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"91.92.252.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834346/; classtype:trojan-activity;sid:83697446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834343/; classtype:trojan-activity;sid:83697443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.snoopy"; depth:15; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834344/; classtype:trojan-activity;sid:83697444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834345/; classtype:trojan-activity;sid:83697445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834340/; classtype:trojan-activity;sid:83697440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.arm7"; depth:16; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834341/; classtype:trojan-activity;sid:83697441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mpsl"; depth:10; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834342/; classtype:trojan-activity;sid:83697442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834338/; classtype:trojan-activity;sid:83697438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.snoopy"; depth:14; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834339/; classtype:trojan-activity;sid:83697439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834335/; classtype:trojan-activity;sid:83697435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834336/; classtype:trojan-activity;sid:83697436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834337/; classtype:trojan-activity;sid:83697437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"23.165.104.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834334/; classtype:trojan-activity;sid:83697434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.128.232.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834332/; classtype:trojan-activity;sid:83697432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"103.14.48.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834333/; classtype:trojan-activity;sid:83697433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.arm7"; depth:11; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834330/; classtype:trojan-activity;sid:83697430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bdfee.arm6"; depth:16; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834331/; classtype:trojan-activity;sid:83697431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834327/; classtype:trojan-activity;sid:83697427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834328/; classtype:trojan-activity;sid:83697428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"91.228.147.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834329/; classtype:trojan-activity;sid:83697429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"74.208.247.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834325/; classtype:trojan-activity;sid:83697425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.snoopy"; depth:15; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834326/; classtype:trojan-activity;sid:83697426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834323/; classtype:trojan-activity;sid:83697423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"45.95.169.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834324/; classtype:trojan-activity;sid:83697424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.snoopy"; depth:14; endswith; nocase; http.host; content:"192.151.156.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834319/; classtype:trojan-activity;sid:83697419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834320/; classtype:trojan-activity;sid:83697420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.snoopy"; depth:14; endswith; nocase; http.host; content:"104.128.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834321/; classtype:trojan-activity;sid:83697421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.mpsl"; depth:11; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834322/; classtype:trojan-activity;sid:83697422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelly.mips"; depth:11; endswith; nocase; http.host; content:"94.156.71.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834317/; classtype:trojan-activity;sid:83697417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"192.187.121.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834318/; classtype:trojan-activity;sid:83697418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834316/; classtype:trojan-activity;sid:83697416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"157.10.45.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834312/; classtype:trojan-activity;sid:83697412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"194.156.100.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834313/; classtype:trojan-activity;sid:83697413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834314/; classtype:trojan-activity;sid:83697414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mil"; depth:4; endswith; nocase; http.host; content:"45.95.169.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834315/; classtype:trojan-activity;sid:83697415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834307/; classtype:trojan-activity;sid:83697407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834308/; classtype:trojan-activity;sid:83697408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834309/; classtype:trojan-activity;sid:83697409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.156.79.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834310/; classtype:trojan-activity;sid:83697410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834311/; classtype:trojan-activity;sid:83697411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834305/; classtype:trojan-activity;sid:83697405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"217.160.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834306/; classtype:trojan-activity;sid:83697406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"108.61.202.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834304/; classtype:trojan-activity;sid:83697404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.m68k"; depth:10; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834303/; classtype:trojan-activity;sid:83697403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.ppc"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834301/; classtype:trojan-activity;sid:83697401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.spc"; depth:9; endswith; nocase; http.host; content:"93.123.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834302/; classtype:trojan-activity;sid:83697402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834300/; classtype:trojan-activity;sid:83697400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.154.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834299/; classtype:trojan-activity;sid:83697399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logo3.jpg"; depth:10; endswith; nocase; http.host; content:"a0950747.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834298/; classtype:trojan-activity;sid:83697398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.126.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834296/; classtype:trojan-activity;sid:83697396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.88.72"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834297/; classtype:trojan-activity;sid:83697397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.47.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834295/; classtype:trojan-activity;sid:83697395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.221.207.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834294/; classtype:trojan-activity;sid:83697394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.244.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834293/; classtype:trojan-activity;sid:83697393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.156.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834292/; classtype:trojan-activity;sid:83697392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.164.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834291/; classtype:trojan-activity;sid:83697391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.91.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834290/; classtype:trojan-activity;sid:83697390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834289/; classtype:trojan-activity;sid:83697389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.237.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834288/; classtype:trojan-activity;sid:83697388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.72.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834287/; classtype:trojan-activity;sid:83697387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.155.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834286/; classtype:trojan-activity;sid:83697386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.247.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834285/; classtype:trojan-activity;sid:83697385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.209.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834284/; classtype:trojan-activity;sid:83697384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.224.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834283/; classtype:trojan-activity;sid:83697383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.9.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834282/; classtype:trojan-activity;sid:83697382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.237.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834281/; classtype:trojan-activity;sid:83697381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834280/; classtype:trojan-activity;sid:83697380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.125.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834279/; classtype:trojan-activity;sid:83697379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.254.245.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834278/; classtype:trojan-activity;sid:83697378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834277/; classtype:trojan-activity;sid:83697377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.47.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834276/; classtype:trojan-activity;sid:83697376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834275/; classtype:trojan-activity;sid:83697375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834274/; classtype:trojan-activity;sid:83697374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.155.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834273/; classtype:trojan-activity;sid:83697373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.116.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834272/; classtype:trojan-activity;sid:83697372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.224.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834271/; classtype:trojan-activity;sid:83697371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834270/; classtype:trojan-activity;sid:83697370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.66.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834269/; classtype:trojan-activity;sid:83697369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834268/; classtype:trojan-activity;sid:83697368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.185.26.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834266/; classtype:trojan-activity;sid:83697366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.63.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834267/; classtype:trojan-activity;sid:83697367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834265/; classtype:trojan-activity;sid:83697365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.60.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834264/; classtype:trojan-activity;sid:83697364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.237.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834263/; classtype:trojan-activity;sid:83697363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.7.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834262/; classtype:trojan-activity;sid:83697362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.143.19.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834261/; classtype:trojan-activity;sid:83697361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.60.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834260/; classtype:trojan-activity;sid:83697360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.74.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834259/; classtype:trojan-activity;sid:83697359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.78.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834258/; classtype:trojan-activity;sid:83697358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.237.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834257/; classtype:trojan-activity;sid:83697357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.157.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834256/; classtype:trojan-activity;sid:83697356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834253/; classtype:trojan-activity;sid:83697353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834254/; classtype:trojan-activity;sid:83697354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.204.194.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834255/; classtype:trojan-activity;sid:83697355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834252/; classtype:trojan-activity;sid:83697352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834251/; classtype:trojan-activity;sid:83697351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834250/; classtype:trojan-activity;sid:83697350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834249/; classtype:trojan-activity;sid:83697349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.1.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834248/; classtype:trojan-activity;sid:83697348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.74.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834247/; classtype:trojan-activity;sid:83697347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.12.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834246/; classtype:trojan-activity;sid:83697346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834245/; classtype:trojan-activity;sid:83697345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.143.19.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834244/; classtype:trojan-activity;sid:83697344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.20.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834243/; classtype:trojan-activity;sid:83697343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.66.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834242/; classtype:trojan-activity;sid:83697342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.7.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834241/; classtype:trojan-activity;sid:83697341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834240/; classtype:trojan-activity;sid:83697340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834239/; classtype:trojan-activity;sid:83697339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.78.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834237/; classtype:trojan-activity;sid:83697337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834238/; classtype:trojan-activity;sid:83697338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.157.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834236/; classtype:trojan-activity;sid:83697336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.139.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834235/; classtype:trojan-activity;sid:83697335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.4.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834234/; classtype:trojan-activity;sid:83697334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.149.236.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834233/; classtype:trojan-activity;sid:83697333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.7.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834232/; classtype:trojan-activity;sid:83697332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.209.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834231/; classtype:trojan-activity;sid:83697331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834230/; classtype:trojan-activity;sid:83697330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834229/; classtype:trojan-activity;sid:83697329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669109419|3f|hash=jkpo6xknggloev5w3rmyvyipbkbz4iqzfc2nqtv2wsw|7c|26|7c|dl=z0cbj6cbwdg5wajzxjczzirvaqbpjzspnaeuizzfcp0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834228/; classtype:trojan-activity;sid:83697328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.12.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834227/; classtype:trojan-activity;sid:83697327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834226/; classtype:trojan-activity;sid:83697326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834225/; classtype:trojan-activity;sid:83697325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.117.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834224/; classtype:trojan-activity;sid:83697324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.105.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834223/; classtype:trojan-activity;sid:83697323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834222/; classtype:trojan-activity;sid:83697322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.4.196"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834221/; classtype:trojan-activity;sid:83697321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.105.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834220/; classtype:trojan-activity;sid:83697320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.157.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834219/; classtype:trojan-activity;sid:83697319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.52.245.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834218/; classtype:trojan-activity;sid:83697318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834217/; classtype:trojan-activity;sid:83697317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.7.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834216/; classtype:trojan-activity;sid:83697316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834215/; classtype:trojan-activity;sid:83697315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.178.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834214/; classtype:trojan-activity;sid:83697314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.184.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834213/; classtype:trojan-activity;sid:83697313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.209.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834212/; classtype:trojan-activity;sid:83697312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.1.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834211/; classtype:trojan-activity;sid:83697311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.227.165.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834210/; classtype:trojan-activity;sid:83697310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.13.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834209/; classtype:trojan-activity;sid:83697309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.124.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834208/; classtype:trojan-activity;sid:83697308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834207/; classtype:trojan-activity;sid:83697307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.52.245.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834206/; classtype:trojan-activity;sid:83697306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.4.196"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834205/; classtype:trojan-activity;sid:83697305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.88.108.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834204/; classtype:trojan-activity;sid:83697304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.13.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834203/; classtype:trojan-activity;sid:83697303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834202/; classtype:trojan-activity;sid:83697302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.178.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834201/; classtype:trojan-activity;sid:83697301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.37.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834200/; classtype:trojan-activity;sid:83697300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.13.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834199/; classtype:trojan-activity;sid:83697299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.110.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834198/; classtype:trojan-activity;sid:83697298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834196/; classtype:trojan-activity;sid:83697296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.2.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834197/; classtype:trojan-activity;sid:83697297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.184.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834195/; classtype:trojan-activity;sid:83697295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.161.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834194/; classtype:trojan-activity;sid:83697294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834192/; classtype:trojan-activity;sid:83697292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834193/; classtype:trojan-activity;sid:83697293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834191/; classtype:trojan-activity;sid:83697291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834188/; classtype:trojan-activity;sid:83697288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834189/; classtype:trojan-activity;sid:83697289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834190/; classtype:trojan-activity;sid:83697290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834182/; classtype:trojan-activity;sid:83697282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834183/; classtype:trojan-activity;sid:83697283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834184/; classtype:trojan-activity;sid:83697284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834185/; classtype:trojan-activity;sid:83697285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834186/; classtype:trojan-activity;sid:83697286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"176.123.1.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834187/; classtype:trojan-activity;sid:83697287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pocs/a.bat"; depth:11; endswith; nocase; http.host; content:"45.63.99.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834181/; classtype:trojan-activity;sid:83697281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.132.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834180/; classtype:trojan-activity;sid:83697280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.157.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834179/; classtype:trojan-activity;sid:83697279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.248.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834177/; classtype:trojan-activity;sid:83697277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.44.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834178/; classtype:trojan-activity;sid:83697278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834176/; classtype:trojan-activity;sid:83697276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.147.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834175/; classtype:trojan-activity;sid:83697275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834174/; classtype:trojan-activity;sid:83697274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.165.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834172/; classtype:trojan-activity;sid:83697272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834173/; classtype:trojan-activity;sid:83697273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834169/; classtype:trojan-activity;sid:83697269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834170/; classtype:trojan-activity;sid:83697270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834171/; classtype:trojan-activity;sid:83697271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834159/; classtype:trojan-activity;sid:83697259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834160/; classtype:trojan-activity;sid:83697260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834161/; classtype:trojan-activity;sid:83697261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834162/; classtype:trojan-activity;sid:83697262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834163/; classtype:trojan-activity;sid:83697263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834164/; classtype:trojan-activity;sid:83697264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834165/; classtype:trojan-activity;sid:83697265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834166/; classtype:trojan-activity;sid:83697266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834167/; classtype:trojan-activity;sid:83697267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"128.199.74.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834168/; classtype:trojan-activity;sid:83697268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.248.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834158/; classtype:trojan-activity;sid:83697258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.161.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834157/; classtype:trojan-activity;sid:83697257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.223.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834156/; classtype:trojan-activity;sid:83697256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"bug.anesthetics.biomedzglobal.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834155/; classtype:trojan-activity;sid:83697255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.95.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834154/; classtype:trojan-activity;sid:83697254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.151.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834153/; classtype:trojan-activity;sid:83697253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.231.121.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834152/; classtype:trojan-activity;sid:83697252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.200.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834151/; classtype:trojan-activity;sid:83697251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.4.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834150/; classtype:trojan-activity;sid:83697250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.21.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834149/; classtype:trojan-activity;sid:83697249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/telnet.sh"; depth:15; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834148/; classtype:trojan-activity;sid:83697248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834147/; classtype:trojan-activity;sid:83697247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.88.108.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834145/; classtype:trojan-activity;sid:83697245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834146/; classtype:trojan-activity;sid:83697246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrmpsl"; depth:12; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834137/; classtype:trojan-activity;sid:83697237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrx86"; depth:11; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834138/; classtype:trojan-activity;sid:83697238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrppc"; depth:11; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834139/; classtype:trojan-activity;sid:83697239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrarm7"; depth:12; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834140/; classtype:trojan-activity;sid:83697240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrarm"; depth:11; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834141/; classtype:trojan-activity;sid:83697241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrmips"; depth:12; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834142/; classtype:trojan-activity;sid:83697242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrarm5"; depth:12; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834143/; classtype:trojan-activity;sid:83697243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrarm6"; depth:12; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834144/; classtype:trojan-activity;sid:83697244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrmips2"; depth:13; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834134/; classtype:trojan-activity;sid:83697234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrx86_64"; depth:14; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834135/; classtype:trojan-activity;sid:83697235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrsh4"; depth:11; endswith; nocase; http.host; content:"94.156.66.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834136/; classtype:trojan-activity;sid:83697236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.41.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834133/; classtype:trojan-activity;sid:83697233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.25.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834132/; classtype:trojan-activity;sid:83697232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.44.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834131/; classtype:trojan-activity;sid:83697231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.165.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834130/; classtype:trojan-activity;sid:83697230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834129/; classtype:trojan-activity;sid:83697229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.57.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834128/; classtype:trojan-activity;sid:83697228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834126/; classtype:trojan-activity;sid:83697226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834127/; classtype:trojan-activity;sid:83697227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834121/; classtype:trojan-activity;sid:83697221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834122/; classtype:trojan-activity;sid:83697222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834123/; classtype:trojan-activity;sid:83697223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834124/; classtype:trojan-activity;sid:83697224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834125/; classtype:trojan-activity;sid:83697225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834118/; classtype:trojan-activity;sid:83697218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834119/; classtype:trojan-activity;sid:83697219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834120/; classtype:trojan-activity;sid:83697220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834116/; classtype:trojan-activity;sid:83697216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"craf.kro.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834117/; classtype:trojan-activity;sid:83697217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834115/; classtype:trojan-activity;sid:83697215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.101.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834114/; classtype:trojan-activity;sid:83697214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834113/; classtype:trojan-activity;sid:83697213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.50.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834112/; classtype:trojan-activity;sid:83697212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.154.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834111/; classtype:trojan-activity;sid:83697211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.28.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834108/; classtype:trojan-activity;sid:83697208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.101.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834109/; classtype:trojan-activity;sid:83697209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834110/; classtype:trojan-activity;sid:83697210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.19.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834107/; classtype:trojan-activity;sid:83697207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834103/; classtype:trojan-activity;sid:83697203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mips"; depth:10; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834104/; classtype:trojan-activity;sid:83697204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm7"; depth:10; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834105/; classtype:trojan-activity;sid:83697205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86_64"; depth:12; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834106/; classtype:trojan-activity;sid:83697206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm5"; depth:10; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834099/; classtype:trojan-activity;sid:83697199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834100/; classtype:trojan-activity;sid:83697200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm6"; depth:10; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834101/; classtype:trojan-activity;sid:83697201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.ppc"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834102/; classtype:trojan-activity;sid:83697202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.m68k"; depth:10; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834098/; classtype:trojan-activity;sid:83697198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.spc"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834095/; classtype:trojan-activity;sid:83697195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.sh4"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834096/; classtype:trojan-activity;sid:83697196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mpsl"; depth:10; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834097/; classtype:trojan-activity;sid:83697197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utna==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; depth:90; endswith; nocase; http.host; content:"147.45.47.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834094/; classtype:trojan-activity;sid:83697194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmq==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; depth:90; endswith; nocase; http.host; content:"147.45.47.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834093/; classtype:trojan-activity;sid:83697193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmg==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; depth:90; endswith; nocase; http.host; content:"147.45.47.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834092/; classtype:trojan-activity;sid:83697192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmw==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; depth:90; endswith; nocase; http.host; content:"147.45.47.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834091/; classtype:trojan-activity;sid:83697191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.41.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834090/; classtype:trojan-activity;sid:83697190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; depth:49; endswith; nocase; http.host; content:"37.60.238.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834089/; classtype:trojan-activity;sid:83697189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; depth:49; endswith; nocase; http.host; content:"31.172.87.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834088/; classtype:trojan-activity;sid:83697188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmi5hcgs="; depth:49; endswith; nocase; http.host; content:"91.151.88.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834087/; classtype:trojan-activity;sid:83697187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmy5hcgs="; depth:49; endswith; nocase; http.host; content:"54.36.113.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834081/; classtype:trojan-activity;sid:83697181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utni5hcgs="; depth:49; endswith; nocase; http.host; content:"37.60.238.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834082/; classtype:trojan-activity;sid:83697182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; depth:49; endswith; nocase; http.host; content:"54.36.113.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834083/; classtype:trojan-activity;sid:83697183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmi5hcgs="; depth:49; endswith; nocase; http.host; content:"37.60.238.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834084/; classtype:trojan-activity;sid:83697184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utns5hcgs="; depth:49; endswith; nocase; http.host; content:"37.60.238.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834085/; classtype:trojan-activity;sid:83697185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmy5hcgs="; depth:49; endswith; nocase; http.host; content:"37.60.238.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834086/; classtype:trojan-activity;sid:83697186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utni5hcgs="; depth:49; endswith; nocase; http.host; content:"54.36.113.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834073/; classtype:trojan-activity;sid:83697173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmi5hcgs="; depth:49; endswith; nocase; http.host; content:"54.36.113.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834074/; classtype:trojan-activity;sid:83697174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; depth:49; endswith; nocase; http.host; content:"91.151.88.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834075/; classtype:trojan-activity;sid:83697175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; depth:49; endswith; nocase; http.host; content:"45.93.137.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834076/; classtype:trojan-activity;sid:83697176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; depth:49; endswith; nocase; http.host; content:"103.67.163.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834077/; classtype:trojan-activity;sid:83697177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utnc5hcgs="; depth:49; endswith; nocase; http.host; content:"54.36.113.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834078/; classtype:trojan-activity;sid:83697178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utnc5hcgs="; depth:49; endswith; nocase; http.host; content:"37.60.238.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834079/; classtype:trojan-activity;sid:83697179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utns5hcgs="; depth:49; endswith; nocase; http.host; content:"54.36.113.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834080/; classtype:trojan-activity;sid:83697180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.33.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834072/; classtype:trojan-activity;sid:83697172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.28.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834071/; classtype:trojan-activity;sid:83697171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834070/; classtype:trojan-activity;sid:83697170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.145.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834069/; classtype:trojan-activity;sid:83697169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.223.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834067/; classtype:trojan-activity;sid:83697167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.33.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834068/; classtype:trojan-activity;sid:83697168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834066/; classtype:trojan-activity;sid:83697166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.158.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834065/; classtype:trojan-activity;sid:83697165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.88.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834064/; classtype:trojan-activity;sid:83697164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.25.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834063/; classtype:trojan-activity;sid:83697163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/google-maps-easy/classes/wpe-enige.html"; depth:59; endswith; nocase; http.host; content:"mizpuraciculukavcu.ba"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834062/; classtype:trojan-activity;sid:83697162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.50.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834061/; classtype:trojan-activity;sid:83697161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.101.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834060/; classtype:trojan-activity;sid:83697160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.96.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834059/; classtype:trojan-activity;sid:83697159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.213.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834058/; classtype:trojan-activity;sid:83697158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834057/; classtype:trojan-activity;sid:83697157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.158.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834056/; classtype:trojan-activity;sid:83697156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.223.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834055/; classtype:trojan-activity;sid:83697155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.121.83.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834054/; classtype:trojan-activity;sid:83697154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xhicktx7dthp"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834053/; classtype:trojan-activity;sid:83697153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.211.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834052/; classtype:trojan-activity;sid:83697152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.119.199.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834051/; classtype:trojan-activity;sid:83697151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.192.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834050/; classtype:trojan-activity;sid:83697150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.198.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834049/; classtype:trojan-activity;sid:83697149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834048/; classtype:trojan-activity;sid:83697148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834044/; classtype:trojan-activity;sid:83697144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834045/; classtype:trojan-activity;sid:83697145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834046/; classtype:trojan-activity;sid:83697146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834047/; classtype:trojan-activity;sid:83697147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834041/; classtype:trojan-activity;sid:83697141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834042/; classtype:trojan-activity;sid:83697142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834043/; classtype:trojan-activity;sid:83697143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834036/; classtype:trojan-activity;sid:83697136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834037/; classtype:trojan-activity;sid:83697137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834038/; classtype:trojan-activity;sid:83697138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834039/; classtype:trojan-activity;sid:83697139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"94.156.67.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834040/; classtype:trojan-activity;sid:83697140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.198.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834035/; classtype:trojan-activity;sid:83697135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.44.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834034/; classtype:trojan-activity;sid:83697134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.254.64.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834032/; classtype:trojan-activity;sid:83697132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.93.184.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834033/; classtype:trojan-activity;sid:83697133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834031/; classtype:trojan-activity;sid:83697131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.48.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834030/; classtype:trojan-activity;sid:83697130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"209.141.36.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834029/; classtype:trojan-activity;sid:83697129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.70.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834028/; classtype:trojan-activity;sid:83697128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.154.249.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834027/; classtype:trojan-activity;sid:83697127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834026/; classtype:trojan-activity;sid:83697126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.154.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834025/; classtype:trojan-activity;sid:83697125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.149.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834023/; classtype:trojan-activity;sid:83697123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.99.97.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834024/; classtype:trojan-activity;sid:83697124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.208.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834022/; classtype:trojan-activity;sid:83697122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.63.114.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834021/; classtype:trojan-activity;sid:83697121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.188.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834020/; classtype:trojan-activity;sid:83697120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.208.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834019/; classtype:trojan-activity;sid:83697119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.149.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834018/; classtype:trojan-activity;sid:83697118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"210.50.169.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834017/; classtype:trojan-activity;sid:83697117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834016/; classtype:trojan-activity;sid:83697116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.69.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834015/; classtype:trojan-activity;sid:83697115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834014/; classtype:trojan-activity;sid:83697114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834013/; classtype:trojan-activity;sid:83697113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834012/; classtype:trojan-activity;sid:83697112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xn0v3uucqrjw"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834011/; classtype:trojan-activity;sid:83697111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.98.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834009/; classtype:trojan-activity;sid:83697109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.128.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834010/; classtype:trojan-activity;sid:83697110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.70.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834008/; classtype:trojan-activity;sid:83697108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.99.97.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834007/; classtype:trojan-activity;sid:83697107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.37.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834006/; classtype:trojan-activity;sid:83697106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.50.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834005/; classtype:trojan-activity;sid:83697105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.188.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834004/; classtype:trojan-activity;sid:83697104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669163151|3f|hash=yeundenoxnanhvbrcc2bnw0dbd1na4qx8y9hdktz3wo|7c|26|7c|dl=i579msw3nludhanschq5k2o9inv0hpmjajd1ahn0csp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834003/; classtype:trojan-activity;sid:83697103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.203.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834002/; classtype:trojan-activity;sid:83697102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669163253|3f|hash=iw0hsgrk8ydx7cqoqamikklp8eu8tjrsyfcdgdtn1k0|7c|26|7c|dl=zmc21wrdfh2ratobxxmq3axikvjhkfiv4okccepbnnk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834001/; classtype:trojan-activity;sid:83697101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834000/; classtype:trojan-activity;sid:83697100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.174.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833999/; classtype:trojan-activity;sid:83697099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.157.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833998/; classtype:trojan-activity;sid:83697098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.70.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833997/; classtype:trojan-activity;sid:83697097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.229.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833996/; classtype:trojan-activity;sid:83697096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.237.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833995/; classtype:trojan-activity;sid:83697095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.117.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833994/; classtype:trojan-activity;sid:83697094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.81.20"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833993/; classtype:trojan-activity;sid:83697093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.246.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833992/; classtype:trojan-activity;sid:83697092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833991/; classtype:trojan-activity;sid:83697091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.159.133.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833990/; classtype:trojan-activity;sid:83697090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.37.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833989/; classtype:trojan-activity;sid:83697089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newestenc.exe"; depth:14; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833988/; classtype:trojan-activity;sid:83697088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.12.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833987/; classtype:trojan-activity;sid:83697087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clienttdl.exe"; depth:14; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833986/; classtype:trojan-activity;sid:83697086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ratv3.exe"; depth:10; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833985/; classtype:trojan-activity;sid:83697085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venom.exe"; depth:10; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833984/; classtype:trojan-activity;sid:83697084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pogingenc.exe"; depth:14; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833983/; classtype:trojan-activity;sid:83697083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venomrat%206.0.3%20hvnc.exe"; depth:28; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833982/; classtype:trojan-activity;sid:83697082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venom2c%232.exe"; depth:16; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833980/; classtype:trojan-activity;sid:83697080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833981/; classtype:trojan-activity;sid:83697081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pogingencdl.exe"; depth:16; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833978/; classtype:trojan-activity;sid:83697078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venoaa.exe"; depth:11; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833979/; classtype:trojan-activity;sid:83697079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venom2.exe"; depth:11; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833974/; classtype:trojan-activity;sid:83697074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venom2c%23.exe"; depth:15; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833975/; classtype:trojan-activity;sid:83697075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pogingenc%202.exe"; depth:18; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833976/; classtype:trojan-activity;sid:83697076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1%20(1).exe"; depth:12; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833977/; classtype:trojan-activity;sid:83697077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.178.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833973/; classtype:trojan-activity;sid:83697073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/encrypted.exe"; depth:14; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833972/; classtype:trojan-activity;sid:83697072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.69.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833970/; classtype:trojan-activity;sid:83697070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientt.exe"; depth:12; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833971/; classtype:trojan-activity;sid:83697071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venom.exe.exe"; depth:14; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833969/; classtype:trojan-activity;sid:83697069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.237.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833968/; classtype:trojan-activity;sid:83697068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.81.20"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833967/; classtype:trojan-activity;sid:83697067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.182.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833966/; classtype:trojan-activity;sid:83697066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.113.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833965/; classtype:trojan-activity;sid:83697065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833964/; classtype:trojan-activity;sid:83697064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.44.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833962/; classtype:trojan-activity;sid:83697062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.19.149.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833963/; classtype:trojan-activity;sid:83697063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.195.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833960/; classtype:trojan-activity;sid:83697060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.31.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833961/; classtype:trojan-activity;sid:83697061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833959/; classtype:trojan-activity;sid:83697059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833958/; classtype:trojan-activity;sid:83697058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.19.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833957/; classtype:trojan-activity;sid:83697057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.23.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833956/; classtype:trojan-activity;sid:83697056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.182.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833955/; classtype:trojan-activity;sid:83697055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833954/; classtype:trojan-activity;sid:83697054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.101.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833953/; classtype:trojan-activity;sid:83697053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833952/; classtype:trojan-activity;sid:83697052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833951/; classtype:trojan-activity;sid:83697051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.195.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833950/; classtype:trojan-activity;sid:83697050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.99.149.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833949/; classtype:trojan-activity;sid:83697049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.182.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833948/; classtype:trojan-activity;sid:83697048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.25.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833947/; classtype:trojan-activity;sid:83697047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.152.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833946/; classtype:trojan-activity;sid:83697046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.95.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833945/; classtype:trojan-activity;sid:83697045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833944/; classtype:trojan-activity;sid:83697044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.65.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833943/; classtype:trojan-activity;sid:83697043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.67.9.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833942/; classtype:trojan-activity;sid:83697042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.223.129.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833941/; classtype:trojan-activity;sid:83697041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.121.174.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833940/; classtype:trojan-activity;sid:83697040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.254.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833938/; classtype:trojan-activity;sid:83697038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833939/; classtype:trojan-activity;sid:83697039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.234.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833937/; classtype:trojan-activity;sid:83697037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833936/; classtype:trojan-activity;sid:83697036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.190.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833935/; classtype:trojan-activity;sid:83697035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.146.16.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833934/; classtype:trojan-activity;sid:83697034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.101.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833932/; classtype:trojan-activity;sid:83697032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.227.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833933/; classtype:trojan-activity;sid:83697033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833931/; classtype:trojan-activity;sid:83697031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.169.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833930/; classtype:trojan-activity;sid:83697030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.225.254.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833929/; classtype:trojan-activity;sid:83697029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.241.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833928/; classtype:trojan-activity;sid:83697028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833927/; classtype:trojan-activity;sid:83697027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/see.exe"; depth:8; endswith; nocase; http.host; content:"192.3.239.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833926/; classtype:trojan-activity;sid:83697026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/weg/creatednewthingstounderstandhowgoodfishingdowithaboatwenotunderstandthatgirl___beautifulgirlkissedmelove.doc"; depth:119; endswith; nocase; http.host; content:"192.3.239.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833925/; classtype:trojan-activity;sid:83697025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.254.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833924/; classtype:trojan-activity;sid:83697024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.26.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833923/; classtype:trojan-activity;sid:83697023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scg.exe"; depth:8; endswith; nocase; http.host; content:"scll.netlify.app"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833922/; classtype:trojan-activity;sid:83697022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.227.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833921/; classtype:trojan-activity;sid:83697021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-contenth/theme/twentytwentyfr.php"; depth:37; endswith; nocase; http.host; content:"alphaumi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833920/; classtype:trojan-activity;sid:83697020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anexos/1668093182.exe"; depth:22; endswith; nocase; http.host; content:"s3proesc.s3.amazonaws.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833919/; classtype:trojan-activity;sid:83697019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venomrat%206.0.3%20hvnc%20final.exe"; depth:36; endswith; nocase; http.host; content:"93.123.85.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833915/; classtype:trojan-activity;sid:83697015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frexoff/efefwefwwf/main/cock.exe"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3505/cnn.exe"; depth:13; endswith; nocase; http.host; content:"198.12.81.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833917/; classtype:trojan-activity;sid:83697017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1355/hjcc.exe"; depth:14; endswith; nocase; http.host; content:"198.12.81.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833918/; classtype:trojan-activity;sid:83697018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsb8snav.exe"; depth:13; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833913/; classtype:trojan-activity;sid:83697013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/55bf0530df4adbcde4bb5bfac418bfda/likeepexploit.exe"; depth:55; endswith; nocase; http.host; content:"loader.oxy.st"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833914/; classtype:trojan-activity;sid:83697014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venomrat%206.0.3%20hvnc%20final.exe"; depth:36; endswith; nocase; http.host; content:"workserver.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833911/; classtype:trojan-activity;sid:83697011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venomrat%206.0.3%20hvnc%20final.exe"; depth:36; endswith; nocase; http.host; content:"workserver.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833912/; classtype:trojan-activity;sid:83697012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e6%9f%a5%e9%98%856024.exe"; depth:27; endswith; nocase; http.host; content:"srenzk.shop"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833910/; classtype:trojan-activity;sid:83697010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123.conf"; depth:9; endswith; nocase; http.host; content:"8.134.147.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833909/; classtype:trojan-activity;sid:83697009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/holycrossschool/2022-2023/circular/1127834871659249036.exe"; depth:59; endswith; nocase; http.host; content:"egenius-s3.s3.amazonaws.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833908/; classtype:trojan-activity;sid:83697008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upsupx3.exe"; depth:12; endswith; nocase; http.host; content:"66.225.246.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833906/; classtype:trojan-activity;sid:83697006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/6053/setup_6053.exe"; depth:22; endswith; nocase; http.host; content:"glo4.ink"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833907/; classtype:trojan-activity;sid:83697007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upsupx3.exe"; depth:12; endswith; nocase; http.host; content:"205.234.253.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833905/; classtype:trojan-activity;sid:83697005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/be.exe"; depth:7; endswith; nocase; http.host; content:"cyg2016.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833898/; classtype:trojan-activity;sid:83696998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server/k/l2.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833899/; classtype:trojan-activity;sid:83696999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/be.exe"; depth:7; endswith; nocase; http.host; content:"223.25.247.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833900/; classtype:trojan-activity;sid:83697000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956002.exe"; depth:68; endswith; nocase; http.host; content:"www.btyrtr2.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833901/; classtype:trojan-activity;sid:83697001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001.exe"; depth:68; endswith; nocase; http.host; content:"www.aokdemc.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833902/; classtype:trojan-activity;sid:83697002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001.exe"; depth:68; endswith; nocase; http.host; content:"aokdemc.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833903/; classtype:trojan-activity;sid:83697003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/773/797/original/new_image.jpg|3f|1713882029"; depth:56; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833897/; classtype:trojan-activity;sid:83696997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/bild_redlain.exe"; depth:22; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833896/; classtype:trojan-activity;sid:83696996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/hgh/wanthearthatbeautifulgirlilovedheralotofthingsneedtodobutsheisverybeautifulgirlwhoilovedheralotmygirlsheis___iwantshewillbehappy.doc"; depth:143; endswith; nocase; http.host; content:"198.12.81.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833895/; classtype:trojan-activity;sid:83696995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimikatz.exe"; depth:13; endswith; nocase; http.host; content:"disk.hostz1.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833894/; classtype:trojan-activity;sid:83696994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig.exe"; depth:10; endswith; nocase; http.host; content:"78.153.140.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833893/; classtype:trojan-activity;sid:83696993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mf/am.exe"; depth:10; endswith; nocase; http.host; content:"rtattack.ralyjya9.online"; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833892/; classtype:trojan-activity;sid:83696992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7f2b25ae3e35529e1dcef7c2b1f6bce9/cad54ba5b01423b1af8ec10ab5719d97.exe"; depth:70; endswith; nocase; http.host; content:"carthewasher.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833891/; classtype:trojan-activity;sid:83696991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.149.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833890/; classtype:trojan-activity;sid:83696990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833889/; classtype:trojan-activity;sid:83696989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.26.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833888/; classtype:trojan-activity;sid:83696988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.156.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833887/; classtype:trojan-activity;sid:83696987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833886/; classtype:trojan-activity;sid:83696986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.241.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833885/; classtype:trojan-activity;sid:83696985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.133.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833884/; classtype:trojan-activity;sid:83696984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.208.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833883/; classtype:trojan-activity;sid:83696983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.243.34.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833882/; classtype:trojan-activity;sid:83696982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.93.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833881/; classtype:trojan-activity;sid:83696981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/download.php|3f|c=1000"; depth:28; endswith; nocase; http.host; content:"d1olnfqg9ss9n0.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833880/; classtype:trojan-activity;sid:83696980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.169.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833879/; classtype:trojan-activity;sid:83696979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.152.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833878/; classtype:trojan-activity;sid:83696978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833877/; classtype:trojan-activity;sid:83696977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.230.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833876/; classtype:trojan-activity;sid:83696976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833875/; classtype:trojan-activity;sid:83696975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833874/; classtype:trojan-activity;sid:83696974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.35.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833873/; classtype:trojan-activity;sid:83696973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.227.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833872/; classtype:trojan-activity;sid:83696972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.133.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833871/; classtype:trojan-activity;sid:83696971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.131.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833869/; classtype:trojan-activity;sid:83696969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.113.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833870/; classtype:trojan-activity;sid:83696970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.220.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833868/; classtype:trojan-activity;sid:83696968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.93.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833867/; classtype:trojan-activity;sid:83696967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833866/; classtype:trojan-activity;sid:83696966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.118.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833865/; classtype:trojan-activity;sid:83696965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.131.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833864/; classtype:trojan-activity;sid:83696964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.227.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833863/; classtype:trojan-activity;sid:83696963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epq.exe"; depth:8; endswith; nocase; http.host; content:"23.94.54.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833862/; classtype:trojan-activity;sid:83696962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.178.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833861/; classtype:trojan-activity;sid:83696961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.199.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833859/; classtype:trojan-activity;sid:83696959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.87.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833860/; classtype:trojan-activity;sid:83696960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.10.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833858/; classtype:trojan-activity;sid:83696958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.220.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833857/; classtype:trojan-activity;sid:83696957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rumba/buben.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833856/; classtype:trojan-activity;sid:83696956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28088/hrrm/havenewthingstounderstandwhichgivegreatthingsimeanbeautu=ifulthingseverfindedonearth____sheismygirlmywifemyheartsheis.doc"; depth:133; endswith; nocase; http.host; content:"107.172.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833855/; classtype:trojan-activity;sid:83696955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4vzvc"; depth:6; endswith; nocase; http.host; content:"pop.tg"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833854/; classtype:trojan-activity;sid:83696954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.225.254.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833853/; classtype:trojan-activity;sid:83696953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833852/; classtype:trojan-activity;sid:83696952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.106.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833851/; classtype:trojan-activity;sid:83696951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.118.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833850/; classtype:trojan-activity;sid:83696950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.17.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833849/; classtype:trojan-activity;sid:83696949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.79.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833848/; classtype:trojan-activity;sid:83696948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.149.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833846/; classtype:trojan-activity;sid:83696946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.10.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833847/; classtype:trojan-activity;sid:83696947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.212.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833845/; classtype:trojan-activity;sid:83696945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.231.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833844/; classtype:trojan-activity;sid:83696944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.39.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833842/; classtype:trojan-activity;sid:83696942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.211.95.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833843/; classtype:trojan-activity;sid:83696943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.99.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833841/; classtype:trojan-activity;sid:83696941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.79.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833840/; classtype:trojan-activity;sid:83696940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833839/; classtype:trojan-activity;sid:83696939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.246.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833838/; classtype:trojan-activity;sid:83696938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.224.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833837/; classtype:trojan-activity;sid:83696937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.63.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833836/; classtype:trojan-activity;sid:83696936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.112.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833835/; classtype:trojan-activity;sid:83696935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.226.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833834/; classtype:trojan-activity;sid:83696934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.46.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833833/; classtype:trojan-activity;sid:83696933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.162.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833832/; classtype:trojan-activity;sid:83696932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833831/; classtype:trojan-activity;sid:83696931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.243.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833830/; classtype:trojan-activity;sid:83696930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/disbot"; depth:33; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833829/; classtype:trojan-activity;sid:83696929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.246.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833828/; classtype:trojan-activity;sid:83696928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833827/; classtype:trojan-activity;sid:83696927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.224.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833826/; classtype:trojan-activity;sid:83696926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.149.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833825/; classtype:trojan-activity;sid:83696925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.145.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833824/; classtype:trojan-activity;sid:83696924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833823/; classtype:trojan-activity;sid:83696923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.17.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833822/; classtype:trojan-activity;sid:83696922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.157.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833821/; classtype:trojan-activity;sid:83696921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.127.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833820/; classtype:trojan-activity;sid:83696920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"65.23.227.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833819/; classtype:trojan-activity;sid:83696919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.30.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833818/; classtype:trojan-activity;sid:83696918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833817/; classtype:trojan-activity;sid:83696917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833815/; classtype:trojan-activity;sid:83696915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.119.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833816/; classtype:trojan-activity;sid:83696916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.34.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833814/; classtype:trojan-activity;sid:83696914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.163.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833813/; classtype:trojan-activity;sid:83696913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.4.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833812/; classtype:trojan-activity;sid:83696912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.112.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833811/; classtype:trojan-activity;sid:83696911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.226.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833810/; classtype:trojan-activity;sid:83696910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.138.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833809/; classtype:trojan-activity;sid:83696909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833808/; classtype:trojan-activity;sid:83696908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833807/; classtype:trojan-activity;sid:83696907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.115.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833806/; classtype:trojan-activity;sid:83696906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.80.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833805/; classtype:trojan-activity;sid:83696905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.243.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833804/; classtype:trojan-activity;sid:83696904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.138.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833803/; classtype:trojan-activity;sid:83696903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.251.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833802/; classtype:trojan-activity;sid:83696902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.66.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833801/; classtype:trojan-activity;sid:83696901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.0.183"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833800/; classtype:trojan-activity;sid:83696900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833799/; classtype:trojan-activity;sid:83696899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.127.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833798/; classtype:trojan-activity;sid:83696898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.50.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833797/; classtype:trojan-activity;sid:83696897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.232.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833796/; classtype:trojan-activity;sid:83696896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.61.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833795/; classtype:trojan-activity;sid:83696895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.183"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833794/; classtype:trojan-activity;sid:83696894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.70.180.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833793/; classtype:trojan-activity;sid:83696893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.11.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833792/; classtype:trojan-activity;sid:83696892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.111.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833791/; classtype:trojan-activity;sid:83696891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669125786|3f|hash=v1rfzjl7diw7zlwb8iremp9wzgjf2mm38qf6cqvrniz|7c|26|7c|dl=d8idmv6ccvnhcmclu2iz35zurh2yfz78kvultw2eg7w|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833790/; classtype:trojan-activity;sid:83696890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.17.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833789/; classtype:trojan-activity;sid:83696889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.61.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833788/; classtype:trojan-activity;sid:83696888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833787/; classtype:trojan-activity;sid:83696887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.26.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833786/; classtype:trojan-activity;sid:83696886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833785/; classtype:trojan-activity;sid:83696885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.1.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833784/; classtype:trojan-activity;sid:83696884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833783/; classtype:trojan-activity;sid:83696883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.234.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833782/; classtype:trojan-activity;sid:83696882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.54.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833781/; classtype:trojan-activity;sid:83696881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.75.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833780/; classtype:trojan-activity;sid:83696880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.70.180.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833779/; classtype:trojan-activity;sid:83696879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833778/; classtype:trojan-activity;sid:83696878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.62.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833777/; classtype:trojan-activity;sid:83696877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.1.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833776/; classtype:trojan-activity;sid:83696876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.192.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833775/; classtype:trojan-activity;sid:83696875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.203.225.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833774/; classtype:trojan-activity;sid:83696874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833773/; classtype:trojan-activity;sid:83696873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl.ns"; depth:8; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833772/; classtype:trojan-activity;sid:83696872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.234.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833771/; classtype:trojan-activity;sid:83696871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833770/; classtype:trojan-activity;sid:83696870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.4.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833769/; classtype:trojan-activity;sid:83696869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.120.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833768/; classtype:trojan-activity;sid:83696868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.217.229.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833767/; classtype:trojan-activity;sid:83696867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833766/; classtype:trojan-activity;sid:83696866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.75.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833765/; classtype:trojan-activity;sid:83696865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.175.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833764/; classtype:trojan-activity;sid:83696864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.153.140.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833763/; classtype:trojan-activity;sid:83696863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833762/; classtype:trojan-activity;sid:83696862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.198.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833761/; classtype:trojan-activity;sid:83696861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.101.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833760/; classtype:trojan-activity;sid:83696860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.182.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833759/; classtype:trojan-activity;sid:83696859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669152103|3f|hash=pkblrovv4lme1r6iuxvw4ddthfffr8gbvrqstklz4bx|7c|26|7c|dl=oz0yeqh4ryrcb5su2jqoknjmaecbe7ll19g2um9kyex|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833758/; classtype:trojan-activity;sid:83696858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.161.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833757/; classtype:trojan-activity;sid:83696857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.166.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833756/; classtype:trojan-activity;sid:83696856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.209.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833755/; classtype:trojan-activity;sid:83696855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.98.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833754/; classtype:trojan-activity;sid:83696854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.98.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833753/; classtype:trojan-activity;sid:83696853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.75.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833752/; classtype:trojan-activity;sid:83696852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.234.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833751/; classtype:trojan-activity;sid:83696851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.180.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833750/; classtype:trojan-activity;sid:83696850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.175.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833749/; classtype:trojan-activity;sid:83696849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.49.198.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833748/; classtype:trojan-activity;sid:83696848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.162.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833747/; classtype:trojan-activity;sid:83696847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.182.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833745/; classtype:trojan-activity;sid:83696845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833746/; classtype:trojan-activity;sid:83696846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.64.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833743/; classtype:trojan-activity;sid:83696843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.166.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833744/; classtype:trojan-activity;sid:83696844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.104.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833742/; classtype:trojan-activity;sid:83696842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.209.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833741/; classtype:trojan-activity;sid:83696841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.98.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833740/; classtype:trojan-activity;sid:83696840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.98.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833739/; classtype:trojan-activity;sid:83696839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.170.49.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833738/; classtype:trojan-activity;sid:83696838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.71.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833737/; classtype:trojan-activity;sid:83696837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.49.167.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833736/; classtype:trojan-activity;sid:83696836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.182.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833735/; classtype:trojan-activity;sid:83696835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.6.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833734/; classtype:trojan-activity;sid:83696834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.133.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833733/; classtype:trojan-activity;sid:83696833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.64.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833732/; classtype:trojan-activity;sid:83696832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833731/; classtype:trojan-activity;sid:83696831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833730/; classtype:trojan-activity;sid:83696830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833729/; classtype:trojan-activity;sid:83696829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.0.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833728/; classtype:trojan-activity;sid:83696828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.215.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833727/; classtype:trojan-activity;sid:83696827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833723/; classtype:trojan-activity;sid:83696823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833724/; classtype:trojan-activity;sid:83696824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833725/; classtype:trojan-activity;sid:83696825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.98.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833726/; classtype:trojan-activity;sid:83696826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833719/; classtype:trojan-activity;sid:83696819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833720/; classtype:trojan-activity;sid:83696820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.232.4.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833721/; classtype:trojan-activity;sid:83696821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833722/; classtype:trojan-activity;sid:83696822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833717/; classtype:trojan-activity;sid:83696817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833718/; classtype:trojan-activity;sid:83696818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833715/; classtype:trojan-activity;sid:83696815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833716/; classtype:trojan-activity;sid:83696816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833713/; classtype:trojan-activity;sid:83696813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"178.128.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833714/; classtype:trojan-activity;sid:83696814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.69.217.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833712/; classtype:trojan-activity;sid:83696812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.18.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833711/; classtype:trojan-activity;sid:83696811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.198.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833710/; classtype:trojan-activity;sid:83696810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.x86_64"; depth:19; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833709/; classtype:trojan-activity;sid:83696809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.104.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833708/; classtype:trojan-activity;sid:83696808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.229.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833707/; classtype:trojan-activity;sid:83696807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.38.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833706/; classtype:trojan-activity;sid:83696806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.182.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833705/; classtype:trojan-activity;sid:83696805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.48.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833704/; classtype:trojan-activity;sid:83696804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.154.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833702/; classtype:trojan-activity;sid:83696802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.217.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833703/; classtype:trojan-activity;sid:83696803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833698/; classtype:trojan-activity;sid:83696798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833699/; classtype:trojan-activity;sid:83696799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833700/; classtype:trojan-activity;sid:83696800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833701/; classtype:trojan-activity;sid:83696801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833696/; classtype:trojan-activity;sid:83696796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833697/; classtype:trojan-activity;sid:83696797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833692/; classtype:trojan-activity;sid:83696792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833693/; classtype:trojan-activity;sid:83696793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833694/; classtype:trojan-activity;sid:83696794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833695/; classtype:trojan-activity;sid:83696795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833691/; classtype:trojan-activity;sid:83696791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833690/; classtype:trojan-activity;sid:83696790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833682/; classtype:trojan-activity;sid:83696782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833683/; classtype:trojan-activity;sid:83696783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833684/; classtype:trojan-activity;sid:83696784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833685/; classtype:trojan-activity;sid:83696785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833686/; classtype:trojan-activity;sid:83696786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.114.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833687/; classtype:trojan-activity;sid:83696787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833688/; classtype:trojan-activity;sid:83696788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833689/; classtype:trojan-activity;sid:83696789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833681/; classtype:trojan-activity;sid:83696781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833678/; classtype:trojan-activity;sid:83696778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833679/; classtype:trojan-activity;sid:83696779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833680/; classtype:trojan-activity;sid:83696780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833672/; classtype:trojan-activity;sid:83696772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833673/; classtype:trojan-activity;sid:83696773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833674/; classtype:trojan-activity;sid:83696774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833675/; classtype:trojan-activity;sid:83696775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833676/; classtype:trojan-activity;sid:83696776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833677/; classtype:trojan-activity;sid:83696777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833671/; classtype:trojan-activity;sid:83696771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833670/; classtype:trojan-activity;sid:83696770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833665/; classtype:trojan-activity;sid:83696765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833666/; classtype:trojan-activity;sid:83696766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833667/; classtype:trojan-activity;sid:83696767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833668/; classtype:trojan-activity;sid:83696768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833669/; classtype:trojan-activity;sid:83696769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833662/; classtype:trojan-activity;sid:83696762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833663/; classtype:trojan-activity;sid:83696763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833664/; classtype:trojan-activity;sid:83696764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833657/; classtype:trojan-activity;sid:83696757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833658/; classtype:trojan-activity;sid:83696758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833659/; classtype:trojan-activity;sid:83696759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833660/; classtype:trojan-activity;sid:83696760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833661/; classtype:trojan-activity;sid:83696761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833653/; classtype:trojan-activity;sid:83696753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833654/; classtype:trojan-activity;sid:83696754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833655/; classtype:trojan-activity;sid:83696755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.96.138.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833656/; classtype:trojan-activity;sid:83696756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.254.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833652/; classtype:trojan-activity;sid:83696752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm7"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833648/; classtype:trojan-activity;sid:83696748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm6"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833649/; classtype:trojan-activity;sid:83696749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/mips"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833650/; classtype:trojan-activity;sid:83696750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/x86_64"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833651/; classtype:trojan-activity;sid:83696751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm5"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833643/; classtype:trojan-activity;sid:83696743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/m68k"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833644/; classtype:trojan-activity;sid:83696744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/sh4"; depth:33; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833645/; classtype:trojan-activity;sid:83696745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/mpsl"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833646/; classtype:trojan-activity;sid:83696746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm"; depth:33; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833647/; classtype:trojan-activity;sid:83696747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/x86_32"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833642/; classtype:trojan-activity;sid:83696742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"190.109.229.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833641/; classtype:trojan-activity;sid:83696741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.18.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833640/; classtype:trojan-activity;sid:83696740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.238.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833639/; classtype:trojan-activity;sid:83696739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.142.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833638/; classtype:trojan-activity;sid:83696738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.10.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833637/; classtype:trojan-activity;sid:83696737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.229.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833636/; classtype:trojan-activity;sid:83696736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833635/; classtype:trojan-activity;sid:83696735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833634/; classtype:trojan-activity;sid:83696734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833633/; classtype:trojan-activity;sid:83696733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833632/; classtype:trojan-activity;sid:83696732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i5"; depth:3; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833624/; classtype:trojan-activity;sid:83696724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833625/; classtype:trojan-activity;sid:83696725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833626/; classtype:trojan-activity;sid:83696726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833627/; classtype:trojan-activity;sid:83696727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833628/; classtype:trojan-activity;sid:83696728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833629/; classtype:trojan-activity;sid:83696729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i6"; depth:3; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833630/; classtype:trojan-activity;sid:83696730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833631/; classtype:trojan-activity;sid:83696731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833620/; classtype:trojan-activity;sid:83696720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833621/; classtype:trojan-activity;sid:83696721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833622/; classtype:trojan-activity;sid:83696722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833623/; classtype:trojan-activity;sid:83696723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.3.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833618/; classtype:trojan-activity;sid:83696718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sha"; depth:4; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833619/; classtype:trojan-activity;sid:83696719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833617/; classtype:trojan-activity;sid:83696717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833614/; classtype:trojan-activity;sid:83696714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833615/; classtype:trojan-activity;sid:83696715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833616/; classtype:trojan-activity;sid:83696716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833604/; classtype:trojan-activity;sid:83696704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833605/; classtype:trojan-activity;sid:83696705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833606/; classtype:trojan-activity;sid:83696706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833607/; classtype:trojan-activity;sid:83696707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833608/; classtype:trojan-activity;sid:83696708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833609/; classtype:trojan-activity;sid:83696709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833610/; classtype:trojan-activity;sid:83696710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833611/; classtype:trojan-activity;sid:83696711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833612/; classtype:trojan-activity;sid:83696712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833613/; classtype:trojan-activity;sid:83696713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833599/; classtype:trojan-activity;sid:83696699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833600/; classtype:trojan-activity;sid:83696700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833601/; classtype:trojan-activity;sid:83696701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833602/; classtype:trojan-activity;sid:83696702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833603/; classtype:trojan-activity;sid:83696703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.142.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833598/; classtype:trojan-activity;sid:83696698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.22.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833595/; classtype:trojan-activity;sid:83696695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.73.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833596/; classtype:trojan-activity;sid:83696696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833597/; classtype:trojan-activity;sid:83696697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.88.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833594/; classtype:trojan-activity;sid:83696694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833593/; classtype:trojan-activity;sid:83696693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833591/; classtype:trojan-activity;sid:83696691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833592/; classtype:trojan-activity;sid:83696692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"143.198.57.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833590/; classtype:trojan-activity;sid:83696690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833588/; classtype:trojan-activity;sid:83696688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833589/; classtype:trojan-activity;sid:83696689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.10.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833587/; classtype:trojan-activity;sid:83696687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.123.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833586/; classtype:trojan-activity;sid:83696686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.103.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833585/; classtype:trojan-activity;sid:83696685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"154.44.30.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833584/; classtype:trojan-activity;sid:83696684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvc"; depth:4; endswith; nocase; http.host; content:"154.44.30.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833583/; classtype:trojan-activity;sid:83696683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/html"; depth:5; endswith; nocase; http.host; content:"154.44.30.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833582/; classtype:trojan-activity;sid:83696682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otc"; depth:4; endswith; nocase; http.host; content:"154.44.30.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833581/; classtype:trojan-activity;sid:83696681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833580/; classtype:trojan-activity;sid:83696680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/two.sh"; depth:7; endswith; nocase; http.host; content:"154.44.30.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833579/; classtype:trojan-activity;sid:83696679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.mips"; depth:27; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833578/; classtype:trojan-activity;sid:83696678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.x86_64"; depth:19; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833575/; classtype:trojan-activity;sid:83696675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.mips"; depth:17; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833576/; classtype:trojan-activity;sid:83696676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.dbg"; depth:16; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833577/; classtype:trojan-activity;sid:83696677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm5"; depth:17; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833566/; classtype:trojan-activity;sid:83696666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm7"; depth:27; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833567/; classtype:trojan-activity;sid:83696667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.x86"; depth:26; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833568/; classtype:trojan-activity;sid:83696668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm4"; depth:17; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833569/; classtype:trojan-activity;sid:83696669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.i686"; depth:27; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833570/; classtype:trojan-activity;sid:83696670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm7"; depth:17; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833571/; classtype:trojan-activity;sid:83696671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.x86"; depth:16; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833572/; classtype:trojan-activity;sid:83696672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.dbg"; depth:26; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833573/; classtype:trojan-activity;sid:83696673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.x86_64"; depth:29; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833574/; classtype:trojan-activity;sid:83696674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm5"; depth:27; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833565/; classtype:trojan-activity;sid:83696665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.m68k"; depth:17; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833563/; classtype:trojan-activity;sid:83696663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.m68k"; depth:27; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833564/; classtype:trojan-activity;sid:83696664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.mpsl"; depth:27; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833558/; classtype:trojan-activity;sid:83696658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm4"; depth:27; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833559/; classtype:trojan-activity;sid:83696659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.ppc"; depth:16; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833560/; classtype:trojan-activity;sid:83696660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.sh4"; depth:16; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833561/; classtype:trojan-activity;sid:83696661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.ppc"; depth:26; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833562/; classtype:trojan-activity;sid:83696662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.i686"; depth:17; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833555/; classtype:trojan-activity;sid:83696655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm6"; depth:27; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833556/; classtype:trojan-activity;sid:83696656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.sh4"; depth:26; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833557/; classtype:trojan-activity;sid:83696657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.mpsl"; depth:17; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833553/; classtype:trojan-activity;sid:83696653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm6"; depth:17; endswith; nocase; http.host; content:"net.kovey-net.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833554/; classtype:trojan-activity;sid:83696654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833552/; classtype:trojan-activity;sid:83696652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.188.174.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833551/; classtype:trojan-activity;sid:83696651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.36.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833550/; classtype:trojan-activity;sid:83696650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.3.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833549/; classtype:trojan-activity;sid:83696649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833548/; classtype:trojan-activity;sid:83696648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.22.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833547/; classtype:trojan-activity;sid:83696647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833546/; classtype:trojan-activity;sid:83696646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.207.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833545/; classtype:trojan-activity;sid:83696645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.6.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833544/; classtype:trojan-activity;sid:83696644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.232.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833543/; classtype:trojan-activity;sid:83696643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833542/; classtype:trojan-activity;sid:83696642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.87.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833541/; classtype:trojan-activity;sid:83696641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.5.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833540/; classtype:trojan-activity;sid:83696640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.184.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833539/; classtype:trojan-activity;sid:83696639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.179.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833538/; classtype:trojan-activity;sid:83696638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833537/; classtype:trojan-activity;sid:83696637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.91.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833536/; classtype:trojan-activity;sid:83696636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.232.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833535/; classtype:trojan-activity;sid:83696635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.243.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833534/; classtype:trojan-activity;sid:83696634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=17aa-sp7banph_xe1jx_baq3pcewr9jcp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833532/; classtype:trojan-activity;sid:83696632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zsh8wf2zeokqrphhd_-l4vzfx7gx4dqu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833533/; classtype:trojan-activity;sid:83696633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.71.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833531/; classtype:trojan-activity;sid:83696631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.18.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833530/; classtype:trojan-activity;sid:83696630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.10.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833529/; classtype:trojan-activity;sid:83696629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833524/; classtype:trojan-activity;sid:83696624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833525/; classtype:trojan-activity;sid:83696625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833526/; classtype:trojan-activity;sid:83696626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833527/; classtype:trojan-activity;sid:83696627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833528/; classtype:trojan-activity;sid:83696628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.113.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833523/; classtype:trojan-activity;sid:83696623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/zqdp8jhj"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833522/; classtype:trojan-activity;sid:83696622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.5.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833521/; classtype:trojan-activity;sid:83696621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1-4ktracz1-ljedydlvp39qxb9sdzkxb0"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833518/; classtype:trojan-activity;sid:83696618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.163.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833519/; classtype:trojan-activity;sid:83696619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rklpjhrddsew8gz4rq2o-4mm6w7ypghb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833520/; classtype:trojan-activity;sid:83696620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abwdsac3c.sh"; depth:13; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833512/; classtype:trojan-activity;sid:83696612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abwdsac3c.sh"; depth:13; endswith; nocase; http.host; content:"103.174.73.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833513/; classtype:trojan-activity;sid:83696613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abwdsac3bw.sh"; depth:14; endswith; nocase; http.host; content:"103.174.73.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833514/; classtype:trojan-activity;sid:83696614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abwdsac3w.sh"; depth:13; endswith; nocase; http.host; content:"103.174.73.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833515/; classtype:trojan-activity;sid:83696615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abwdsac3w.sh"; depth:13; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833516/; classtype:trojan-activity;sid:83696616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abwdsac3bw.sh"; depth:14; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833517/; classtype:trojan-activity;sid:83696617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lationooooonooooooon.txt"; depth:25; endswith; nocase; http.host; content:"192.3.243.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833511/; classtype:trojan-activity;sid:83696611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/gaymw"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833510/; classtype:trojan-activity;sid:83696610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prnportlatinos.vbs"; depth:19; endswith; nocase; http.host; content:"192.3.243.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833508/; classtype:trojan-activity;sid:83696608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reallylovelyladylovedfishermanwithasweetkissingonhereyesshewasbeautifulgirlalwayswholovedotherstrulyfromtheheart__sheisbeautifulgirlformeireallylovedher.doc"; depth:157; endswith; nocase; http.host; content:"192.3.243.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833509/; classtype:trojan-activity;sid:83696609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.207.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833507/; classtype:trojan-activity;sid:83696607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lalallalallalallala.txt"; depth:24; endswith; nocase; http.host; content:"192.3.243.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833506/; classtype:trojan-activity;sid:83696606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/tpdee"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833505/; classtype:trojan-activity;sid:83696605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vistatharagreatgirlwholovedafishermanwithallkindofkisssheisverybeautifulladywhoilovedtrulyfromtheeheartiwantthattruly___sheisnicegirlfromtheheartlovedtruly.doc"; depth:160; endswith; nocase; http.host; content:"192.3.243.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833504/; classtype:trojan-activity;sid:83696604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lalalawgome.vbs"; depth:16; endswith; nocase; http.host; content:"192.3.243.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833503/; classtype:trojan-activity;sid:83696603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.87.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833502/; classtype:trojan-activity;sid:83696602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shar.scr"; depth:9; endswith; nocase; http.host; content:"dukeenergyltd.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833501/; classtype:trojan-activity;sid:83696601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1mkpjr9ltjikp0yvipvyzhsbfuxc6rvfo"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833500/; classtype:trojan-activity;sid:83696600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ncwgeymyrwfylnqv95gkepkyee-qaoa8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833499/; classtype:trojan-activity;sid:83696599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.99.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833498/; classtype:trojan-activity;sid:83696598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.113.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833497/; classtype:trojan-activity;sid:83696597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.243.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833496/; classtype:trojan-activity;sid:83696596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"nvw.demo.betterbuiltdogs.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833495/; classtype:trojan-activity;sid:83696595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.197.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833494/; classtype:trojan-activity;sid:83696594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.50.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833493/; classtype:trojan-activity;sid:83696593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.147.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833492/; classtype:trojan-activity;sid:83696592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833491/; classtype:trojan-activity;sid:83696591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.176.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833490/; classtype:trojan-activity;sid:83696590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.18.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833489/; classtype:trojan-activity;sid:83696589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.10.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833488/; classtype:trojan-activity;sid:83696588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/get300.exe"; depth:17; endswith; nocase; http.host; content:"193.233.132.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833487/; classtype:trojan-activity;sid:83696587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.41.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833486/; classtype:trojan-activity;sid:83696586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669146636|3f|hash=ooxnostodjprmndmbc1wpjr0rvkjkz1hobtpaesmhs0|7c|26|7c|dl=r9duucdheiuqlremzideaxmdqlsx2cxi5qdkmkcx3po|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833485/; classtype:trojan-activity;sid:83696585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.220.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833484/; classtype:trojan-activity;sid:83696584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.43.111.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833483/; classtype:trojan-activity;sid:83696583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.163.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833480/; classtype:trojan-activity;sid:83696580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajai/a300.txt"; depth:14; endswith; nocase; http.host; content:"dianomefs.cfd"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833481/; classtype:trojan-activity;sid:83696581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajai/a29.txt"; depth:13; endswith; nocase; http.host; content:"dianomefs.cfd"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833482/; classtype:trojan-activity;sid:83696582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajai/a30.txt"; depth:13; endswith; nocase; http.host; content:"dianomefs.cfd"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833479/; classtype:trojan-activity;sid:83696579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/mznjw7w1"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833478/; classtype:trojan-activity;sid:83696578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.35.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833477/; classtype:trojan-activity;sid:83696577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.113.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833476/; classtype:trojan-activity;sid:83696576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.9.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833475/; classtype:trojan-activity;sid:83696575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833474/; classtype:trojan-activity;sid:83696574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.99.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833473/; classtype:trojan-activity;sid:83696573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchosts.exe"; depth:13; endswith; nocase; http.host; content:"106.54.47.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833472/; classtype:trojan-activity;sid:83696572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.exe"; depth:11; endswith; nocase; http.host; content:"106.54.47.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833471/; classtype:trojan-activity;sid:83696571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833470/; classtype:trojan-activity;sid:83696570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1ri0rtxisuniwnfmx853e0ihlr9iajoet"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833469/; classtype:trojan-activity;sid:83696569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.147.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833468/; classtype:trojan-activity;sid:83696568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=19sfpytkxagalhkahxbsggrnzql8bwc72|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833467/; classtype:trojan-activity;sid:83696567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.176.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833466/; classtype:trojan-activity;sid:83696566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.106.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833465/; classtype:trojan-activity;sid:83696565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833464/; classtype:trojan-activity;sid:83696564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaxataapmzmt189.bin"; depth:20; endswith; nocase; http.host; content:"209.90.233.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833463/; classtype:trojan-activity;sid:83696563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833462/; classtype:trojan-activity;sid:83696562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.160.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833461/; classtype:trojan-activity;sid:83696561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833460/; classtype:trojan-activity;sid:83696560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.171.253.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833459/; classtype:trojan-activity;sid:83696559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.109.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833458/; classtype:trojan-activity;sid:83696558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.239.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833455/; classtype:trojan-activity;sid:83696555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.255.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833456/; classtype:trojan-activity;sid:83696556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.4.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833457/; classtype:trojan-activity;sid:83696557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.9.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833454/; classtype:trojan-activity;sid:83696554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.163.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833453/; classtype:trojan-activity;sid:83696553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.33.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833452/; classtype:trojan-activity;sid:83696552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833451/; classtype:trojan-activity;sid:83696551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.38.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833450/; classtype:trojan-activity;sid:83696550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.22.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833449/; classtype:trojan-activity;sid:83696549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.147.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833448/; classtype:trojan-activity;sid:83696548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.198.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833447/; classtype:trojan-activity;sid:83696547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.101.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833445/; classtype:trojan-activity;sid:83696545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.239.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833446/; classtype:trojan-activity;sid:83696546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.45.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833444/; classtype:trojan-activity;sid:83696544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.75.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833443/; classtype:trojan-activity;sid:83696543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833441/; classtype:trojan-activity;sid:83696541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.81.242.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833442/; classtype:trojan-activity;sid:83696542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833440/; classtype:trojan-activity;sid:83696540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.6.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833439/; classtype:trojan-activity;sid:83696539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.178.157.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833438/; classtype:trojan-activity;sid:83696538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.55.72.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833437/; classtype:trojan-activity;sid:83696537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.80.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833436/; classtype:trojan-activity;sid:83696536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.33.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833435/; classtype:trojan-activity;sid:83696535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.35.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833434/; classtype:trojan-activity;sid:83696534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.59.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833433/; classtype:trojan-activity;sid:83696533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.52.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833432/; classtype:trojan-activity;sid:83696532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.58.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833431/; classtype:trojan-activity;sid:83696531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833430/; classtype:trojan-activity;sid:83696530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.255.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833429/; classtype:trojan-activity;sid:83696529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833428/; classtype:trojan-activity;sid:83696528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.126.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833427/; classtype:trojan-activity;sid:83696527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.226.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833426/; classtype:trojan-activity;sid:83696526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.135.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833425/; classtype:trojan-activity;sid:83696525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833424/; classtype:trojan-activity;sid:83696524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833423/; classtype:trojan-activity;sid:83696523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.25.76.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833422/; classtype:trojan-activity;sid:83696522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.35.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833421/; classtype:trojan-activity;sid:83696521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/predator.mips"; depth:19; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833420/; classtype:trojan-activity;sid:83696520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samm.exe"; depth:9; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833419/; classtype:trojan-activity;sid:83696519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.143.16.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833418/; classtype:trojan-activity;sid:83696518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833417/; classtype:trojan-activity;sid:83696517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.182.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833416/; classtype:trojan-activity;sid:83696516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.84.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833414/; classtype:trojan-activity;sid:83696514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.176.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833415/; classtype:trojan-activity;sid:83696515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.111.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833413/; classtype:trojan-activity;sid:83696513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.100.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833412/; classtype:trojan-activity;sid:83696512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.117.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833411/; classtype:trojan-activity;sid:83696511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.109.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833410/; classtype:trojan-activity;sid:83696510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.44.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833409/; classtype:trojan-activity;sid:83696509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.135.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833408/; classtype:trojan-activity;sid:83696508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.113.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833407/; classtype:trojan-activity;sid:83696507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.84.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833406/; classtype:trojan-activity;sid:83696506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833405/; classtype:trojan-activity;sid:83696505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.152.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833404/; classtype:trojan-activity;sid:83696504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833403/; classtype:trojan-activity;sid:83696503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.35.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833402/; classtype:trojan-activity;sid:83696502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.146.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833401/; classtype:trojan-activity;sid:83696501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.141.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833399/; classtype:trojan-activity;sid:83696499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.13.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833400/; classtype:trojan-activity;sid:83696500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.249.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833398/; classtype:trojan-activity;sid:83696498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833397/; classtype:trojan-activity;sid:83696497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.193.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833396/; classtype:trojan-activity;sid:83696496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.113.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833395/; classtype:trojan-activity;sid:83696495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.111.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833394/; classtype:trojan-activity;sid:83696494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.117.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833392/; classtype:trojan-activity;sid:83696492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.230.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833393/; classtype:trojan-activity;sid:83696493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.146.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833391/; classtype:trojan-activity;sid:83696491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.166.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833390/; classtype:trojan-activity;sid:83696490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.178.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833389/; classtype:trojan-activity;sid:83696489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.226.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833388/; classtype:trojan-activity;sid:83696488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.86.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833387/; classtype:trojan-activity;sid:83696487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.11.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833385/; classtype:trojan-activity;sid:83696485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.147.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833386/; classtype:trojan-activity;sid:83696486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.115.85.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833384/; classtype:trojan-activity;sid:83696484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833383/; classtype:trojan-activity;sid:83696483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.24.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833382/; classtype:trojan-activity;sid:83696482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833381/; classtype:trojan-activity;sid:83696481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.230.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833380/; classtype:trojan-activity;sid:83696480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.86.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833379/; classtype:trojan-activity;sid:83696479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.243.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833378/; classtype:trojan-activity;sid:83696478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.141.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833377/; classtype:trojan-activity;sid:83696477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.13.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833376/; classtype:trojan-activity;sid:83696476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.175.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833375/; classtype:trojan-activity;sid:83696475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833374/; classtype:trojan-activity;sid:83696474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.198.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833373/; classtype:trojan-activity;sid:83696473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.110.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833372/; classtype:trojan-activity;sid:83696472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.243.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833371/; classtype:trojan-activity;sid:83696471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.38.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833370/; classtype:trojan-activity;sid:83696470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.24.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833369/; classtype:trojan-activity;sid:83696469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833368/; classtype:trojan-activity;sid:83696468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.94.195"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833367/; classtype:trojan-activity;sid:83696467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.34.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833366/; classtype:trojan-activity;sid:83696466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.180.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833365/; classtype:trojan-activity;sid:83696465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833364/; classtype:trojan-activity;sid:83696464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.136.88.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833363/; classtype:trojan-activity;sid:83696463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.16.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833361/; classtype:trojan-activity;sid:83696461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.217.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833362/; classtype:trojan-activity;sid:83696462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.254.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833360/; classtype:trojan-activity;sid:83696460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833359/; classtype:trojan-activity;sid:83696459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833358/; classtype:trojan-activity;sid:83696458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.42.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833356/; classtype:trojan-activity;sid:83696456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.223.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833357/; classtype:trojan-activity;sid:83696457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.184.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833354/; classtype:trojan-activity;sid:83696454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.82.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833355/; classtype:trojan-activity;sid:83696455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833353/; classtype:trojan-activity;sid:83696453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833352/; classtype:trojan-activity;sid:83696452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833351/; classtype:trojan-activity;sid:83696451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.94.195"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833350/; classtype:trojan-activity;sid:83696450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.208.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833349/; classtype:trojan-activity;sid:83696449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.208.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833347/; classtype:trojan-activity;sid:83696447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.79.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833348/; classtype:trojan-activity;sid:83696448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833346/; classtype:trojan-activity;sid:83696446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.164.41.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833345/; classtype:trojan-activity;sid:83696445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.254.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833344/; classtype:trojan-activity;sid:83696444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.13.21.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833343/; classtype:trojan-activity;sid:83696443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833342/; classtype:trojan-activity;sid:83696442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.63.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833341/; classtype:trojan-activity;sid:83696441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833339/; classtype:trojan-activity;sid:83696439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.151.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833340/; classtype:trojan-activity;sid:83696440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.82.13"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833338/; classtype:trojan-activity;sid:83696438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.16.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833337/; classtype:trojan-activity;sid:83696437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.208.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833336/; classtype:trojan-activity;sid:83696436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.208.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833335/; classtype:trojan-activity;sid:83696435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.180.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833334/; classtype:trojan-activity;sid:83696434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833333/; classtype:trojan-activity;sid:83696433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.235.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833332/; classtype:trojan-activity;sid:83696432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.208.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833331/; classtype:trojan-activity;sid:83696431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.127.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833330/; classtype:trojan-activity;sid:83696430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.121.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833329/; classtype:trojan-activity;sid:83696429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833328/; classtype:trojan-activity;sid:83696428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.90.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833327/; classtype:trojan-activity;sid:83696427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833326/; classtype:trojan-activity;sid:83696426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.245.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833325/; classtype:trojan-activity;sid:83696425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833324/; classtype:trojan-activity;sid:83696424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.82.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833323/; classtype:trojan-activity;sid:83696423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.157.142.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833322/; classtype:trojan-activity;sid:83696422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833321/; classtype:trojan-activity;sid:83696421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833320/; classtype:trojan-activity;sid:83696420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"afjll.loans.fishingreelinvestments.com"; depth:38; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833319/; classtype:trojan-activity;sid:83696419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833318/; classtype:trojan-activity;sid:83696418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"xbwh.demo.betterbuiltdogs.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833317/; classtype:trojan-activity;sid:83696417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833316/; classtype:trojan-activity;sid:83696416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.248.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833315/; classtype:trojan-activity;sid:83696415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.92.82.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833314/; classtype:trojan-activity;sid:83696414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.90.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833313/; classtype:trojan-activity;sid:83696413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833312/; classtype:trojan-activity;sid:83696412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833311/; classtype:trojan-activity;sid:83696411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.157.142.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833310/; classtype:trojan-activity;sid:83696410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.84.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833309/; classtype:trojan-activity;sid:83696409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833308/; classtype:trojan-activity;sid:83696408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.34.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833306/; classtype:trojan-activity;sid:83696406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.10.12.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833307/; classtype:trojan-activity;sid:83696407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.24.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833305/; classtype:trojan-activity;sid:83696405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.36.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833304/; classtype:trojan-activity;sid:83696404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.82.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833303/; classtype:trojan-activity;sid:83696403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.217.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833302/; classtype:trojan-activity;sid:83696402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833301/; classtype:trojan-activity;sid:83696401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.123.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833300/; classtype:trojan-activity;sid:83696400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.198.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833299/; classtype:trojan-activity;sid:83696399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833298/; classtype:trojan-activity;sid:83696398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"103.14.226.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833297/; classtype:trojan-activity;sid:83696397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833296/; classtype:trojan-activity;sid:83696396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.0.117.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833295/; classtype:trojan-activity;sid:83696395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.93.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833293/; classtype:trojan-activity;sid:83696393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833294/; classtype:trojan-activity;sid:83696394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.244.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833292/; classtype:trojan-activity;sid:83696392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.217.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833291/; classtype:trojan-activity;sid:83696391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.81.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833290/; classtype:trojan-activity;sid:83696390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833289/; classtype:trojan-activity;sid:83696389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.114.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833288/; classtype:trojan-activity;sid:83696388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833287/; classtype:trojan-activity;sid:83696387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.247.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833286/; classtype:trojan-activity;sid:83696386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833285/; classtype:trojan-activity;sid:83696385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833284/; classtype:trojan-activity;sid:83696384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.123.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833283/; classtype:trojan-activity;sid:83696383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"158.255.82.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833282/; classtype:trojan-activity;sid:83696382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833281/; classtype:trojan-activity;sid:83696381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.89.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833280/; classtype:trojan-activity;sid:83696380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833279/; classtype:trojan-activity;sid:83696379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.231.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833278/; classtype:trojan-activity;sid:83696378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.114.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833277/; classtype:trojan-activity;sid:83696377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.244.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833276/; classtype:trojan-activity;sid:83696376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.27.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833275/; classtype:trojan-activity;sid:83696375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.67.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833274/; classtype:trojan-activity;sid:83696374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.90.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833273/; classtype:trojan-activity;sid:83696373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.66.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833272/; classtype:trojan-activity;sid:83696372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833271/; classtype:trojan-activity;sid:83696371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.186.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833270/; classtype:trojan-activity;sid:83696370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.27.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833269/; classtype:trojan-activity;sid:83696369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833268/; classtype:trojan-activity;sid:83696368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.57.53"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833267/; classtype:trojan-activity;sid:83696367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.102.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833266/; classtype:trojan-activity;sid:83696366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.57.53"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833265/; classtype:trojan-activity;sid:83696365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.238.83.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833264/; classtype:trojan-activity;sid:83696364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.9.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833263/; classtype:trojan-activity;sid:83696363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.89.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833261/; classtype:trojan-activity;sid:83696361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.61.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833262/; classtype:trojan-activity;sid:83696362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.216.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833260/; classtype:trojan-activity;sid:83696360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833259/; classtype:trojan-activity;sid:83696359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.67.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833258/; classtype:trojan-activity;sid:83696358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669125767|3f|hash=o0s0guzbztejntgqgcpsay2tga24vik5h8nzsezchtz|7c|26|7c|dl=t6anorrfyp1ah501mlzhemitowumjo2dx1zy0bwgsno|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833257/; classtype:trojan-activity;sid:83696357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.56.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833256/; classtype:trojan-activity;sid:83696356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.189.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833255/; classtype:trojan-activity;sid:83696355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.185.58.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833254/; classtype:trojan-activity;sid:83696354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.82.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833253/; classtype:trojan-activity;sid:83696353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.102.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833252/; classtype:trojan-activity;sid:83696352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.56.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833251/; classtype:trojan-activity;sid:83696351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.189.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833250/; classtype:trojan-activity;sid:83696350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.133.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833248/; classtype:trojan-activity;sid:83696348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833249/; classtype:trojan-activity;sid:83696349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.128.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833247/; classtype:trojan-activity;sid:83696347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.195.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833246/; classtype:trojan-activity;sid:83696346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.203.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833245/; classtype:trojan-activity;sid:83696345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.193.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833244/; classtype:trojan-activity;sid:83696344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.215.180.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833243/; classtype:trojan-activity;sid:83696343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.214.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833242/; classtype:trojan-activity;sid:83696342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833241/; classtype:trojan-activity;sid:83696341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.42.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833240/; classtype:trojan-activity;sid:83696340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.210.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833239/; classtype:trojan-activity;sid:83696339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.75.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833238/; classtype:trojan-activity;sid:83696338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.186.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833237/; classtype:trojan-activity;sid:83696337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.133.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833236/; classtype:trojan-activity;sid:83696336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669073693|3f|hash=y2jthghy4m7fsolordhqzialigpvbxxerzbootcowic|7c|26|7c|dl=mzytsstsrxu67pbbq1llotv1jjpdi0joxkhinsoxa1t|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833234/; classtype:trojan-activity;sid:83696334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669134426|3f|hash=tnbm4n5ztqz5wxqv0lphazjsvaxw97frk5yjuch3rax|7c|26|7c|dl=11mqdrvzosepmfs9czqnhw4s23breztdwewxiqfowyt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833235/; classtype:trojan-activity;sid:83696335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.155.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833233/; classtype:trojan-activity;sid:83696333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.213.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833232/; classtype:trojan-activity;sid:83696332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833231/; classtype:trojan-activity;sid:83696331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.70.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833230/; classtype:trojan-activity;sid:83696330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833229/; classtype:trojan-activity;sid:83696329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833228/; classtype:trojan-activity;sid:83696328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.248.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833226/; classtype:trojan-activity;sid:83696326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.243.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833227/; classtype:trojan-activity;sid:83696327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.210.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833225/; classtype:trojan-activity;sid:83696325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.227.165.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833224/; classtype:trojan-activity;sid:83696324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.246.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833222/; classtype:trojan-activity;sid:83696322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.82.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833223/; classtype:trojan-activity;sid:83696323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.193.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833221/; classtype:trojan-activity;sid:83696321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.215.180.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833220/; classtype:trojan-activity;sid:83696320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.254.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833219/; classtype:trojan-activity;sid:83696319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833218/; classtype:trojan-activity;sid:83696318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/386"; depth:30; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833217/; classtype:trojan-activity;sid:83696317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/mips"; depth:31; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833216/; classtype:trojan-activity;sid:83696316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.45.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833215/; classtype:trojan-activity;sid:83696315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.193.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833214/; classtype:trojan-activity;sid:83696314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/mpsl"; depth:31; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833213/; classtype:trojan-activity;sid:83696313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833212/; classtype:trojan-activity;sid:83696312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.155.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833211/; classtype:trojan-activity;sid:83696311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833210/; classtype:trojan-activity;sid:83696310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7|3f|ddos"; depth:13; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833209/; classtype:trojan-activity;sid:83696309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.170.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833208/; classtype:trojan-activity;sid:83696308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.53.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833207/; classtype:trojan-activity;sid:83696307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.133.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833206/; classtype:trojan-activity;sid:83696306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833205/; classtype:trojan-activity;sid:83696305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.25.183.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833204/; classtype:trojan-activity;sid:83696304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833203/; classtype:trojan-activity;sid:83696303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.248.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833202/; classtype:trojan-activity;sid:83696302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.30.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833200/; classtype:trojan-activity;sid:83696300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.193.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833201/; classtype:trojan-activity;sid:83696301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.66.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833199/; classtype:trojan-activity;sid:83696299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.84.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833198/; classtype:trojan-activity;sid:83696298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833197/; classtype:trojan-activity;sid:83696297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.8.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833196/; classtype:trojan-activity;sid:83696296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.47.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833195/; classtype:trojan-activity;sid:83696295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.34.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833194/; classtype:trojan-activity;sid:83696294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.248.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833193/; classtype:trojan-activity;sid:83696293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.30.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833192/; classtype:trojan-activity;sid:83696292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.8.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833191/; classtype:trojan-activity;sid:83696291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.206.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833190/; classtype:trojan-activity;sid:83696290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833189/; classtype:trojan-activity;sid:83696289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.34.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833187/; classtype:trojan-activity;sid:83696287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.32.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833188/; classtype:trojan-activity;sid:83696288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.238.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833186/; classtype:trojan-activity;sid:83696286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.73.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833185/; classtype:trojan-activity;sid:83696285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.125.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833184/; classtype:trojan-activity;sid:83696284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.209.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833183/; classtype:trojan-activity;sid:83696283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.20.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833182/; classtype:trojan-activity;sid:83696282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.186.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833181/; classtype:trojan-activity;sid:83696281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.219.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833180/; classtype:trojan-activity;sid:83696280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833179/; classtype:trojan-activity;sid:83696279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.44.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833177/; classtype:trojan-activity;sid:83696277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833178/; classtype:trojan-activity;sid:83696278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.253.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833176/; classtype:trojan-activity;sid:83696276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.186.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833175/; classtype:trojan-activity;sid:83696275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.209.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833174/; classtype:trojan-activity;sid:83696274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.125.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833173/; classtype:trojan-activity;sid:83696273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.217.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833172/; classtype:trojan-activity;sid:83696272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.72.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833171/; classtype:trojan-activity;sid:83696271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.179.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833170/; classtype:trojan-activity;sid:83696270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.32.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833169/; classtype:trojan-activity;sid:83696269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.238.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833168/; classtype:trojan-activity;sid:83696268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.209.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833167/; classtype:trojan-activity;sid:83696267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833166/; classtype:trojan-activity;sid:83696266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.109.205.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833165/; classtype:trojan-activity;sid:83696265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.96.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833164/; classtype:trojan-activity;sid:83696264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.218.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833163/; classtype:trojan-activity;sid:83696263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833162/; classtype:trojan-activity;sid:83696262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.180.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833161/; classtype:trojan-activity;sid:83696261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.94.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833160/; classtype:trojan-activity;sid:83696260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.209.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833159/; classtype:trojan-activity;sid:83696259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.217.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833158/; classtype:trojan-activity;sid:83696258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.74.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833157/; classtype:trojan-activity;sid:83696257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.179.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833156/; classtype:trojan-activity;sid:83696256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.189.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833155/; classtype:trojan-activity;sid:83696255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833154/; classtype:trojan-activity;sid:83696254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.129.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833153/; classtype:trojan-activity;sid:83696253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.89.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833152/; classtype:trojan-activity;sid:83696252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.44.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833151/; classtype:trojan-activity;sid:83696251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.146.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833150/; classtype:trojan-activity;sid:83696250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.209.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833148/; classtype:trojan-activity;sid:83696248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.10.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833149/; classtype:trojan-activity;sid:83696249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.9.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833147/; classtype:trojan-activity;sid:83696247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833146/; classtype:trojan-activity;sid:83696246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.11.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833145/; classtype:trojan-activity;sid:83696245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.79.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833142/; classtype:trojan-activity;sid:83696242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833143/; classtype:trojan-activity;sid:83696243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.208.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833144/; classtype:trojan-activity;sid:83696244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.191.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833141/; classtype:trojan-activity;sid:83696241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.14.226.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833140/; classtype:trojan-activity;sid:83696240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.189.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833139/; classtype:trojan-activity;sid:83696239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.232.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833138/; classtype:trojan-activity;sid:83696238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.109.205.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833137/; classtype:trojan-activity;sid:83696237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.28.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833135/; classtype:trojan-activity;sid:83696235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.10.12.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833136/; classtype:trojan-activity;sid:83696236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.46.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833134/; classtype:trojan-activity;sid:83696234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.174.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833133/; classtype:trojan-activity;sid:83696233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833132/; classtype:trojan-activity;sid:83696232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.82.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833131/; classtype:trojan-activity;sid:83696231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.79.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833130/; classtype:trojan-activity;sid:83696230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.206.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833129/; classtype:trojan-activity;sid:83696229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.232.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833127/; classtype:trojan-activity;sid:83696227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.191.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833128/; classtype:trojan-activity;sid:83696228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"211.14.226.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833126/; classtype:trojan-activity;sid:83696226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.41.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833125/; classtype:trojan-activity;sid:83696225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.224.246.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833124/; classtype:trojan-activity;sid:83696224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.10.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833123/; classtype:trojan-activity;sid:83696223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.226.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833122/; classtype:trojan-activity;sid:83696222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.46.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833121/; classtype:trojan-activity;sid:83696221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.174.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833120/; classtype:trojan-activity;sid:83696220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.103.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833119/; classtype:trojan-activity;sid:83696219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.41.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833118/; classtype:trojan-activity;sid:83696218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.62.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833117/; classtype:trojan-activity;sid:83696217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.243.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833116/; classtype:trojan-activity;sid:83696216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.180.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833115/; classtype:trojan-activity;sid:83696215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.29.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833114/; classtype:trojan-activity;sid:83696214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.206.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833113/; classtype:trojan-activity;sid:83696213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.254.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833112/; classtype:trojan-activity;sid:83696212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833111/; classtype:trojan-activity;sid:83696211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.10.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833110/; classtype:trojan-activity;sid:83696210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833109/; classtype:trojan-activity;sid:83696209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.146.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833108/; classtype:trojan-activity;sid:83696208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.29.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833107/; classtype:trojan-activity;sid:83696207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.62.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833106/; classtype:trojan-activity;sid:83696206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.25.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833105/; classtype:trojan-activity;sid:83696205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.39.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833104/; classtype:trojan-activity;sid:83696204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833102/; classtype:trojan-activity;sid:83696202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.106.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833103/; classtype:trojan-activity;sid:83696203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.25.183.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833100/; classtype:trojan-activity;sid:83696200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.215.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833101/; classtype:trojan-activity;sid:83696201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.29.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833099/; classtype:trojan-activity;sid:83696199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833098/; classtype:trojan-activity;sid:83696198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833097/; classtype:trojan-activity;sid:83696197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.232.4.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833096/; classtype:trojan-activity;sid:83696196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.188.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833095/; classtype:trojan-activity;sid:83696195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833094/; classtype:trojan-activity;sid:83696194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.241.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833093/; classtype:trojan-activity;sid:83696193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.97.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833092/; classtype:trojan-activity;sid:83696192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.144.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833090/; classtype:trojan-activity;sid:83696190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833091/; classtype:trojan-activity;sid:83696191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.106.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833089/; classtype:trojan-activity;sid:83696189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833088/; classtype:trojan-activity;sid:83696188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.225.254.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833087/; classtype:trojan-activity;sid:83696187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.143.150.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833086/; classtype:trojan-activity;sid:83696186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.40.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833085/; classtype:trojan-activity;sid:83696185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x4h6jb7kbavx"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833084/; classtype:trojan-activity;sid:83696184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.103.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833083/; classtype:trojan-activity;sid:83696183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833082/; classtype:trojan-activity;sid:83696182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.150.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833081/; classtype:trojan-activity;sid:83696181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.151.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833080/; classtype:trojan-activity;sid:83696180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.241.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833079/; classtype:trojan-activity;sid:83696179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.211.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833078/; classtype:trojan-activity;sid:83696178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.55.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833077/; classtype:trojan-activity;sid:83696177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833076/; classtype:trojan-activity;sid:83696176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.176.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833075/; classtype:trojan-activity;sid:83696175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.188.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833074/; classtype:trojan-activity;sid:83696174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"156.146.26.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833073/; classtype:trojan-activity;sid:83696173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.38.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833072/; classtype:trojan-activity;sid:83696172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669134487|3f|hash=q19d2doqnq3xlf3brqifmkvg6va4gxcvvsj7yiz7uhg|7c|26|7c|dl=1tftcuz7siqezjht2inmqktni7uazwrgeq4jafflikh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833071/; classtype:trojan-activity;sid:83696171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.144.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833069/; classtype:trojan-activity;sid:83696169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.123.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833070/; classtype:trojan-activity;sid:83696170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669132669|3f|hash=zkjz6ih7uq9lzkd21vhcvrqwcwde4e0zygiugvcv47k|7c|26|7c|dl=wempmpmw6ufkynuzftioldfw8xizgau8j2f0vsj9nwt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833068/; classtype:trojan-activity;sid:83696168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.211.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833067/; classtype:trojan-activity;sid:83696167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.157.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833066/; classtype:trojan-activity;sid:83696166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833065/; classtype:trojan-activity;sid:83696165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.107.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833064/; classtype:trojan-activity;sid:83696164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.160.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833063/; classtype:trojan-activity;sid:83696163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.176.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833062/; classtype:trojan-activity;sid:83696162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.123.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833061/; classtype:trojan-activity;sid:83696161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.36.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833060/; classtype:trojan-activity;sid:83696160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.38.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833059/; classtype:trojan-activity;sid:83696159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.189.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833058/; classtype:trojan-activity;sid:83696158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.187.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833057/; classtype:trojan-activity;sid:83696157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.81.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833056/; classtype:trojan-activity;sid:83696156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.189.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833055/; classtype:trojan-activity;sid:83696155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833054/; classtype:trojan-activity;sid:83696154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.160.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833053/; classtype:trojan-activity;sid:83696153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.43.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833052/; classtype:trojan-activity;sid:83696152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.189.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833051/; classtype:trojan-activity;sid:83696151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.48.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833050/; classtype:trojan-activity;sid:83696150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.246.127.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833049/; classtype:trojan-activity;sid:83696149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.99.201.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833048/; classtype:trojan-activity;sid:83696148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833047/; classtype:trojan-activity;sid:83696147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.73.77.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833046/; classtype:trojan-activity;sid:83696146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.202.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833045/; classtype:trojan-activity;sid:83696145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.4.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833044/; classtype:trojan-activity;sid:83696144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.46.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833043/; classtype:trojan-activity;sid:83696143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833042/; classtype:trojan-activity;sid:83696142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.253.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833041/; classtype:trojan-activity;sid:83696141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833040/; classtype:trojan-activity;sid:83696140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xvctw52mdihb"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833039/; classtype:trojan-activity;sid:83696139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833038/; classtype:trojan-activity;sid:83696138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.149.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833037/; classtype:trojan-activity;sid:83696137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.117.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833036/; classtype:trojan-activity;sid:83696136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.125.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833034/; classtype:trojan-activity;sid:83696134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833035/; classtype:trojan-activity;sid:83696135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.46.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833033/; classtype:trojan-activity;sid:83696133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.253.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833032/; classtype:trojan-activity;sid:83696132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xrpfnwoyjzqd"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833031/; classtype:trojan-activity;sid:83696131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.202.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833030/; classtype:trojan-activity;sid:83696130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.109.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833028/; classtype:trojan-activity;sid:83696128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833029/; classtype:trojan-activity;sid:83696129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.148.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833027/; classtype:trojan-activity;sid:83696127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.187.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833026/; classtype:trojan-activity;sid:83696126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.34.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833024/; classtype:trojan-activity;sid:83696124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.110.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833025/; classtype:trojan-activity;sid:83696125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.185.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833023/; classtype:trojan-activity;sid:83696123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833022/; classtype:trojan-activity;sid:83696122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.144.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833021/; classtype:trojan-activity;sid:83696121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.27.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833019/; classtype:trojan-activity;sid:83696119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.40.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833020/; classtype:trojan-activity;sid:83696120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.229.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833018/; classtype:trojan-activity;sid:83696118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.150.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833017/; classtype:trojan-activity;sid:83696117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833016/; classtype:trojan-activity;sid:83696116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.125.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833015/; classtype:trojan-activity;sid:83696115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.75.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833014/; classtype:trojan-activity;sid:83696114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833013/; classtype:trojan-activity;sid:83696113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.52.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833012/; classtype:trojan-activity;sid:83696112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833011/; classtype:trojan-activity;sid:83696111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.109.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833010/; classtype:trojan-activity;sid:83696110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.70.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833009/; classtype:trojan-activity;sid:83696109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.226.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833008/; classtype:trojan-activity;sid:83696108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833007/; classtype:trojan-activity;sid:83696107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.148.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833006/; classtype:trojan-activity;sid:83696106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.52.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833005/; classtype:trojan-activity;sid:83696105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.34.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833004/; classtype:trojan-activity;sid:83696104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.146.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833003/; classtype:trojan-activity;sid:83696103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.4.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833002/; classtype:trojan-activity;sid:83696102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.241.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833001/; classtype:trojan-activity;sid:83696101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.218.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833000/; classtype:trojan-activity;sid:83696100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.226.48.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832999/; classtype:trojan-activity;sid:83696099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.130.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832998/; classtype:trojan-activity;sid:83696098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.122.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832997/; classtype:trojan-activity;sid:83696097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.149.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832996/; classtype:trojan-activity;sid:83696096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.40.157.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832995/; classtype:trojan-activity;sid:83696095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.23.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832994/; classtype:trojan-activity;sid:83696094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.4.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832993/; classtype:trojan-activity;sid:83696093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.83.247.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832992/; classtype:trojan-activity;sid:83696092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.241.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832991/; classtype:trojan-activity;sid:83696091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832990/; classtype:trojan-activity;sid:83696090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.19.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832989/; classtype:trojan-activity;sid:83696089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.121.83.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832988/; classtype:trojan-activity;sid:83696088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.100.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832987/; classtype:trojan-activity;sid:83696087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.122.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832986/; classtype:trojan-activity;sid:83696086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.149.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832985/; classtype:trojan-activity;sid:83696085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.208.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832984/; classtype:trojan-activity;sid:83696084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.23.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832983/; classtype:trojan-activity;sid:83696083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.40.157.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832982/; classtype:trojan-activity;sid:83696082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832981/; classtype:trojan-activity;sid:83696081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832980/; classtype:trojan-activity;sid:83696080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.21.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832979/; classtype:trojan-activity;sid:83696079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.19.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832978/; classtype:trojan-activity;sid:83696078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.100.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832977/; classtype:trojan-activity;sid:83696077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.88.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832976/; classtype:trojan-activity;sid:83696076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.139.178.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832975/; classtype:trojan-activity;sid:83696075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832974/; classtype:trojan-activity;sid:83696074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.244.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832973/; classtype:trojan-activity;sid:83696073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832972/; classtype:trojan-activity;sid:83696072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/10fgrm/realtekmonitor.exe"; depth:30; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832971/; classtype:trojan-activity;sid:83696071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.88.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832970/; classtype:trojan-activity;sid:83696070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832969/; classtype:trojan-activity;sid:83696069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832968/; classtype:trojan-activity;sid:83696068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.88.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832967/; classtype:trojan-activity;sid:83696067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.21.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832966/; classtype:trojan-activity;sid:83696066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.111.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832965/; classtype:trojan-activity;sid:83696065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832964/; classtype:trojan-activity;sid:83696064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.248.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832963/; classtype:trojan-activity;sid:83696063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.18.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832962/; classtype:trojan-activity;sid:83696062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.197.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832961/; classtype:trojan-activity;sid:83696061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpvmey.7z"; depth:10; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832960/; classtype:trojan-activity;sid:83696060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.5.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832959/; classtype:trojan-activity;sid:83696059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.18.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832958/; classtype:trojan-activity;sid:83696058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832956/; classtype:trojan-activity;sid:83696056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832957/; classtype:trojan-activity;sid:83696057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.214.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832955/; classtype:trojan-activity;sid:83696055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832954/; classtype:trojan-activity;sid:83696054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.103.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832953/; classtype:trojan-activity;sid:83696053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.188.146.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832952/; classtype:trojan-activity;sid:83696052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.67.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832951/; classtype:trojan-activity;sid:83696051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.62.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832950/; classtype:trojan-activity;sid:83696050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832949/; classtype:trojan-activity;sid:83696049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.67.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832948/; classtype:trojan-activity;sid:83696048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.197.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832947/; classtype:trojan-activity;sid:83696047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op.scr"; depth:7; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832946/; classtype:trojan-activity;sid:83696046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832945/; classtype:trojan-activity;sid:83696045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832944/; classtype:trojan-activity;sid:83696044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832943/; classtype:trojan-activity;sid:83696043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.61.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832942/; classtype:trojan-activity;sid:83696042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.62.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832941/; classtype:trojan-activity;sid:83696041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.232.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832940/; classtype:trojan-activity;sid:83696040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.40.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832939/; classtype:trojan-activity;sid:83696039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.193.120.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832938/; classtype:trojan-activity;sid:83696038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.187.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832937/; classtype:trojan-activity;sid:83696037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832936/; classtype:trojan-activity;sid:83696036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.14.191.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832935/; classtype:trojan-activity;sid:83696035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.122.239.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832934/; classtype:trojan-activity;sid:83696034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.29.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832933/; classtype:trojan-activity;sid:83696033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.72.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832930/; classtype:trojan-activity;sid:83696030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.169.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832931/; classtype:trojan-activity;sid:83696031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.175.157.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832932/; classtype:trojan-activity;sid:83696032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.mips"; depth:17; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832929/; classtype:trojan-activity;sid:83696029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm6"; depth:17; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832926/; classtype:trojan-activity;sid:83696026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm5"; depth:17; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832927/; classtype:trojan-activity;sid:83696027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.mips"; depth:27; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832928/; classtype:trojan-activity;sid:83696028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.ppc"; depth:26; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832922/; classtype:trojan-activity;sid:83696022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.mpsl"; depth:17; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832923/; classtype:trojan-activity;sid:83696023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.sh4"; depth:26; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832924/; classtype:trojan-activity;sid:83696024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm4"; depth:27; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832925/; classtype:trojan-activity;sid:83696025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.ppc"; depth:16; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832920/; classtype:trojan-activity;sid:83696020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm7"; depth:27; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832921/; classtype:trojan-activity;sid:83696021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.61.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832919/; classtype:trojan-activity;sid:83696019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.i686"; depth:17; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832915/; classtype:trojan-activity;sid:83696015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm5"; depth:27; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832916/; classtype:trojan-activity;sid:83696016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.x86"; depth:26; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832917/; classtype:trojan-activity;sid:83696017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.i686"; depth:27; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832918/; classtype:trojan-activity;sid:83696018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.m68k"; depth:17; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832911/; classtype:trojan-activity;sid:83696011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.sh4"; depth:16; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832912/; classtype:trojan-activity;sid:83696012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.m68k"; depth:27; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832913/; classtype:trojan-activity;sid:83696013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm6"; depth:27; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832914/; classtype:trojan-activity;sid:83696014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.mpsl"; depth:27; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832908/; classtype:trojan-activity;sid:83696008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm4"; depth:17; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832909/; classtype:trojan-activity;sid:83696009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm7"; depth:17; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832910/; classtype:trojan-activity;sid:83696010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.45.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832907/; classtype:trojan-activity;sid:83696007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.25.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832905/; classtype:trojan-activity;sid:83696005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832906/; classtype:trojan-activity;sid:83696006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.110.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832904/; classtype:trojan-activity;sid:83696004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.187.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832902/; classtype:trojan-activity;sid:83696002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.120.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832903/; classtype:trojan-activity;sid:83696003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832901/; classtype:trojan-activity;sid:83696001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.81.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832900/; classtype:trojan-activity;sid:83696000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832899/; classtype:trojan-activity;sid:83695999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.142.112.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832898/; classtype:trojan-activity;sid:83695998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832895/; classtype:trojan-activity;sid:83695995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832896/; classtype:trojan-activity;sid:83695996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832897/; classtype:trojan-activity;sid:83695997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832887/; classtype:trojan-activity;sid:83695987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832888/; classtype:trojan-activity;sid:83695988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832889/; classtype:trojan-activity;sid:83695989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832890/; classtype:trojan-activity;sid:83695990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832891/; classtype:trojan-activity;sid:83695991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832892/; classtype:trojan-activity;sid:83695992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832893/; classtype:trojan-activity;sid:83695993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"91.92.254.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832894/; classtype:trojan-activity;sid:83695994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.44.30.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832886/; classtype:trojan-activity;sid:83695986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.spc"; depth:12; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832873/; classtype:trojan-activity;sid:83695973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832874/; classtype:trojan-activity;sid:83695974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4t"; depth:14; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832875/; classtype:trojan-activity;sid:83695975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68"; depth:12; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832876/; classtype:trojan-activity;sid:83695976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832877/; classtype:trojan-activity;sid:83695977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4"; depth:13; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832878/; classtype:trojan-activity;sid:83695978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832879/; classtype:trojan-activity;sid:83695979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832880/; classtype:trojan-activity;sid:83695980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832881/; classtype:trojan-activity;sid:83695981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832882/; classtype:trojan-activity;sid:83695982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832883/; classtype:trojan-activity;sid:83695983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832884/; classtype:trojan-activity;sid:83695984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.i686"; depth:13; endswith; nocase; http.host; content:"185.196.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832885/; classtype:trojan-activity;sid:83695985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.102.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832872/; classtype:trojan-activity;sid:83695972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.238.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832871/; classtype:trojan-activity;sid:83695971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.70.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832870/; classtype:trojan-activity;sid:83695970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/return-of-space-setup.rar"; depth:35; endswith; nocase; http.host; content:"returnofspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832869/; classtype:trojan-activity;sid:83695969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d32e011d2eaa85a0/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"shaffatta.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832865/; classtype:trojan-activity;sid:83695965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d32e011d2eaa85a0/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"shaffatta.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832866/; classtype:trojan-activity;sid:83695966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d32e011d2eaa85a0/nss3.dll"; depth:26; endswith; nocase; http.host; content:"shaffatta.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832867/; classtype:trojan-activity;sid:83695967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d32e011d2eaa85a0/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"shaffatta.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832868/; classtype:trojan-activity;sid:83695968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d32e011d2eaa85a0/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"shaffatta.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832862/; classtype:trojan-activity;sid:83695962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d32e011d2eaa85a0/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"shaffatta.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832863/; classtype:trojan-activity;sid:83695963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d32e011d2eaa85a0/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"shaffatta.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832864/; classtype:trojan-activity;sid:83695964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.232.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832861/; classtype:trojan-activity;sid:83695961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.183.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832860/; classtype:trojan-activity;sid:83695960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.81.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832858/; classtype:trojan-activity;sid:83695958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.110.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832859/; classtype:trojan-activity;sid:83695959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.172.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832857/; classtype:trojan-activity;sid:83695957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.130.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832856/; classtype:trojan-activity;sid:83695956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832855/; classtype:trojan-activity;sid:83695955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832854/; classtype:trojan-activity;sid:83695954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.213.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832853/; classtype:trojan-activity;sid:83695953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.221.58.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832852/; classtype:trojan-activity;sid:83695952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832851/; classtype:trojan-activity;sid:83695951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.243.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832850/; classtype:trojan-activity;sid:83695950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.214.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832849/; classtype:trojan-activity;sid:83695949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.238.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832848/; classtype:trojan-activity;sid:83695948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832847/; classtype:trojan-activity;sid:83695947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.143.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832846/; classtype:trojan-activity;sid:83695946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.72.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832845/; classtype:trojan-activity;sid:83695945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"195.158.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832844/; classtype:trojan-activity;sid:83695944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.72.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832843/; classtype:trojan-activity;sid:83695943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.243.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832842/; classtype:trojan-activity;sid:83695942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.47.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832841/; classtype:trojan-activity;sid:83695941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.40.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832840/; classtype:trojan-activity;sid:83695940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.152.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832839/; classtype:trojan-activity;sid:83695939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832838/; classtype:trojan-activity;sid:83695938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.55.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832837/; classtype:trojan-activity;sid:83695937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832836/; classtype:trojan-activity;sid:83695936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.243.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832835/; classtype:trojan-activity;sid:83695935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.201.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832834/; classtype:trojan-activity;sid:83695934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.175.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832833/; classtype:trojan-activity;sid:83695933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832832/; classtype:trojan-activity;sid:83695932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.30.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832831/; classtype:trojan-activity;sid:83695931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.63.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832830/; classtype:trojan-activity;sid:83695930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"72.70.180.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832829/; classtype:trojan-activity;sid:83695929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.146.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832828/; classtype:trojan-activity;sid:83695928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.189.21.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832827/; classtype:trojan-activity;sid:83695927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.107.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832826/; classtype:trojan-activity;sid:83695926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832825/; classtype:trojan-activity;sid:83695925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832824/; classtype:trojan-activity;sid:83695924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.30.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832823/; classtype:trojan-activity;sid:83695923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.143.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832822/; classtype:trojan-activity;sid:83695922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.143.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832821/; classtype:trojan-activity;sid:83695921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832820/; classtype:trojan-activity;sid:83695920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.48.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832819/; classtype:trojan-activity;sid:83695919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.x86"; depth:16; endswith; nocase; http.host; content:"94.156.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832818/; classtype:trojan-activity;sid:83695918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.146.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832817/; classtype:trojan-activity;sid:83695917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.107.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832816/; classtype:trojan-activity;sid:83695916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.113.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832815/; classtype:trojan-activity;sid:83695915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.55.153.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832813/; classtype:trojan-activity;sid:83695913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.103.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832814/; classtype:trojan-activity;sid:83695914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.62.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832812/; classtype:trojan-activity;sid:83695912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.103.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832811/; classtype:trojan-activity;sid:83695911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832810/; classtype:trojan-activity;sid:83695910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"45.90.13.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832809/; classtype:trojan-activity;sid:83695909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"45.90.13.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832808/; classtype:trojan-activity;sid:83695908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.88.168"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832807/; classtype:trojan-activity;sid:83695907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.134.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832806/; classtype:trojan-activity;sid:83695906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.125.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832805/; classtype:trojan-activity;sid:83695905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832804/; classtype:trojan-activity;sid:83695904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/images/images/im/im.png"; depth:33; endswith; nocase; http.host; content:"totalhorsehealth.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832803/; classtype:trojan-activity;sid:83695903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/bgcbt"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832801/; classtype:trojan-activity;sid:83695901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90811/btrkc/fishermansaidyouaremyloverbecauseitrulyloveyoufromtheheartmysweetheartmysweetkissyouaremybeautifulwomen___ialwaysrememberyoumorethananyone.doc"; depth:155; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832802/; classtype:trojan-activity;sid:83695902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/yrhcu"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832800/; classtype:trojan-activity;sid:83695900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90811/btkbc.txt"; depth:16; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832798/; classtype:trojan-activity;sid:83695898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5010/htc.txt"; depth:13; endswith; nocase; http.host; content:"107.172.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832799/; classtype:trojan-activity;sid:83695899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5010/frg/wedesingedfisherboattounderstanditsaworthfulthingstogetherbacksheisverybeatufiulgirlfrommyheartsheisgirl___womenslverkssinglipher.doc"; depth:143; endswith; nocase; http.host; content:"107.172.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832796/; classtype:trojan-activity;sid:83695896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5010/imagefishermankissinggirl.gif"; depth:35; endswith; nocase; http.host; content:"107.172.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832797/; classtype:trojan-activity;sid:83695897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90811/imageofthefishermankiss.gif"; depth:34; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832795/; classtype:trojan-activity;sid:83695895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1tkxxasl5dupxj37ckia7dyw5erlqvs5y"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832794/; classtype:trojan-activity;sid:83695894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1afghykq7_aq3qcyfa2vxbtkf4nvabj4j"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832789/; classtype:trojan-activity;sid:83695889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1y9cw9u7xzybxxpdoyvxuosfdoia2aa6v"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832790/; classtype:trojan-activity;sid:83695890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1p6ucnuojwjyctbi8jjum7gxws1dlljr7"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832791/; classtype:trojan-activity;sid:83695891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1efqf-jaxwxyykshdiv_an0kdtcot5aqo"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832792/; classtype:trojan-activity;sid:83695892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lsdxum_3bepf51r3sbcin3vdiwcz_oni"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832793/; classtype:trojan-activity;sid:83695893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.16.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832788/; classtype:trojan-activity;sid:83695888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832787/; classtype:trojan-activity;sid:83695887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.160.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832786/; classtype:trojan-activity;sid:83695886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832785/; classtype:trojan-activity;sid:83695885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.73.242.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832784/; classtype:trojan-activity;sid:83695884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.94.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832783/; classtype:trojan-activity;sid:83695883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.113.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832782/; classtype:trojan-activity;sid:83695882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.79.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832781/; classtype:trojan-activity;sid:83695881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.125.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832780/; classtype:trojan-activity;sid:83695880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669123201|3f|hash=xdcpjelzxewo4kztohuqemvckwzlhqqzbjyb5ykd2jc|7c|26|7c|dl=coyly32azwrawiuav6lvf1kvnbsjshxc1w6esy9lvxc|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832779/; classtype:trojan-activity;sid:83695879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.12.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832778/; classtype:trojan-activity;sid:83695878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.193.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832777/; classtype:trojan-activity;sid:83695877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uigclhxyeyyhi246.bin"; depth:21; endswith; nocase; http.host; content:"67.203.7.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832776/; classtype:trojan-activity;sid:83695876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.73.242.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832775/; classtype:trojan-activity;sid:83695875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex.bin"; depth:7; endswith; nocase; http.host; content:"ralucamihaela.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832774/; classtype:trojan-activity;sid:83695874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.48.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832773/; classtype:trojan-activity;sid:83695873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gr1.bin"; depth:8; endswith; nocase; http.host; content:"ralucamihaela.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832771/; classtype:trojan-activity;sid:83695871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.16.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832772/; classtype:trojan-activity;sid:83695872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gr.bin"; depth:7; endswith; nocase; http.host; content:"ralucamihaela.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832770/; classtype:trojan-activity;sid:83695870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gdningsopbevaringsanlggene.pfb"; depth:31; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832767/; classtype:trojan-activity;sid:83695867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.160.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832768/; classtype:trojan-activity;sid:83695868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azhfsrgnnmsdgahiuwb214.bin"; depth:27; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832769/; classtype:trojan-activity;sid:83695869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uqqmlftcausvpgkzz168.bin"; depth:25; endswith; nocase; http.host; content:"193.239.86.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832766/; classtype:trojan-activity;sid:83695866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.188.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832765/; classtype:trojan-activity;sid:83695865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.35"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832764/; classtype:trojan-activity;sid:83695864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832763/; classtype:trojan-activity;sid:83695863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.125.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832762/; classtype:trojan-activity;sid:83695862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.117.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832761/; classtype:trojan-activity;sid:83695861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.85.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832760/; classtype:trojan-activity;sid:83695860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acrobatreaderpro.exe"; depth:21; endswith; nocase; http.host; content:"185.81.29.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832759/; classtype:trojan-activity;sid:83695859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832758/; classtype:trojan-activity;sid:83695858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.5.149.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832757/; classtype:trojan-activity;sid:83695857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832755/; classtype:trojan-activity;sid:83695855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/jfesawdr.exe"; depth:18; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832756/; classtype:trojan-activity;sid:83695856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.189.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832754/; classtype:trojan-activity;sid:83695854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.188.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832753/; classtype:trojan-activity;sid:83695853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.159.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832752/; classtype:trojan-activity;sid:83695852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.182.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832751/; classtype:trojan-activity;sid:83695851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.34.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832750/; classtype:trojan-activity;sid:83695850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.92.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832749/; classtype:trojan-activity;sid:83695849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669119231|3f|hash=96vtdhhgsbnei9sei0lnjmid4wbfmsjn56lhcfutlwh|7c|26|7c|dl=ewxebzefbe7eittyrwkloemkj3rn9f1w896khygvlwk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832748/; classtype:trojan-activity;sid:83695848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.30.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832747/; classtype:trojan-activity;sid:83695847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.83.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832746/; classtype:trojan-activity;sid:83695846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pl.bin"; depth:7; endswith; nocase; http.host; content:"ralucamihaela.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832745/; classtype:trojan-activity;sid:83695845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.85.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832744/; classtype:trojan-activity;sid:83695844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.50.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832743/; classtype:trojan-activity;sid:83695843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.114.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832742/; classtype:trojan-activity;sid:83695842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.159.62.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832741/; classtype:trojan-activity;sid:83695841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.53.42.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832740/; classtype:trojan-activity;sid:83695840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.121.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832739/; classtype:trojan-activity;sid:83695839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.137.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832738/; classtype:trojan-activity;sid:83695838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.151.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832737/; classtype:trojan-activity;sid:83695837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.5.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832736/; classtype:trojan-activity;sid:83695836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.121.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832735/; classtype:trojan-activity;sid:83695835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.131.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832734/; classtype:trojan-activity;sid:83695834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.182.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832733/; classtype:trojan-activity;sid:83695833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.150.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832732/; classtype:trojan-activity;sid:83695832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.92.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832731/; classtype:trojan-activity;sid:83695831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832730/; classtype:trojan-activity;sid:83695830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.55.250.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832729/; classtype:trojan-activity;sid:83695829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.89.216.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832728/; classtype:trojan-activity;sid:83695828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.201.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832727/; classtype:trojan-activity;sid:83695827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.45.134.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832726/; classtype:trojan-activity;sid:83695826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.217.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832725/; classtype:trojan-activity;sid:83695825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calitatex/nloniqwpmhahokeszhprtm43.bin"; depth:39; endswith; nocase; http.host; content:"absorbante-calitate.ro"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832724/; classtype:trojan-activity;sid:83695824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832723/; classtype:trojan-activity;sid:83695823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832722/; classtype:trojan-activity;sid:83695822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.146.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832720/; classtype:trojan-activity;sid:83695820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832721/; classtype:trojan-activity;sid:83695821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twvvmophe254.bin"; depth:17; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832719/; classtype:trojan-activity;sid:83695819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.239.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832718/; classtype:trojan-activity;sid:83695818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.132.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832716/; classtype:trojan-activity;sid:83695816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.86.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832717/; classtype:trojan-activity;sid:83695817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.210.217.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832714/; classtype:trojan-activity;sid:83695814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isetup4.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832715/; classtype:trojan-activity;sid:83695815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832713/; classtype:trojan-activity;sid:83695813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.6.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832712/; classtype:trojan-activity;sid:83695812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.151.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832710/; classtype:trojan-activity;sid:83695810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.175.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832711/; classtype:trojan-activity;sid:83695811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.177.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832708/; classtype:trojan-activity;sid:83695808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.60.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832709/; classtype:trojan-activity;sid:83695809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.151.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832707/; classtype:trojan-activity;sid:83695807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.84.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832706/; classtype:trojan-activity;sid:83695806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.131.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832705/; classtype:trojan-activity;sid:83695805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.129.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832704/; classtype:trojan-activity;sid:83695804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.217.184.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832703/; classtype:trojan-activity;sid:83695803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.201.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832702/; classtype:trojan-activity;sid:83695802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.5.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832701/; classtype:trojan-activity;sid:83695801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832700/; classtype:trojan-activity;sid:83695800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.189.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832699/; classtype:trojan-activity;sid:83695799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.38.195.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832698/; classtype:trojan-activity;sid:83695798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832696/; classtype:trojan-activity;sid:83695796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832697/; classtype:trojan-activity;sid:83695797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832687/; classtype:trojan-activity;sid:83695787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832688/; classtype:trojan-activity;sid:83695788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832689/; classtype:trojan-activity;sid:83695789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832690/; classtype:trojan-activity;sid:83695790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832691/; classtype:trojan-activity;sid:83695791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832692/; classtype:trojan-activity;sid:83695792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832693/; classtype:trojan-activity;sid:83695793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832694/; classtype:trojan-activity;sid:83695794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"herioscheats.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832695/; classtype:trojan-activity;sid:83695795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.71.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832686/; classtype:trojan-activity;sid:83695786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.117.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832685/; classtype:trojan-activity;sid:83695785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b"; depth:4; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832680/; classtype:trojan-activity;sid:83695780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/splash.sh"; depth:12; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832681/; classtype:trojan-activity;sid:83695781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/wget.sh"; depth:10; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832682/; classtype:trojan-activity;sid:83695782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/g"; depth:4; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832683/; classtype:trojan-activity;sid:83695783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/l"; depth:4; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832684/; classtype:trojan-activity;sid:83695784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832676/; classtype:trojan-activity;sid:83695776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832677/; classtype:trojan-activity;sid:83695777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xh0roxxnavebusyoo.x86"; depth:23; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832678/; classtype:trojan-activity;sid:83695778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832679/; classtype:trojan-activity;sid:83695779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i586"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832674/; classtype:trojan-activity;sid:83695774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832675/; classtype:trojan-activity;sid:83695775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832673/; classtype:trojan-activity;sid:83695773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832670/; classtype:trojan-activity;sid:83695770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832671/; classtype:trojan-activity;sid:83695771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kowai.mips"; depth:16; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832672/; classtype:trojan-activity;sid:83695772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832663/; classtype:trojan-activity;sid:83695763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832664/; classtype:trojan-activity;sid:83695764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/l"; depth:4; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832665/; classtype:trojan-activity;sid:83695765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/wget.sh"; depth:10; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832666/; classtype:trojan-activity;sid:83695766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/splash.sh"; depth:12; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832667/; classtype:trojan-activity;sid:83695767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832668/; classtype:trojan-activity;sid:83695768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832669/; classtype:trojan-activity;sid:83695769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832661/; classtype:trojan-activity;sid:83695761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832662/; classtype:trojan-activity;sid:83695762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832659/; classtype:trojan-activity;sid:83695759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm4"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832660/; classtype:trojan-activity;sid:83695760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832657/; classtype:trojan-activity;sid:83695757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832658/; classtype:trojan-activity;sid:83695758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832652/; classtype:trojan-activity;sid:83695752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832653/; classtype:trojan-activity;sid:83695753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832654/; classtype:trojan-activity;sid:83695754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b"; depth:4; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832655/; classtype:trojan-activity;sid:83695755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832656/; classtype:trojan-activity;sid:83695756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832649/; classtype:trojan-activity;sid:83695749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832650/; classtype:trojan-activity;sid:83695750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/g"; depth:4; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832651/; classtype:trojan-activity;sid:83695751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"xkoic3y.dekma-gay.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832648/; classtype:trojan-activity;sid:83695748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.59.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832646/; classtype:trojan-activity;sid:83695746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.164.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832647/; classtype:trojan-activity;sid:83695747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.64.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832645/; classtype:trojan-activity;sid:83695745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.32.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832644/; classtype:trojan-activity;sid:83695744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.217.184.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832643/; classtype:trojan-activity;sid:83695743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.93.188.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832642/; classtype:trojan-activity;sid:83695742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832641/; classtype:trojan-activity;sid:83695741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.60.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832640/; classtype:trojan-activity;sid:83695740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shitload.exe"; depth:13; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832639/; classtype:trojan-activity;sid:83695739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.48.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832638/; classtype:trojan-activity;sid:83695738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.189.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832637/; classtype:trojan-activity;sid:83695737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.93.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832636/; classtype:trojan-activity;sid:83695736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832634/; classtype:trojan-activity;sid:83695734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.36.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832635/; classtype:trojan-activity;sid:83695735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.38.195.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832633/; classtype:trojan-activity;sid:83695733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.78.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832632/; classtype:trojan-activity;sid:83695732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.46.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832631/; classtype:trojan-activity;sid:83695731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832630/; classtype:trojan-activity;sid:83695730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.81.207"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832629/; classtype:trojan-activity;sid:83695729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.37.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832627/; classtype:trojan-activity;sid:83695727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.66.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832628/; classtype:trojan-activity;sid:83695728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.93.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832626/; classtype:trojan-activity;sid:83695726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.229.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832625/; classtype:trojan-activity;sid:83695725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.36.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832624/; classtype:trojan-activity;sid:83695724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.59.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832623/; classtype:trojan-activity;sid:83695723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.164.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832622/; classtype:trojan-activity;sid:83695722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832621/; classtype:trojan-activity;sid:83695721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832620/; classtype:trojan-activity;sid:83695720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.107.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832619/; classtype:trojan-activity;sid:83695719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.133.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832618/; classtype:trojan-activity;sid:83695718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.225.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832617/; classtype:trojan-activity;sid:83695717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832616/; classtype:trojan-activity;sid:83695716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832615/; classtype:trojan-activity;sid:83695715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832614/; classtype:trojan-activity;sid:83695714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.150.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832613/; classtype:trojan-activity;sid:83695713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832612/; classtype:trojan-activity;sid:83695712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832611/; classtype:trojan-activity;sid:83695711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm7"; depth:10; endswith; nocase; http.host; content:"94.182.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832610/; classtype:trojan-activity;sid:83695710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.196.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832609/; classtype:trojan-activity;sid:83695709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832608/; classtype:trojan-activity;sid:83695708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.67.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832607/; classtype:trojan-activity;sid:83695707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832606/; classtype:trojan-activity;sid:83695706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.181.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832605/; classtype:trojan-activity;sid:83695705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.207.185.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832603/; classtype:trojan-activity;sid:83695703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.237.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832604/; classtype:trojan-activity;sid:83695704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832602/; classtype:trojan-activity;sid:83695702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832596/; classtype:trojan-activity;sid:83695696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832597/; classtype:trojan-activity;sid:83695697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832598/; classtype:trojan-activity;sid:83695698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832599/; classtype:trojan-activity;sid:83695699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832600/; classtype:trojan-activity;sid:83695700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832601/; classtype:trojan-activity;sid:83695701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832582/; classtype:trojan-activity;sid:83695682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832583/; classtype:trojan-activity;sid:83695683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832584/; classtype:trojan-activity;sid:83695684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832585/; classtype:trojan-activity;sid:83695685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832586/; classtype:trojan-activity;sid:83695686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832587/; classtype:trojan-activity;sid:83695687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832588/; classtype:trojan-activity;sid:83695688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832589/; classtype:trojan-activity;sid:83695689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832590/; classtype:trojan-activity;sid:83695690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832591/; classtype:trojan-activity;sid:83695691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832592/; classtype:trojan-activity;sid:83695692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832593/; classtype:trojan-activity;sid:83695693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832594/; classtype:trojan-activity;sid:83695694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832595/; classtype:trojan-activity;sid:83695695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832573/; classtype:trojan-activity;sid:83695673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832574/; classtype:trojan-activity;sid:83695674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832575/; classtype:trojan-activity;sid:83695675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832576/; classtype:trojan-activity;sid:83695676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832577/; classtype:trojan-activity;sid:83695677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832578/; classtype:trojan-activity;sid:83695678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832579/; classtype:trojan-activity;sid:83695679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832580/; classtype:trojan-activity;sid:83695680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832581/; classtype:trojan-activity;sid:83695681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832566/; classtype:trojan-activity;sid:83695666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832567/; classtype:trojan-activity;sid:83695667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832568/; classtype:trojan-activity;sid:83695668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832569/; classtype:trojan-activity;sid:83695669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"kz.adolfhitler.su"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832570/; classtype:trojan-activity;sid:83695670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832571/; classtype:trojan-activity;sid:83695671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832572/; classtype:trojan-activity;sid:83695672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832557/; classtype:trojan-activity;sid:83695657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832558/; classtype:trojan-activity;sid:83695658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832559/; classtype:trojan-activity;sid:83695659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832560/; classtype:trojan-activity;sid:83695660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832561/; classtype:trojan-activity;sid:83695661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832562/; classtype:trojan-activity;sid:83695662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832563/; classtype:trojan-activity;sid:83695663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832564/; classtype:trojan-activity;sid:83695664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"security.secure-core-rebirthltd.su"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832565/; classtype:trojan-activity;sid:83695665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"security.rebirth-network.su"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832556/; classtype:trojan-activity;sid:83695656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"bot.secure-network-rebirthltd.ru"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832555/; classtype:trojan-activity;sid:83695655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.28.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832554/; classtype:trojan-activity;sid:83695654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.27.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832553/; classtype:trojan-activity;sid:83695653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832552/; classtype:trojan-activity;sid:83695652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832551/; classtype:trojan-activity;sid:83695651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//x86_64"; depth:8; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832543/; classtype:trojan-activity;sid:83695643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m68k"; depth:6; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832544/; classtype:trojan-activity;sid:83695644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//mpsl"; depth:6; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832545/; classtype:trojan-activity;sid:83695645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm6"; depth:6; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832546/; classtype:trojan-activity;sid:83695646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//mips"; depth:6; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832547/; classtype:trojan-activity;sid:83695647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm7"; depth:6; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832548/; classtype:trojan-activity;sid:83695648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm5"; depth:6; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832549/; classtype:trojan-activity;sid:83695649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.131.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832550/; classtype:trojan-activity;sid:83695650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm4"; depth:6; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832542/; classtype:trojan-activity;sid:83695642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832537/; classtype:trojan-activity;sid:83695637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832538/; classtype:trojan-activity;sid:83695638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832539/; classtype:trojan-activity;sid:83695639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832540/; classtype:trojan-activity;sid:83695640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832541/; classtype:trojan-activity;sid:83695641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832522/; classtype:trojan-activity;sid:83695622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832523/; classtype:trojan-activity;sid:83695623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832524/; classtype:trojan-activity;sid:83695624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832525/; classtype:trojan-activity;sid:83695625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832526/; classtype:trojan-activity;sid:83695626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832527/; classtype:trojan-activity;sid:83695627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832528/; classtype:trojan-activity;sid:83695628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832529/; classtype:trojan-activity;sid:83695629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832530/; classtype:trojan-activity;sid:83695630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832531/; classtype:trojan-activity;sid:83695631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832532/; classtype:trojan-activity;sid:83695632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832533/; classtype:trojan-activity;sid:83695633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832534/; classtype:trojan-activity;sid:83695634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832535/; classtype:trojan-activity;sid:83695635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832536/; classtype:trojan-activity;sid:83695636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832517/; classtype:trojan-activity;sid:83695617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832518/; classtype:trojan-activity;sid:83695618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832519/; classtype:trojan-activity;sid:83695619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832520/; classtype:trojan-activity;sid:83695620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832521/; classtype:trojan-activity;sid:83695621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832507/; classtype:trojan-activity;sid:83695607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832508/; classtype:trojan-activity;sid:83695608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832509/; classtype:trojan-activity;sid:83695609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832510/; classtype:trojan-activity;sid:83695610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832511/; classtype:trojan-activity;sid:83695611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832512/; classtype:trojan-activity;sid:83695612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832513/; classtype:trojan-activity;sid:83695613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832514/; classtype:trojan-activity;sid:83695614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"lsagjogu8ztaueghasdjsdigh.cc"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832515/; classtype:trojan-activity;sid:83695615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832516/; classtype:trojan-activity;sid:83695616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832501/; classtype:trojan-activity;sid:83695601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832502/; classtype:trojan-activity;sid:83695602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832503/; classtype:trojan-activity;sid:83695603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832504/; classtype:trojan-activity;sid:83695604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"hitler.su"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832505/; classtype:trojan-activity;sid:83695605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832506/; classtype:trojan-activity;sid:83695606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832500/; classtype:trojan-activity;sid:83695600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832492/; classtype:trojan-activity;sid:83695592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832493/; classtype:trojan-activity;sid:83695593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832494/; classtype:trojan-activity;sid:83695594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832495/; classtype:trojan-activity;sid:83695595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832496/; classtype:trojan-activity;sid:83695596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832497/; classtype:trojan-activity;sid:83695597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"kz.hitler.su"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832498/; classtype:trojan-activity;sid:83695598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"vps.rebirth-network.su"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832499/; classtype:trojan-activity;sid:83695599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832490/; classtype:trojan-activity;sid:83695590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"xysk5eeyj0j5n.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832491/; classtype:trojan-activity;sid:83695591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.196.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832489/; classtype:trojan-activity;sid:83695589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.170.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832488/; classtype:trojan-activity;sid:83695588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.105.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832487/; classtype:trojan-activity;sid:83695587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.67.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832486/; classtype:trojan-activity;sid:83695586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832484/; classtype:trojan-activity;sid:83695584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832485/; classtype:trojan-activity;sid:83695585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832483/; classtype:trojan-activity;sid:83695583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832471/; classtype:trojan-activity;sid:83695571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832472/; classtype:trojan-activity;sid:83695572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832473/; classtype:trojan-activity;sid:83695573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832474/; classtype:trojan-activity;sid:83695574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832475/; classtype:trojan-activity;sid:83695575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832476/; classtype:trojan-activity;sid:83695576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832477/; classtype:trojan-activity;sid:83695577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832478/; classtype:trojan-activity;sid:83695578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832479/; classtype:trojan-activity;sid:83695579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832480/; classtype:trojan-activity;sid:83695580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832481/; classtype:trojan-activity;sid:83695581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"212.70.149.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832482/; classtype:trojan-activity;sid:83695582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.165.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832470/; classtype:trojan-activity;sid:83695570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.81.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832469/; classtype:trojan-activity;sid:83695569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"123.13.49.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832468/; classtype:trojan-activity;sid:83695568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.186.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832467/; classtype:trojan-activity;sid:83695567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.27.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832466/; classtype:trojan-activity;sid:83695566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.251.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832465/; classtype:trojan-activity;sid:83695565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.176.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832464/; classtype:trojan-activity;sid:83695564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12emoxkbfqbehbulotwlt0rkbuyzrat0e"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832463/; classtype:trojan-activity;sid:83695563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1use9lrwmpsvcgrzvm-nthdfwbxibuijw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832460/; classtype:trojan-activity;sid:83695560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nqzevdctz3sdxlxqbq8lq0uwb65vhzdb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832461/; classtype:trojan-activity;sid:83695561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ziwwewtmcw_lrwmnlv_hju8y-0oeul4d"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832462/; classtype:trojan-activity;sid:83695562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1m2fieailzjcazla70b5mrypd_hoa4xg_"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832459/; classtype:trojan-activity;sid:83695559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1whenyrt4lzthewaggvmwiy4_aso0m32e"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832456/; classtype:trojan-activity;sid:83695556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1vmnesagqu4nlpa5s6ko_ul922pplu3kl"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832457/; classtype:trojan-activity;sid:83695557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dbb03meugbtomwgyyvjoexbuhaq_lndr"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832458/; classtype:trojan-activity;sid:83695558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1puc0heqcmqiezgusyg6-gcdspzujduza"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832454/; classtype:trojan-activity;sid:83695554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lojndz-jmftgvokrqx9qwggf05erbzzf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832455/; classtype:trojan-activity;sid:83695555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/images/smilies/output.js"; depth:37; endswith; nocase; http.host; content:"postutopia.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832453/; classtype:trojan-activity;sid:83695553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kung/bin.exe"; depth:13; endswith; nocase; http.host; content:"103.29.0.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832452/; classtype:trojan-activity;sid:83695552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/wdf/wearegoingtobegoodwithmebecauseireallylovethisallpersonandinotwanttodonothingbecausesheisverybeautifulgirl___iunderstandsheisgoodo.doc"; depth:145; endswith; nocase; http.host; content:"103.29.0.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832451/; classtype:trojan-activity;sid:83695551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/findpeacebin.scr"; depth:17; endswith; nocase; http.host; content:"universalmovies.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832450/; classtype:trojan-activity;sid:83695550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.81.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832449/; classtype:trojan-activity;sid:83695549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.238.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832448/; classtype:trojan-activity;sid:83695548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.92.82.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832447/; classtype:trojan-activity;sid:83695547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smips"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832443/; classtype:trojan-activity;sid:83695543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ssh4"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832444/; classtype:trojan-activity;sid:83695544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832445/; classtype:trojan-activity;sid:83695545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ssh4"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832446/; classtype:trojan-activity;sid:83695546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86_64"; depth:9; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832434/; classtype:trojan-activity;sid:83695534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832435/; classtype:trojan-activity;sid:83695535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ssh4"; depth:6; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832436/; classtype:trojan-activity;sid:83695536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sspc"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832437/; classtype:trojan-activity;sid:83695537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm6"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832438/; classtype:trojan-activity;sid:83695538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832439/; classtype:trojan-activity;sid:83695539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832440/; classtype:trojan-activity;sid:83695540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm5"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832441/; classtype:trojan-activity;sid:83695541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sm68k"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832442/; classtype:trojan-activity;sid:83695542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832430/; classtype:trojan-activity;sid:83695530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832431/; classtype:trojan-activity;sid:83695531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832432/; classtype:trojan-activity;sid:83695532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832433/; classtype:trojan-activity;sid:83695533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.166.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832429/; classtype:trojan-activity;sid:83695529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.94.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832428/; classtype:trojan-activity;sid:83695528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cs/april-29-receipt.zip"; depth:24; endswith; nocase; http.host; content:"staygeraldine.nz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832425/; classtype:trojan-activity;sid:83695525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cs/hvapril.txt"; depth:15; endswith; nocase; http.host; content:"staygeraldine.nz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832426/; classtype:trojan-activity;sid:83695526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cs/reccc.txt"; depth:13; endswith; nocase; http.host; content:"staygeraldine.nz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832427/; classtype:trojan-activity;sid:83695527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/kivfsxmq"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832423/; classtype:trojan-activity;sid:83695523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/eey9exce"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832424/; classtype:trojan-activity;sid:83695524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ap/xwapri.txt"; depth:14; endswith; nocase; http.host; content:"joccupationalscience.org"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832422/; classtype:trojan-activity;sid:83695522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ndu16ucu"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832421/; classtype:trojan-activity;sid:83695521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teebin.scr"; depth:11; endswith; nocase; http.host; content:"universalmovies.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832420/; classtype:trojan-activity;sid:83695520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakfileloadsonedrivedocumentsuploadgoogleapclouddownloads/255_jroqjrqxvse"; depth:74; endswith; nocase; http.host; content:"84.252.122.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832419/; classtype:trojan-activity;sid:83695519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.177.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832418/; classtype:trojan-activity;sid:83695518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wosoeoacoiouroeasazazaooeurooeoasas/255_zhfwuyuhaur"; depth:52; endswith; nocase; http.host; content:"84.252.122.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832417/; classtype:trojan-activity;sid:83695517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.192.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832416/; classtype:trojan-activity;sid:83695516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.89.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832415/; classtype:trojan-activity;sid:83695515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imtoken-v2.apk"; depth:15; endswith; nocase; http.host; content:"download.gghxyy.club"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832414/; classtype:trojan-activity;sid:83695514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.211.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832413/; classtype:trojan-activity;sid:83695513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.1.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832412/; classtype:trojan-activity;sid:83695512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.69.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832411/; classtype:trojan-activity;sid:83695511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.94.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832410/; classtype:trojan-activity;sid:83695510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.143.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832409/; classtype:trojan-activity;sid:83695509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.49.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832408/; classtype:trojan-activity;sid:83695508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"167.179.178.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832407/; classtype:trojan-activity;sid:83695507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832406/; classtype:trojan-activity;sid:83695506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zme1id-fhk015vzpsi2h2cistij-nz3u"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832404/; classtype:trojan-activity;sid:83695504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1akzq1cjejvdutlwwiycajdm4bffw0mbq"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832405/; classtype:trojan-activity;sid:83695505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.153.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832403/; classtype:trojan-activity;sid:83695503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imtoken-v2.apk"; depth:15; endswith; nocase; http.host; content:"39.103.217.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832402/; classtype:trojan-activity;sid:83695502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghj.txt"; depth:8; endswith; nocase; http.host; content:"bomdokasw.ru.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832401/; classtype:trojan-activity;sid:83695501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/thahy"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832400/; classtype:trojan-activity;sid:83695500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gdlbmnxyayfcuhl1ozlcl5-j1g--nesj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832398/; classtype:trojan-activity;sid:83695498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lf_rx4l60nrlsrg52wq1dbdw071o7bg-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832399/; classtype:trojan-activity;sid:83695499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baze64444.txt"; depth:14; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832397/; classtype:trojan-activity;sid:83695497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/773/812/original/js.jpg"; depth:35; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832396/; classtype:trojan-activity;sid:83695496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.177.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832395/; classtype:trojan-activity;sid:83695495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrngwescreentherootforentirepurposehappenedwthhappinessskeisverybeatuiful___heisverygoodnadbeautiufl.doc"; depth:105; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832393/; classtype:trojan-activity;sid:83695493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/ewe8w"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832394/; classtype:trojan-activity;sid:83695494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morningxla.js"; depth:14; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832392/; classtype:trojan-activity;sid:83695492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.108.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832391/; classtype:trojan-activity;sid:83695491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/f74qb"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832390/; classtype:trojan-activity;sid:83695490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90818/gtrr.txt"; depth:15; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832389/; classtype:trojan-activity;sid:83695489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.56.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832388/; classtype:trojan-activity;sid:83695488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90818/scrr/multiplepeoplessayingheisverygoodpersonsoicanabletounderstandhowmuchgoodheisimeangoodgirl___sheisverybeautifulgirlformetogetit.doc"; depth:142; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832386/; classtype:trojan-activity;sid:83695486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90818/examplepixelimages.gif"; depth:29; endswith; nocase; http.host; content:"107.175.242.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832387/; classtype:trojan-activity;sid:83695487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=59261c7e41b6478a%21212|7c|26|7c|authkey=!agx6xu7a8tjfwjs"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832385/; classtype:trojan-activity;sid:83695485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=59261c7e41b6478a%21215|7c|26|7c|authkey=!ailxsvzlzbop3io"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832383/; classtype:trojan-activity;sid:83695483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.125.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832384/; classtype:trojan-activity;sid:83695484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832382/; classtype:trojan-activity;sid:83695482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9090/jhn/iwanttokiswithlotoflovesheismygirlitrulylovedherfromtheheartmysweetbabymyheartiwantsheiswithme___girlbeautifysxyandmorethanthat.doc"; depth:141; endswith; nocase; http.host; content:"104.168.45.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832381/; classtype:trojan-activity;sid:83695481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9090/newst.txt"; depth:15; endswith; nocase; http.host; content:"104.168.45.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832380/; classtype:trojan-activity;sid:83695480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9090/imageveryclearfisherman.gif"; depth:33; endswith; nocase; http.host; content:"104.168.45.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832379/; classtype:trojan-activity;sid:83695479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xspqv"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832378/; classtype:trojan-activity;sid:83695478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9009/dfg.txt"; depth:13; endswith; nocase; http.host; content:"107.172.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832377/; classtype:trojan-activity;sid:83695477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/dxgch"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832376/; classtype:trojan-activity;sid:83695476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.66.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832373/; classtype:trojan-activity;sid:83695473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9009/imagepixelsample.gif"; depth:26; endswith; nocase; http.host; content:"107.172.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832374/; classtype:trojan-activity;sid:83695474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9009/hjm/softmindwithagoodheartpersonwinentireworldheartfromthepeopleswhoilovedbeautiful__girlsheknowhowltolovemegreatwayshe.doc"; depth:129; endswith; nocase; http.host; content:"107.172.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832375/; classtype:trojan-activity;sid:83695475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.1.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832372/; classtype:trojan-activity;sid:83695472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832371/; classtype:trojan-activity;sid:83695471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.226.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832370/; classtype:trojan-activity;sid:83695470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832369/; classtype:trojan-activity;sid:83695469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.143.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832368/; classtype:trojan-activity;sid:83695468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tossers.psp"; depth:12; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832367/; classtype:trojan-activity;sid:83695467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puzakuq35.bin"; depth:14; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832366/; classtype:trojan-activity;sid:83695466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.238.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832365/; classtype:trojan-activity;sid:83695465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/detentionen.java"; depth:17; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832362/; classtype:trojan-activity;sid:83695462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dybere.mix"; depth:11; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832363/; classtype:trojan-activity;sid:83695463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nnzsa79.bin"; depth:12; endswith; nocase; http.host; content:"park-your-track.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832364/; classtype:trojan-activity;sid:83695464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fkkcx162.bin"; depth:13; endswith; nocase; http.host; content:"94.156.79.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832361/; classtype:trojan-activity;sid:83695461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.47.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832360/; classtype:trojan-activity;sid:83695460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.56.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832359/; classtype:trojan-activity;sid:83695459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.48.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832358/; classtype:trojan-activity;sid:83695458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.43.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832357/; classtype:trojan-activity;sid:83695457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.66.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832356/; classtype:trojan-activity;sid:83695456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.153.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832355/; classtype:trojan-activity;sid:83695455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zfkekzp175.bin"; depth:15; endswith; nocase; http.host; content:"209.90.233.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832354/; classtype:trojan-activity;sid:83695454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gsyrgkggl239.bin"; depth:17; endswith; nocase; http.host; content:"209.90.233.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832353/; classtype:trojan-activity;sid:83695453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.125.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832352/; classtype:trojan-activity;sid:83695452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cndxuyyscgouqbvtc207.bin"; depth:25; endswith; nocase; http.host; content:"193.239.86.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832351/; classtype:trojan-activity;sid:83695451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mosefundets.jpb"; depth:16; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832349/; classtype:trojan-activity;sid:83695449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rnhkmlcurocfmjivdhhf128.bin"; depth:28; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832350/; classtype:trojan-activity;sid:83695450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.103.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832347/; classtype:trojan-activity;sid:83695447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oigikpmvqfmxzwuuka221.bin"; depth:26; endswith; nocase; http.host; content:"209.90.234.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832348/; classtype:trojan-activity;sid:83695448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.176.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832346/; classtype:trojan-activity;sid:83695446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.25.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832345/; classtype:trojan-activity;sid:83695445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=18niohtbdx0gjrydinu6ddsrcqbj6wjt0"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832344/; classtype:trojan-activity;sid:83695444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lnfp4kirtgfb3bkba5eul8rg-cpgdt4q"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832343/; classtype:trojan-activity;sid:83695443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832342/; classtype:trojan-activity;sid:83695442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.108.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832341/; classtype:trojan-activity;sid:83695441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.27.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832340/; classtype:trojan-activity;sid:83695440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.6.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832339/; classtype:trojan-activity;sid:83695439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.157.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832338/; classtype:trojan-activity;sid:83695438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.226.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832337/; classtype:trojan-activity;sid:83695437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832336/; classtype:trojan-activity;sid:83695436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.61.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832335/; classtype:trojan-activity;sid:83695435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.143.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832334/; classtype:trojan-activity;sid:83695434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.148.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832333/; classtype:trojan-activity;sid:83695433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.48.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832332/; classtype:trojan-activity;sid:83695432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.83.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832331/; classtype:trojan-activity;sid:83695431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.86.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832330/; classtype:trojan-activity;sid:83695430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.15.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832329/; classtype:trojan-activity;sid:83695429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.55.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832328/; classtype:trojan-activity;sid:83695428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832327/; classtype:trojan-activity;sid:83695427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.211.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832326/; classtype:trojan-activity;sid:83695426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; depth:59; endswith; nocase; http.host; content:"mathsclass.vn"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832325/; classtype:trojan-activity;sid:83695425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"parthait.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832324/; classtype:trojan-activity;sid:83695424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"lle.uz"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832322/; classtype:trojan-activity;sid:83695422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"manuurulwaahid.sch.id"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832323/; classtype:trojan-activity;sid:83695423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"lew-hoad.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832320/; classtype:trojan-activity;sid:83695420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832321/; classtype:trojan-activity;sid:83695421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"myquickandeasy.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832311/; classtype:trojan-activity;sid:83695411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"panakalresidence.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832312/; classtype:trojan-activity;sid:83695412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"narutoanimes.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832313/; classtype:trojan-activity;sid:83695413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"new.botellaflaske.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832314/; classtype:trojan-activity;sid:83695414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"mbdashcam.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832315/; classtype:trojan-activity;sid:83695415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"lurningbuff.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832316/; classtype:trojan-activity;sid:83695416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"mixstore.com.mx"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832317/; classtype:trojan-activity;sid:83695417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"mahmoud-radwan.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832318/; classtype:trojan-activity;sid:83695418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"nyklawyer.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832319/; classtype:trojan-activity;sid:83695419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"mozkraty.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832302/; classtype:trojan-activity;sid:83695402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"nobledeals.co.ke"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832303/; classtype:trojan-activity;sid:83695403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"meletesergon.gr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832304/; classtype:trojan-activity;sid:83695404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"nickicecream.gr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832305/; classtype:trojan-activity;sid:83695405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"patriziamarazzi.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832306/; classtype:trojan-activity;sid:83695406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"mydesinger.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832307/; classtype:trojan-activity;sid:83695407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"mundo-felpa.es"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832308/; classtype:trojan-activity;sid:83695408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"lawclerksfordiversity.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832309/; classtype:trojan-activity;sid:83695409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/code/core/database/press/wp-content/plugins/share-private-fls/shared"; depth:69; endswith; nocase; http.host; content:"mining.jaguarmall.in"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832310/; classtype:trojan-activity;sid:83695410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"jms.edu.np"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832301/; classtype:trojan-activity;sid:83695401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"ponyevent.vn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832300/; classtype:trojan-activity;sid:83695400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"jasarenovasibangunrumahmalang.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832299/; classtype:trojan-activity;sid:83695399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.246.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832297/; classtype:trojan-activity;sid:83695397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"grupobudeguer.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832298/; classtype:trojan-activity;sid:83695398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"joshiwater.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832287/; classtype:trojan-activity;sid:83695387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"ladakhescapades.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832288/; classtype:trojan-activity;sid:83695388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mertmetdemo/wp-content/plugins/share-private-fls/shared"; depth:56; endswith; nocase; http.host; content:"gifdemo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832289/; classtype:trojan-activity;sid:83695389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gps_sunum/wp-content/plugins/share-private-fls/shared"; depth:54; endswith; nocase; http.host; content:"gifdemo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832290/; classtype:trojan-activity;sid:83695390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"hawaiismartshopper.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832291/; classtype:trojan-activity;sid:83695391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"ebs-company.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832292/; classtype:trojan-activity;sid:83695392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"karamelitses.gr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832293/; classtype:trojan-activity;sid:83695393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doxa_organic/wp-content/plugins/share-private-fls/shared"; depth:57; endswith; nocase; http.host; content:"goasoftwarecompany.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832294/; classtype:trojan-activity;sid:83695394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"hadjer.boutique"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832295/; classtype:trojan-activity;sid:83695395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"penjualanpommini.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832296/; classtype:trojan-activity;sid:83695396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"espaciodiseno.es"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832272/; classtype:trojan-activity;sid:83695372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"elitpuro1.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832273/; classtype:trojan-activity;sid:83695373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/himera-v1/wp-content/plugins/share-private-fls/shared"; depth:54; endswith; nocase; http.host; content:"himeraveteriner.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832274/; classtype:trojan-activity;sid:83695374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"kartsiotis.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832275/; classtype:trojan-activity;sid:83695375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"hvg.si"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832276/; classtype:trojan-activity;sid:83695376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"pavicomsa.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832277/; classtype:trojan-activity;sid:83695377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"infojobone.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832278/; classtype:trojan-activity;sid:83695378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"guidespharma.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832279/; classtype:trojan-activity;sid:83695379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"jobsportal360.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832280/; classtype:trojan-activity;sid:83695380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"gaming-gears.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832281/; classtype:trojan-activity;sid:83695381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"ivtmarkets.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832282/; classtype:trojan-activity;sid:83695382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"hakelectromechanical.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832283/; classtype:trojan-activity;sid:83695383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"equranteacher.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832284/; classtype:trojan-activity;sid:83695384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"hunarghar.org.pk"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832285/; classtype:trojan-activity;sid:83695385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vecloffy/wp-content/plugins/share-private-fls/shared"; depth:53; endswith; nocase; http.host; content:"friendswekeep.vecloffy.co.za"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832286/; classtype:trojan-activity;sid:83695386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"wisdomlawacademy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832271/; classtype:trojan-activity;sid:83695371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"ruedastock.cl"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832270/; classtype:trojan-activity;sid:83695370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"tomitakaengenharia.com.br"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832266/; classtype:trojan-activity;sid:83695366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"slot.hoki66.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832267/; classtype:trojan-activity;sid:83695367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; depth:59; endswith; nocase; http.host; content:"shredderindia.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832268/; classtype:trojan-activity;sid:83695368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"puntobar.cl"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832269/; classtype:trojan-activity;sid:83695369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed/wp-content/plugins/share-private-fls/shared"; depth:50; endswith; nocase; http.host; content:"wecancity.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832260/; classtype:trojan-activity;sid:83695360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"template.majestic-corporation.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832261/; classtype:trojan-activity;sid:83695361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"testing.vidharm.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832262/; classtype:trojan-activity;sid:83695362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"subwaymenu.uk"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832263/; classtype:trojan-activity;sid:83695363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"turkishmarinesurvey.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832264/; classtype:trojan-activity;sid:83695364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"toyssolution.cloud"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832265/; classtype:trojan-activity;sid:83695365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/account/wp-content/plugins/share-private-fls/shared"; depth:52; endswith; nocase; http.host; content:"smartoptiontrade.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832258/; classtype:trojan-activity;sid:83695358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/account/wp-content/plugins/share-private-fls/shared"; depth:52; endswith; nocase; http.host; content:"toptradingoption.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832259/; classtype:trojan-activity;sid:83695359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"ptcmbp.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832255/; classtype:trojan-activity;sid:83695355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"tirtaningnusantara.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832256/; classtype:trojan-activity;sid:83695356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.11.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832257/; classtype:trojan-activity;sid:83695357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.157.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832253/; classtype:trojan-activity;sid:83695353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"templarstore.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832254/; classtype:trojan-activity;sid:83695354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/social/wp-content/plugins/share-private-fls/shared"; depth:51; endswith; nocase; http.host; content:"vincecomfort.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832235/; classtype:trojan-activity;sid:83695335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"staging-superkulca.kinsta.cloud"; depth:31; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832236/; classtype:trojan-activity;sid:83695336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/chris-csp/wp-content/plugins/share-private-fls/shared"; depth:58; endswith; nocase; http.host; content:"themetafounders.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832237/; classtype:trojan-activity;sid:83695337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/takenew/wp-content/plugins/share-private-fls/shared"; depth:52; endswith; nocase; http.host; content:"take3llcphotobooth.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832238/; classtype:trojan-activity;sid:83695338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"tour.culturetoursja.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832239/; classtype:trojan-activity;sid:83695339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"summerlanddogtraining.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832240/; classtype:trojan-activity;sid:83695340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"streetpulsedev.wpengine.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832241/; classtype:trojan-activity;sid:83695341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"themusclemob.themetafounders.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832242/; classtype:trojan-activity;sid:83695342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"warriorstaging.wpengine.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832243/; classtype:trojan-activity;sid:83695343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"vilape.online"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832244/; classtype:trojan-activity;sid:83695344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"things101dev.wpengine.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832245/; classtype:trojan-activity;sid:83695345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"vnfreetourguides.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832246/; classtype:trojan-activity;sid:83695346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"sociallysnap.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832247/; classtype:trojan-activity;sid:83695347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"thecocopacific.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832248/; classtype:trojan-activity;sid:83695348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"portstanleycalipso.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832249/; classtype:trojan-activity;sid:83695349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"vcfiling.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832250/; classtype:trojan-activity;sid:83695350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"sanvikevents.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832251/; classtype:trojan-activity;sid:83695351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"vhs.decospaacloud.in"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832252/; classtype:trojan-activity;sid:83695352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"svango.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832233/; classtype:trojan-activity;sid:83695333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"vridhifashions.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832234/; classtype:trojan-activity;sid:83695334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.tajimateknikservis.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832232/; classtype:trojan-activity;sid:83695332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.crickrocket.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832229/; classtype:trojan-activity;sid:83695329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.bodegabudeguer.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832230/; classtype:trojan-activity;sid:83695330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.vccg.com.au"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832231/; classtype:trojan-activity;sid:83695331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"zatracon.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832227/; classtype:trojan-activity;sid:83695327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.fit4life.es"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832228/; classtype:trojan-activity;sid:83695328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"wlfw.themetafounders.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832226/; classtype:trojan-activity;sid:83695326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.qi-code.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832218/; classtype:trojan-activity;sid:83695318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"zeemark.in"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832219/; classtype:trojan-activity;sid:83695319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.wonderwritings.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832220/; classtype:trojan-activity;sid:83695320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.meilinhotels.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832221/; classtype:trojan-activity;sid:83695321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.eurotravel.com.gr"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832222/; classtype:trojan-activity;sid:83695322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.hawaiiislandmidweek.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832223/; classtype:trojan-activity;sid:83695323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"youpickcarepackages.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832224/; classtype:trojan-activity;sid:83695324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.kathatours.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832225/; classtype:trojan-activity;sid:83695325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.ferentino.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832212/; classtype:trojan-activity;sid:83695312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.valex-dz.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832213/; classtype:trojan-activity;sid:83695313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/news/wp-content/plugins/share-private-fls/shared"; depth:49; endswith; nocase; http.host; content:"www.loja.consolata.pt"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832214/; classtype:trojan-activity;sid:83695314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.topinoxsenegal.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832215/; classtype:trojan-activity;sid:83695315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tasawer/wp-content/plugins/share-private-fls/shared"; depth:52; endswith; nocase; http.host; content:"www.darkknight-media.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832216/; classtype:trojan-activity;sid:83695316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.tatuhirdavat.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832217/; classtype:trojan-activity;sid:83695317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"790wolseleymanagement.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832211/; classtype:trojan-activity;sid:83695311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"blog.multitamamedia.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832209/; classtype:trojan-activity;sid:83695309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"alsiga.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832210/; classtype:trojan-activity;sid:83695310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"zk1construction.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832207/; classtype:trojan-activity;sid:83695307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"doulosarts.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832208/; classtype:trojan-activity;sid:83695308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"onemascot.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832206/; classtype:trojan-activity;sid:83695306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; depth:59; endswith; nocase; http.host; content:"camerabaoha.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832204/; classtype:trojan-activity;sid:83695304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; depth:59; endswith; nocase; http.host; content:"donatechantroimoi.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832205/; classtype:trojan-activity;sid:83695305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"christianbookindia.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832201/; classtype:trojan-activity;sid:83695301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.223.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832202/; classtype:trojan-activity;sid:83695302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"dolasimuka.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832203/; classtype:trojan-activity;sid:83695303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"djibg.eu"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832177/; classtype:trojan-activity;sid:83695277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"bar.dosdevelopers.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832178/; classtype:trojan-activity;sid:83695278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"abd.com.tr"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832179/; classtype:trojan-activity;sid:83695279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"ariesjagnivas.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832180/; classtype:trojan-activity;sid:83695280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"aryanlogisticpune.in"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832181/; classtype:trojan-activity;sid:83695281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"cricrapid.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832182/; classtype:trojan-activity;sid:83695282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"dhlawfirm.site"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832183/; classtype:trojan-activity;sid:83695283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"compresoresdetornillo.com.pe"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832184/; classtype:trojan-activity;sid:83695284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"digitalssystems.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832185/; classtype:trojan-activity;sid:83695285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/news/wp-content/plugins/share-private-fls/shared"; depth:49; endswith; nocase; http.host; content:"www.loja.consolata.pt"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832186/; classtype:trojan-activity;sid:83695286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"www.skytechtraders.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832187/; classtype:trojan-activity;sid:83695287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"contractnerds.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832188/; classtype:trojan-activity;sid:83695288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"cytotecsolutions.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832189/; classtype:trojan-activity;sid:83695289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"aavishkaar-palampur.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832190/; classtype:trojan-activity;sid:83695290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"especial.cargasproprias.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832191/; classtype:trojan-activity;sid:83695291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"coronacreatives.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832192/; classtype:trojan-activity;sid:83695292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"deadvogados.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832193/; classtype:trojan-activity;sid:83695293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intuitionbycg/wp-content/plugins/share-private-fls/shared"; depth:58; endswith; nocase; http.host; content:"didacweb.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832194/; classtype:trojan-activity;sid:83695294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"dealerpertamini.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832195/; classtype:trojan-activity;sid:83695295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"dickypommini.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832196/; classtype:trojan-activity;sid:83695296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"99homes.co"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832197/; classtype:trojan-activity;sid:83695297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"delight.mv"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832198/; classtype:trojan-activity;sid:83695298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"dpmpommini.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832199/; classtype:trojan-activity;sid:83695299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; depth:59; endswith; nocase; http.host; content:"brikule.cz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832200/; classtype:trojan-activity;sid:83695300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"alealealpargatas.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832174/; classtype:trojan-activity;sid:83695274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"vridhifashions.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832175/; classtype:trojan-activity;sid:83695275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"abhitaak.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832176/; classtype:trojan-activity;sid:83695276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"azucania.com.ar"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832173/; classtype:trojan-activity;sid:83695273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"157.119.120.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832172/; classtype:trojan-activity;sid:83695272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-fls/shared"; depth:44; endswith; nocase; http.host; content:"dsengineer.in"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832171/; classtype:trojan-activity;sid:83695271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ceptics/wp-content/plugins/share-private-fls/shared"; depth:52; endswith; nocase; http.host; content:"161.97.170.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832170/; classtype:trojan-activity;sid:83695270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/markaworks/wp-content/plugins/share-private-fls/shared"; depth:55; endswith; nocase; http.host; content:"besparta.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832169/; classtype:trojan-activity;sid:83695269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832168/; classtype:trojan-activity;sid:83695268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.146.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832166/; classtype:trojan-activity;sid:83695266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.232.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832167/; classtype:trojan-activity;sid:83695267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.39.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832165/; classtype:trojan-activity;sid:83695265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.103.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832164/; classtype:trojan-activity;sid:83695264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.152.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832163/; classtype:trojan-activity;sid:83695263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.185.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832162/; classtype:trojan-activity;sid:83695262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.86.237.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832161/; classtype:trojan-activity;sid:83695261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.9.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832160/; classtype:trojan-activity;sid:83695260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.81.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832159/; classtype:trojan-activity;sid:83695259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.51.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832158/; classtype:trojan-activity;sid:83695258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.68.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832157/; classtype:trojan-activity;sid:83695257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.84.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832156/; classtype:trojan-activity;sid:83695256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.75.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832155/; classtype:trojan-activity;sid:83695255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostmon.exe"; depth:15; endswith; nocase; http.host; content:"dcpanel.squezz.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832154/; classtype:trojan-activity;sid:83695254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.6.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832153/; classtype:trojan-activity;sid:83695253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.203.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832152/; classtype:trojan-activity;sid:83695252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.75.74.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832151/; classtype:trojan-activity;sid:83695251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.90.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832150/; classtype:trojan-activity;sid:83695250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.15.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832149/; classtype:trojan-activity;sid:83695249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.146.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832148/; classtype:trojan-activity;sid:83695248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.193.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832147/; classtype:trojan-activity;sid:83695247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.105.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832146/; classtype:trojan-activity;sid:83695246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.84.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832145/; classtype:trojan-activity;sid:83695245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832144/; classtype:trojan-activity;sid:83695244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.122.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832143/; classtype:trojan-activity;sid:83695243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.168.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832142/; classtype:trojan-activity;sid:83695242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.52.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832141/; classtype:trojan-activity;sid:83695241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.81.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832140/; classtype:trojan-activity;sid:83695240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.179.192.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832139/; classtype:trojan-activity;sid:83695239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.131.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832138/; classtype:trojan-activity;sid:83695238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.239.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832137/; classtype:trojan-activity;sid:83695237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.225.122.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832135/; classtype:trojan-activity;sid:83695235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.151.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832136/; classtype:trojan-activity;sid:83695236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.197.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832134/; classtype:trojan-activity;sid:83695234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.58.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832133/; classtype:trojan-activity;sid:83695233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.75.74.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832132/; classtype:trojan-activity;sid:83695232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832131/; classtype:trojan-activity;sid:83695231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.28.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832130/; classtype:trojan-activity;sid:83695230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.177.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832129/; classtype:trojan-activity;sid:83695229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.243.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832128/; classtype:trojan-activity;sid:83695228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832127/; classtype:trojan-activity;sid:83695227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.52.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832126/; classtype:trojan-activity;sid:83695226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.122.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832125/; classtype:trojan-activity;sid:83695225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.225.122.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832124/; classtype:trojan-activity;sid:83695224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.221.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832123/; classtype:trojan-activity;sid:83695223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832122/; classtype:trojan-activity;sid:83695222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.238.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832121/; classtype:trojan-activity;sid:83695221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.180.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832120/; classtype:trojan-activity;sid:83695220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.123.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832119/; classtype:trojan-activity;sid:83695219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.147.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832118/; classtype:trojan-activity;sid:83695218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.58.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832117/; classtype:trojan-activity;sid:83695217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.193.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832116/; classtype:trojan-activity;sid:83695216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.221.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832115/; classtype:trojan-activity;sid:83695215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.35.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832114/; classtype:trojan-activity;sid:83695214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.180.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832113/; classtype:trojan-activity;sid:83695213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.113.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832112/; classtype:trojan-activity;sid:83695212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.78.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832111/; classtype:trojan-activity;sid:83695211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.142.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832110/; classtype:trojan-activity;sid:83695210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832109/; classtype:trojan-activity;sid:83695209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.199.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832108/; classtype:trojan-activity;sid:83695208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832107/; classtype:trojan-activity;sid:83695207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.157.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832105/; classtype:trojan-activity;sid:83695205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.231.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832106/; classtype:trojan-activity;sid:83695206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.238.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832104/; classtype:trojan-activity;sid:83695204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.102.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832103/; classtype:trojan-activity;sid:83695203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.237.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832102/; classtype:trojan-activity;sid:83695202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.229.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832101/; classtype:trojan-activity;sid:83695201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.92.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832100/; classtype:trojan-activity;sid:83695200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.205.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832099/; classtype:trojan-activity;sid:83695199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.191.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832098/; classtype:trojan-activity;sid:83695198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.147.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832097/; classtype:trojan-activity;sid:83695197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.28.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832095/; classtype:trojan-activity;sid:83695195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.238.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832096/; classtype:trojan-activity;sid:83695196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.123.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832094/; classtype:trojan-activity;sid:83695194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.7.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832093/; classtype:trojan-activity;sid:83695193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.113.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832092/; classtype:trojan-activity;sid:83695192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.247.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832091/; classtype:trojan-activity;sid:83695191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.35.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832090/; classtype:trojan-activity;sid:83695190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.221.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832089/; classtype:trojan-activity;sid:83695189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.208.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832088/; classtype:trojan-activity;sid:83695188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.218.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832087/; classtype:trojan-activity;sid:83695187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.194.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832086/; classtype:trojan-activity;sid:83695186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.35.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832084/; classtype:trojan-activity;sid:83695184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.64.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832085/; classtype:trojan-activity;sid:83695185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.243.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832082/; classtype:trojan-activity;sid:83695182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.55.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832083/; classtype:trojan-activity;sid:83695183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.191.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832081/; classtype:trojan-activity;sid:83695181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.188.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832080/; classtype:trojan-activity;sid:83695180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832079/; classtype:trojan-activity;sid:83695179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832078/; classtype:trojan-activity;sid:83695178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.39.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832077/; classtype:trojan-activity;sid:83695177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.217.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832075/; classtype:trojan-activity;sid:83695175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.95.13.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832076/; classtype:trojan-activity;sid:83695176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.178.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832074/; classtype:trojan-activity;sid:83695174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.72.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832073/; classtype:trojan-activity;sid:83695173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.224.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832072/; classtype:trojan-activity;sid:83695172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.191.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832071/; classtype:trojan-activity;sid:83695171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.251.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832070/; classtype:trojan-activity;sid:83695170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.4.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832069/; classtype:trojan-activity;sid:83695169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.243.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832068/; classtype:trojan-activity;sid:83695168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.55.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832067/; classtype:trojan-activity;sid:83695167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.217.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832066/; classtype:trojan-activity;sid:83695166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.224.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832065/; classtype:trojan-activity;sid:83695165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.242.122.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832064/; classtype:trojan-activity;sid:83695164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.93.136"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832063/; classtype:trojan-activity;sid:83695163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.181.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832062/; classtype:trojan-activity;sid:83695162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832061/; classtype:trojan-activity;sid:83695161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.31.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832060/; classtype:trojan-activity;sid:83695160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832058/; classtype:trojan-activity;sid:83695158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832059/; classtype:trojan-activity;sid:83695159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832057/; classtype:trojan-activity;sid:83695157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.224.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832056/; classtype:trojan-activity;sid:83695156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.115.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832055/; classtype:trojan-activity;sid:83695155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.234.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832054/; classtype:trojan-activity;sid:83695154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.158.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832053/; classtype:trojan-activity;sid:83695153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.249.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832052/; classtype:trojan-activity;sid:83695152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.224.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832051/; classtype:trojan-activity;sid:83695151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.167.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832050/; classtype:trojan-activity;sid:83695150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.149.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832049/; classtype:trojan-activity;sid:83695149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.181.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832048/; classtype:trojan-activity;sid:83695148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.242.122.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832047/; classtype:trojan-activity;sid:83695147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832046/; classtype:trojan-activity;sid:83695146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832045/; classtype:trojan-activity;sid:83695145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.175.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832044/; classtype:trojan-activity;sid:83695144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.61.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832043/; classtype:trojan-activity;sid:83695143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.154.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832042/; classtype:trojan-activity;sid:83695142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.70.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832041/; classtype:trojan-activity;sid:83695141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.119.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832040/; classtype:trojan-activity;sid:83695140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.60.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832039/; classtype:trojan-activity;sid:83695139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.158.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832038/; classtype:trojan-activity;sid:83695138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.145.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832037/; classtype:trojan-activity;sid:83695137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.31.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832036/; classtype:trojan-activity;sid:83695136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.167.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832035/; classtype:trojan-activity;sid:83695135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.203.177.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832034/; classtype:trojan-activity;sid:83695134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.23.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832033/; classtype:trojan-activity;sid:83695133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.187.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832032/; classtype:trojan-activity;sid:83695132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.201.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832031/; classtype:trojan-activity;sid:83695131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.48.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832030/; classtype:trojan-activity;sid:83695130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.175.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832029/; classtype:trojan-activity;sid:83695129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.16.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832028/; classtype:trojan-activity;sid:83695128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.13.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832027/; classtype:trojan-activity;sid:83695127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.213.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832025/; classtype:trojan-activity;sid:83695125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.184.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832026/; classtype:trojan-activity;sid:83695126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.50.171"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832024/; classtype:trojan-activity;sid:83695124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xmzccel54fxw"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832022/; classtype:trojan-activity;sid:83695122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.237.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832023/; classtype:trojan-activity;sid:83695123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832021/; classtype:trojan-activity;sid:83695121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.111.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832020/; classtype:trojan-activity;sid:83695120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.135.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832019/; classtype:trojan-activity;sid:83695119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.20"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832018/; classtype:trojan-activity;sid:83695118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.187.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832017/; classtype:trojan-activity;sid:83695117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.61.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832016/; classtype:trojan-activity;sid:83695116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.145.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832014/; classtype:trojan-activity;sid:83695114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.50.171"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832015/; classtype:trojan-activity;sid:83695115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.201.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832013/; classtype:trojan-activity;sid:83695113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.23.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832012/; classtype:trojan-activity;sid:83695112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.7.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832011/; classtype:trojan-activity;sid:83695111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832010/; classtype:trojan-activity;sid:83695110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.41.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832009/; classtype:trojan-activity;sid:83695109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.190.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832007/; classtype:trojan-activity;sid:83695107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.26.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832008/; classtype:trojan-activity;sid:83695108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832006/; classtype:trojan-activity;sid:83695106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.219.63.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832005/; classtype:trojan-activity;sid:83695105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.90.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832003/; classtype:trojan-activity;sid:83695103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.59.85.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832004/; classtype:trojan-activity;sid:83695104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.199.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832002/; classtype:trojan-activity;sid:83695102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.82.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832001/; classtype:trojan-activity;sid:83695101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.52.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832000/; classtype:trojan-activity;sid:83695100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.69.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831999/; classtype:trojan-activity;sid:83695099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.25.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831998/; classtype:trojan-activity;sid:83695098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.9.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831997/; classtype:trojan-activity;sid:83695097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.20"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831996/; classtype:trojan-activity;sid:83695096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.29.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831995/; classtype:trojan-activity;sid:83695095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831994/; classtype:trojan-activity;sid:83695094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.218.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831993/; classtype:trojan-activity;sid:83695093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.37.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831992/; classtype:trojan-activity;sid:83695092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.21.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831991/; classtype:trojan-activity;sid:83695091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.141.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831989/; classtype:trojan-activity;sid:83695089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.252.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831990/; classtype:trojan-activity;sid:83695090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.7.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831987/; classtype:trojan-activity;sid:83695087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.185.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831988/; classtype:trojan-activity;sid:83695088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.221.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831986/; classtype:trojan-activity;sid:83695086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.126.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831985/; classtype:trojan-activity;sid:83695085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831984/; classtype:trojan-activity;sid:83695084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.111.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831983/; classtype:trojan-activity;sid:83695083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.190.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831982/; classtype:trojan-activity;sid:83695082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.25.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831981/; classtype:trojan-activity;sid:83695081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.84.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831980/; classtype:trojan-activity;sid:83695080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831979/; classtype:trojan-activity;sid:83695079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.8.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831977/; classtype:trojan-activity;sid:83695077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.254.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831978/; classtype:trojan-activity;sid:83695078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.27.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831976/; classtype:trojan-activity;sid:83695076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.111.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831975/; classtype:trojan-activity;sid:83695075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.214.3.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831974/; classtype:trojan-activity;sid:83695074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.185.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831973/; classtype:trojan-activity;sid:83695073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.136.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831972/; classtype:trojan-activity;sid:83695072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.26.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831971/; classtype:trojan-activity;sid:83695071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.126.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831970/; classtype:trojan-activity;sid:83695070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831968/; classtype:trojan-activity;sid:83695068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.221.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831969/; classtype:trojan-activity;sid:83695069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.75.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831967/; classtype:trojan-activity;sid:83695067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.170.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831966/; classtype:trojan-activity;sid:83695066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.14.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831965/; classtype:trojan-activity;sid:83695065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.92.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831964/; classtype:trojan-activity;sid:83695064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.59.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831963/; classtype:trojan-activity;sid:83695063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831962/; classtype:trojan-activity;sid:83695062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.30.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831961/; classtype:trojan-activity;sid:83695061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.8.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831960/; classtype:trojan-activity;sid:83695060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.75.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831959/; classtype:trojan-activity;sid:83695059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.9.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831958/; classtype:trojan-activity;sid:83695058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.59.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831957/; classtype:trojan-activity;sid:83695057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.178.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831956/; classtype:trojan-activity;sid:83695056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.181.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831955/; classtype:trojan-activity;sid:83695055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.106.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831953/; classtype:trojan-activity;sid:83695053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.191.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831954/; classtype:trojan-activity;sid:83695054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.225.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831952/; classtype:trojan-activity;sid:83695052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.92.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831951/; classtype:trojan-activity;sid:83695051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.170.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831950/; classtype:trojan-activity;sid:83695050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.75.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831949/; classtype:trojan-activity;sid:83695049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.92.82.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831948/; classtype:trojan-activity;sid:83695048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.14.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831947/; classtype:trojan-activity;sid:83695047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.30.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831946/; classtype:trojan-activity;sid:83695046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831945/; classtype:trojan-activity;sid:83695045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.59.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831944/; classtype:trojan-activity;sid:83695044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.221.58.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831943/; classtype:trojan-activity;sid:83695043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.225.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831942/; classtype:trojan-activity;sid:83695042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831941/; classtype:trojan-activity;sid:83695041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.181.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831940/; classtype:trojan-activity;sid:83695040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831939/; classtype:trojan-activity;sid:83695039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.42.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831938/; classtype:trojan-activity;sid:83695038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831937/; classtype:trojan-activity;sid:83695037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.37.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831936/; classtype:trojan-activity;sid:83695036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.131.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831935/; classtype:trojan-activity;sid:83695035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.192.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831933/; classtype:trojan-activity;sid:83695033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.106.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831934/; classtype:trojan-activity;sid:83695034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.59.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831932/; classtype:trojan-activity;sid:83695032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.215.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831930/; classtype:trojan-activity;sid:83695030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831931/; classtype:trojan-activity;sid:83695031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.66.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831929/; classtype:trojan-activity;sid:83695029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.45.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831928/; classtype:trojan-activity;sid:83695028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.56.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831927/; classtype:trojan-activity;sid:83695027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.42.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831926/; classtype:trojan-activity;sid:83695026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xrzikuwcyozy"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831925/; classtype:trojan-activity;sid:83695025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.86.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831924/; classtype:trojan-activity;sid:83695024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.172.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831922/; classtype:trojan-activity;sid:83695022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.250.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831923/; classtype:trojan-activity;sid:83695023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.206.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831921/; classtype:trojan-activity;sid:83695021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.88.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831920/; classtype:trojan-activity;sid:83695020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.192.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831919/; classtype:trojan-activity;sid:83695019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.56.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831917/; classtype:trojan-activity;sid:83695017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831918/; classtype:trojan-activity;sid:83695018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831916/; classtype:trojan-activity;sid:83695016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.43.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831915/; classtype:trojan-activity;sid:83695015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.56.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831914/; classtype:trojan-activity;sid:83695014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.93.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831912/; classtype:trojan-activity;sid:83695012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.186.40.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831913/; classtype:trojan-activity;sid:83695013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.40.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831911/; classtype:trojan-activity;sid:83695011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.111.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831910/; classtype:trojan-activity;sid:83695010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.206.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831908/; classtype:trojan-activity;sid:83695008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.248.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831909/; classtype:trojan-activity;sid:83695009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.214.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831907/; classtype:trojan-activity;sid:83695007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.103.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831906/; classtype:trojan-activity;sid:83695006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.221.58.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831904/; classtype:trojan-activity;sid:83695004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.90.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831905/; classtype:trojan-activity;sid:83695005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831903/; classtype:trojan-activity;sid:83695003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.202.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831902/; classtype:trojan-activity;sid:83695002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.156.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831901/; classtype:trojan-activity;sid:83695001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.210.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831900/; classtype:trojan-activity;sid:83695000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.230.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831899/; classtype:trojan-activity;sid:83694999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.71.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831898/; classtype:trojan-activity;sid:83694998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.77.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831897/; classtype:trojan-activity;sid:83694997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669109419|3f|hash=jkpo6xknggloev5w3rmyvyipbkbz4iqzfc2nqtv2wsw|7c|26|7c|dl=z0cbj6cbwdg5wajzxjczzirvaqbpjzspnaeuizzfcp0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831896/; classtype:trojan-activity;sid:83694996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.170.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831895/; classtype:trojan-activity;sid:83694995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.248.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831894/; classtype:trojan-activity;sid:83694994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831893/; classtype:trojan-activity;sid:83694993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.126.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831892/; classtype:trojan-activity;sid:83694992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.163.249.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831891/; classtype:trojan-activity;sid:83694991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.227.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831889/; classtype:trojan-activity;sid:83694989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831890/; classtype:trojan-activity;sid:83694990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bim.msi"; depth:8; endswith; nocase; http.host; content:"185.219.220.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831888/; classtype:trojan-activity;sid:83694988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/case-419310.appspot.com/o/czczc1lrbt%2fdocument_b48_15w635167-5740247h6548-3238a9.js|3f|alt=media|7c|26|7c|token=f0362973-0cf1-48c9-ae4c-8745ccf5e867"; depth:155; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831887/; classtype:trojan-activity;sid:83694987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.206.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831886/; classtype:trojan-activity;sid:83694986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/security_check/"; depth:16; endswith; nocase; http.host; content:"dimozti1.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831885/; classtype:trojan-activity;sid:83694985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831884/; classtype:trojan-activity;sid:83694984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.214.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831883/; classtype:trojan-activity;sid:83694983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831882/; classtype:trojan-activity;sid:83694982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.237.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831881/; classtype:trojan-activity;sid:83694981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.73.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831880/; classtype:trojan-activity;sid:83694980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.90.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831879/; classtype:trojan-activity;sid:83694979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.191.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831877/; classtype:trojan-activity;sid:83694977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.77.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831878/; classtype:trojan-activity;sid:83694978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831876/; classtype:trojan-activity;sid:83694976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831875/; classtype:trojan-activity;sid:83694975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.108.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831874/; classtype:trojan-activity;sid:83694974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.99.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831871/; classtype:trojan-activity;sid:83694971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.254.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831872/; classtype:trojan-activity;sid:83694972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.238.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831873/; classtype:trojan-activity;sid:83694973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.71.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831870/; classtype:trojan-activity;sid:83694970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831869/; classtype:trojan-activity;sid:83694969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.223.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831868/; classtype:trojan-activity;sid:83694968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.78.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831867/; classtype:trojan-activity;sid:83694967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.7.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831866/; classtype:trojan-activity;sid:83694966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.57.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831865/; classtype:trojan-activity;sid:83694965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831864/; classtype:trojan-activity;sid:83694964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.246.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831863/; classtype:trojan-activity;sid:83694963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.197.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831862/; classtype:trojan-activity;sid:83694962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.90.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831861/; classtype:trojan-activity;sid:83694961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/logo6.jpg"; depth:14; endswith; nocase; http.host; content:"public-ftp.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831860/; classtype:trojan-activity;sid:83694960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.73.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831859/; classtype:trojan-activity;sid:83694959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831857/; classtype:trojan-activity;sid:83694957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.57.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831858/; classtype:trojan-activity;sid:83694958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.223.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831856/; classtype:trojan-activity;sid:83694956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xd6wlcrxanep"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831855/; classtype:trojan-activity;sid:83694955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831854/; classtype:trojan-activity;sid:83694954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.130.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831853/; classtype:trojan-activity;sid:83694953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.95.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831852/; classtype:trojan-activity;sid:83694952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.230.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831851/; classtype:trojan-activity;sid:83694951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.21.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831850/; classtype:trojan-activity;sid:83694950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.78.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831849/; classtype:trojan-activity;sid:83694949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.37.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831848/; classtype:trojan-activity;sid:83694948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.135.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831847/; classtype:trojan-activity;sid:83694947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.55.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831846/; classtype:trojan-activity;sid:83694946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831845/; classtype:trojan-activity;sid:83694945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.23.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831844/; classtype:trojan-activity;sid:83694944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.13.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831843/; classtype:trojan-activity;sid:83694943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.24.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831842/; classtype:trojan-activity;sid:83694942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.57.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831841/; classtype:trojan-activity;sid:83694941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.21.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831839/; classtype:trojan-activity;sid:83694939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831840/; classtype:trojan-activity;sid:83694940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.52.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831838/; classtype:trojan-activity;sid:83694938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.69.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831836/; classtype:trojan-activity;sid:83694936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.21.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831837/; classtype:trojan-activity;sid:83694937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.116.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831835/; classtype:trojan-activity;sid:83694935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.37.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831834/; classtype:trojan-activity;sid:83694934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669113456|3f|hash=6yrwjw1heh3fdlwimzipwes3t1dk7vemcaw6wy6bn98|7c|26|7c|dl=coo8elmzqzej3ikrsoh3pizceq2ixszxa0dh1c3z72x|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831833/; classtype:trojan-activity;sid:83694933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.45.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831832/; classtype:trojan-activity;sid:83694932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.121.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831831/; classtype:trojan-activity;sid:83694931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.69.4.196"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831830/; classtype:trojan-activity;sid:83694930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.30.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831829/; classtype:trojan-activity;sid:83694929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.24.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831828/; classtype:trojan-activity;sid:83694928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.21.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831827/; classtype:trojan-activity;sid:83694927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.243.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831826/; classtype:trojan-activity;sid:83694926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.189.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831825/; classtype:trojan-activity;sid:83694925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.136.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831824/; classtype:trojan-activity;sid:83694924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.69.158.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831823/; classtype:trojan-activity;sid:83694923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831822/; classtype:trojan-activity;sid:83694922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.69.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831821/; classtype:trojan-activity;sid:83694921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.164.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831820/; classtype:trojan-activity;sid:83694920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.220.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831819/; classtype:trojan-activity;sid:83694919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831818/; classtype:trojan-activity;sid:83694918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.47.193.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831817/; classtype:trojan-activity;sid:83694917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.45.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831816/; classtype:trojan-activity;sid:83694916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.193.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831815/; classtype:trojan-activity;sid:83694915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.11.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831814/; classtype:trojan-activity;sid:83694914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.111.43.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831813/; classtype:trojan-activity;sid:83694913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.121.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831812/; classtype:trojan-activity;sid:83694912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.135.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831811/; classtype:trojan-activity;sid:83694911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.94.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831810/; classtype:trojan-activity;sid:83694910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.183.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831809/; classtype:trojan-activity;sid:83694909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.64.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831808/; classtype:trojan-activity;sid:83694908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.167.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831807/; classtype:trojan-activity;sid:83694907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.189.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831806/; classtype:trojan-activity;sid:83694906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.202.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831804/; classtype:trojan-activity;sid:83694904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831805/; classtype:trojan-activity;sid:83694905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.220.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831803/; classtype:trojan-activity;sid:83694903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.238.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831802/; classtype:trojan-activity;sid:83694902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831801/; classtype:trojan-activity;sid:83694901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.176.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831800/; classtype:trojan-activity;sid:83694900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.50.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831799/; classtype:trojan-activity;sid:83694899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831798/; classtype:trojan-activity;sid:83694898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.58.212.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831797/; classtype:trojan-activity;sid:83694897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831795/; classtype:trojan-activity;sid:83694895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.26.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831796/; classtype:trojan-activity;sid:83694896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.136.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831794/; classtype:trojan-activity;sid:83694894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.135.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831793/; classtype:trojan-activity;sid:83694893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.11.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831792/; classtype:trojan-activity;sid:83694892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831789/; classtype:trojan-activity;sid:83694889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831790/; classtype:trojan-activity;sid:83694890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831791/; classtype:trojan-activity;sid:83694891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831787/; classtype:trojan-activity;sid:83694887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831788/; classtype:trojan-activity;sid:83694888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831780/; classtype:trojan-activity;sid:83694880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831781/; classtype:trojan-activity;sid:83694881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831782/; classtype:trojan-activity;sid:83694882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831783/; classtype:trojan-activity;sid:83694883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831784/; classtype:trojan-activity;sid:83694884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831785/; classtype:trojan-activity;sid:83694885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831786/; classtype:trojan-activity;sid:83694886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831775/; classtype:trojan-activity;sid:83694875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831776/; classtype:trojan-activity;sid:83694876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831777/; classtype:trojan-activity;sid:83694877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831778/; classtype:trojan-activity;sid:83694878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831779/; classtype:trojan-activity;sid:83694879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831772/; classtype:trojan-activity;sid:83694872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831773/; classtype:trojan-activity;sid:83694873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"cecilio.pro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831774/; classtype:trojan-activity;sid:83694874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831769/; classtype:trojan-activity;sid:83694869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86_64"; depth:13; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831770/; classtype:trojan-activity;sid:83694870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mips"; depth:11; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831771/; classtype:trojan-activity;sid:83694871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831765/; classtype:trojan-activity;sid:83694865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831766/; classtype:trojan-activity;sid:83694866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm6"; depth:11; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831767/; classtype:trojan-activity;sid:83694867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86"; depth:10; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831768/; classtype:trojan-activity;sid:83694868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm5"; depth:11; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831764/; classtype:trojan-activity;sid:83694864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mpsl"; depth:11; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831761/; classtype:trojan-activity;sid:83694861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831762/; classtype:trojan-activity;sid:83694862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm"; depth:10; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831763/; classtype:trojan-activity;sid:83694863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.spc"; depth:10; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831757/; classtype:trojan-activity;sid:83694857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.ppc"; depth:10; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831758/; classtype:trojan-activity;sid:83694858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu.sh"; depth:8; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831759/; classtype:trojan-activity;sid:83694859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.m68k"; depth:11; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831760/; classtype:trojan-activity;sid:83694860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm7"; depth:11; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831755/; classtype:trojan-activity;sid:83694855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.sh4"; depth:10; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831756/; classtype:trojan-activity;sid:83694856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb2.sh"; depth:8; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831752/; classtype:trojan-activity;sid:83694852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb3.sh"; depth:8; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831753/; classtype:trojan-activity;sid:83694853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb1.sh"; depth:8; endswith; nocase; http.host; content:"mirai-nro.space"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831754/; classtype:trojan-activity;sid:83694854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.112.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831750/; classtype:trojan-activity;sid:83694850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.68.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831751/; classtype:trojan-activity;sid:83694851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.34.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831749/; classtype:trojan-activity;sid:83694849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.202.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831748/; classtype:trojan-activity;sid:83694848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.176.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831747/; classtype:trojan-activity;sid:83694847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831746/; classtype:trojan-activity;sid:83694846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831741/; classtype:trojan-activity;sid:83694841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831742/; classtype:trojan-activity;sid:83694842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831743/; classtype:trojan-activity;sid:83694843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831744/; classtype:trojan-activity;sid:83694844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831745/; classtype:trojan-activity;sid:83694845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831737/; classtype:trojan-activity;sid:83694837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i586"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831738/; classtype:trojan-activity;sid:83694838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831739/; classtype:trojan-activity;sid:83694839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831740/; classtype:trojan-activity;sid:83694840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831731/; classtype:trojan-activity;sid:83694831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831732/; classtype:trojan-activity;sid:83694832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831733/; classtype:trojan-activity;sid:83694833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831734/; classtype:trojan-activity;sid:83694834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831735/; classtype:trojan-activity;sid:83694835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831736/; classtype:trojan-activity;sid:83694836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kowai.mips"; depth:16; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831727/; classtype:trojan-activity;sid:83694827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831728/; classtype:trojan-activity;sid:83694828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831729/; classtype:trojan-activity;sid:83694829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm4"; depth:53; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831730/; classtype:trojan-activity;sid:83694830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831725/; classtype:trojan-activity;sid:83694825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831726/; classtype:trojan-activity;sid:83694826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831724/; classtype:trojan-activity;sid:83694824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831723/; classtype:trojan-activity;sid:83694823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.26.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831722/; classtype:trojan-activity;sid:83694822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mips"; depth:20; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831697/; classtype:trojan-activity;sid:83694797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.sh4"; depth:19; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831698/; classtype:trojan-activity;sid:83694798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.spc"; depth:19; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831699/; classtype:trojan-activity;sid:83694799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.spc"; depth:19; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831700/; classtype:trojan-activity;sid:83694800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.sh4"; depth:19; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831701/; classtype:trojan-activity;sid:83694801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.m68k"; depth:20; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831702/; classtype:trojan-activity;sid:83694802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mips"; depth:20; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831703/; classtype:trojan-activity;sid:83694803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.m68k"; depth:20; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831704/; classtype:trojan-activity;sid:83694804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.ppc"; depth:19; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831705/; classtype:trojan-activity;sid:83694805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86_64"; depth:22; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831706/; classtype:trojan-activity;sid:83694806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.i686"; depth:20; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831707/; classtype:trojan-activity;sid:83694807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.dbg"; depth:19; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831708/; classtype:trojan-activity;sid:83694808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86"; depth:19; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831709/; classtype:trojan-activity;sid:83694809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm7"; depth:20; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831710/; classtype:trojan-activity;sid:83694810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm6"; depth:20; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831711/; classtype:trojan-activity;sid:83694811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm7"; depth:20; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831712/; classtype:trojan-activity;sid:83694812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.i686"; depth:20; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831713/; classtype:trojan-activity;sid:83694813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm5"; depth:20; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831714/; classtype:trojan-activity;sid:83694814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86"; depth:19; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831715/; classtype:trojan-activity;sid:83694815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mpsl"; depth:20; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831716/; classtype:trojan-activity;sid:83694816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mpsl"; depth:20; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831717/; classtype:trojan-activity;sid:83694817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86_64"; depth:22; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831718/; classtype:trojan-activity;sid:83694818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.ppc"; depth:19; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831719/; classtype:trojan-activity;sid:83694819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.dbg"; depth:19; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831720/; classtype:trojan-activity;sid:83694820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm4"; depth:20; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831721/; classtype:trojan-activity;sid:83694821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.58.212.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831696/; classtype:trojan-activity;sid:83694796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.119.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831695/; classtype:trojan-activity;sid:83694795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm4"; depth:20; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831692/; classtype:trojan-activity;sid:83694792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm5"; depth:20; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831693/; classtype:trojan-activity;sid:83694793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm6"; depth:20; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831694/; classtype:trojan-activity;sid:83694794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831687/; classtype:trojan-activity;sid:83694787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831688/; classtype:trojan-activity;sid:83694788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831689/; classtype:trojan-activity;sid:83694789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831690/; classtype:trojan-activity;sid:83694790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831691/; classtype:trojan-activity;sid:83694791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.177.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831686/; classtype:trojan-activity;sid:83694786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.ppc"; depth:19; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831660/; classtype:trojan-activity;sid:83694760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86_64"; depth:22; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831661/; classtype:trojan-activity;sid:83694761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831662/; classtype:trojan-activity;sid:83694762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831663/; classtype:trojan-activity;sid:83694763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831664/; classtype:trojan-activity;sid:83694764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831665/; classtype:trojan-activity;sid:83694765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831666/; classtype:trojan-activity;sid:83694766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mpsl"; depth:20; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831667/; classtype:trojan-activity;sid:83694767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.i686"; depth:20; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831668/; classtype:trojan-activity;sid:83694768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.sh4"; depth:19; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831669/; classtype:trojan-activity;sid:83694769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.spc"; depth:9; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831670/; classtype:trojan-activity;sid:83694770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831671/; classtype:trojan-activity;sid:83694771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831672/; classtype:trojan-activity;sid:83694772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831673/; classtype:trojan-activity;sid:83694773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mips"; depth:20; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831674/; classtype:trojan-activity;sid:83694774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm5"; depth:20; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831675/; classtype:trojan-activity;sid:83694775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm7"; depth:20; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831676/; classtype:trojan-activity;sid:83694776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831677/; classtype:trojan-activity;sid:83694777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm6"; depth:20; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831678/; classtype:trojan-activity;sid:83694778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm4"; depth:20; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831679/; classtype:trojan-activity;sid:83694779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831680/; classtype:trojan-activity;sid:83694780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.dbg"; depth:19; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831681/; classtype:trojan-activity;sid:83694781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.m68k"; depth:20; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831682/; classtype:trojan-activity;sid:83694782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86"; depth:19; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831683/; classtype:trojan-activity;sid:83694783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.spc"; depth:19; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831684/; classtype:trojan-activity;sid:83694784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831685/; classtype:trojan-activity;sid:83694785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.96.150.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831659/; classtype:trojan-activity;sid:83694759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.149.165.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831658/; classtype:trojan-activity;sid:83694758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.28.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831657/; classtype:trojan-activity;sid:83694757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.133.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831656/; classtype:trojan-activity;sid:83694756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.94.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831655/; classtype:trojan-activity;sid:83694755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.41.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831654/; classtype:trojan-activity;sid:83694754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.149.165.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831653/; classtype:trojan-activity;sid:83694753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669111129|3f|hash=iwzokqelmv3ogyzmeekrk1bzticbrpuhi5t5eocklv8|7c|26|7c|dl=ztafjhth6rhq8ra5lngbsyppgf1zltgdtitszv4nmb8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831652/; classtype:trojan-activity;sid:83694752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831651/; classtype:trojan-activity;sid:83694751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831644/; classtype:trojan-activity;sid:83694744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831645/; classtype:trojan-activity;sid:83694745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831646/; classtype:trojan-activity;sid:83694746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831647/; classtype:trojan-activity;sid:83694747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831648/; classtype:trojan-activity;sid:83694748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831649/; classtype:trojan-activity;sid:83694749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831650/; classtype:trojan-activity;sid:83694750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831642/; classtype:trojan-activity;sid:83694742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86_64"; depth:22; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831643/; classtype:trojan-activity;sid:83694743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831639/; classtype:trojan-activity;sid:83694739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831640/; classtype:trojan-activity;sid:83694740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831641/; classtype:trojan-activity;sid:83694741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831636/; classtype:trojan-activity;sid:83694736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.spc"; depth:9; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831637/; classtype:trojan-activity;sid:83694737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831638/; classtype:trojan-activity;sid:83694738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/photo.scr"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831635/; classtype:trojan-activity;sid:83694735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm5"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831629/; classtype:trojan-activity;sid:83694729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.dbg"; depth:19; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831630/; classtype:trojan-activity;sid:83694730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.i686"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831631/; classtype:trojan-activity;sid:83694731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mips"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831632/; classtype:trojan-activity;sid:83694732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm7"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831633/; classtype:trojan-activity;sid:83694733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86"; depth:19; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831634/; classtype:trojan-activity;sid:83694734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm4"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831628/; classtype:trojan-activity;sid:83694728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm6"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831627/; classtype:trojan-activity;sid:83694727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.m68k"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831622/; classtype:trojan-activity;sid:83694722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.ppc"; depth:19; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831623/; classtype:trojan-activity;sid:83694723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mpsl"; depth:20; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831624/; classtype:trojan-activity;sid:83694724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.spc"; depth:19; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831625/; classtype:trojan-activity;sid:83694725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.sh4"; depth:19; endswith; nocase; http.host; content:"raw.mezo-api.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831626/; classtype:trojan-activity;sid:83694726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.60.4.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831621/; classtype:trojan-activity;sid:83694721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831620/; classtype:trojan-activity;sid:83694720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.61.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831618/; classtype:trojan-activity;sid:83694718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.232.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831619/; classtype:trojan-activity;sid:83694719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831614/; classtype:trojan-activity;sid:83694714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831615/; classtype:trojan-activity;sid:83694715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831616/; classtype:trojan-activity;sid:83694716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831617/; classtype:trojan-activity;sid:83694717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.189.245.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831612/; classtype:trojan-activity;sid:83694712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831613/; classtype:trojan-activity;sid:83694713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831608/; classtype:trojan-activity;sid:83694708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831609/; classtype:trojan-activity;sid:83694709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831610/; classtype:trojan-activity;sid:83694710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831611/; classtype:trojan-activity;sid:83694711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831605/; classtype:trojan-activity;sid:83694705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831606/; classtype:trojan-activity;sid:83694706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.spc"; depth:9; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831607/; classtype:trojan-activity;sid:83694707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831604/; classtype:trojan-activity;sid:83694704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mipsel"; depth:12; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831603/; classtype:trojan-activity;sid:83694703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/photo.scr"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831602/; classtype:trojan-activity;sid:83694702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm4"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831597/; classtype:trojan-activity;sid:83694697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.dbg"; depth:19; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831598/; classtype:trojan-activity;sid:83694698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm7"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831599/; classtype:trojan-activity;sid:83694699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mips"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831600/; classtype:trojan-activity;sid:83694700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.i686"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831601/; classtype:trojan-activity;sid:83694701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.spc"; depth:19; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831595/; classtype:trojan-activity;sid:83694695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.ppc"; depth:19; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831596/; classtype:trojan-activity;sid:83694696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86_64"; depth:22; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831590/; classtype:trojan-activity;sid:83694690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm5"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831591/; classtype:trojan-activity;sid:83694691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.mpsl"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831592/; classtype:trojan-activity;sid:83694692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.x86"; depth:19; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831593/; classtype:trojan-activity;sid:83694693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.m68k"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831594/; classtype:trojan-activity;sid:83694694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/av.scr"; depth:17; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831587/; classtype:trojan-activity;sid:83694687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.arm6"; depth:20; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831588/; classtype:trojan-activity;sid:83694688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/aqua.sh4"; depth:19; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831589/; classtype:trojan-activity;sid:83694689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.177.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831586/; classtype:trojan-activity;sid:83694686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.215.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831585/; classtype:trojan-activity;sid:83694685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.96.150.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831584/; classtype:trojan-activity;sid:83694684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.5.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831583/; classtype:trojan-activity;sid:83694683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831582/; classtype:trojan-activity;sid:83694682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.75.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831581/; classtype:trojan-activity;sid:83694681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.30.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831580/; classtype:trojan-activity;sid:83694680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.173.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831577/; classtype:trojan-activity;sid:83694677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831578/; classtype:trojan-activity;sid:83694678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.99.253.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831579/; classtype:trojan-activity;sid:83694679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831576/; classtype:trojan-activity;sid:83694676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831575/; classtype:trojan-activity;sid:83694675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.79.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831574/; classtype:trojan-activity;sid:83694674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.25.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831573/; classtype:trojan-activity;sid:83694673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.246.15.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831572/; classtype:trojan-activity;sid:83694672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.5.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831571/; classtype:trojan-activity;sid:83694671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.215.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831570/; classtype:trojan-activity;sid:83694670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.248.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831569/; classtype:trojan-activity;sid:83694669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831568/; classtype:trojan-activity;sid:83694668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.107.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831566/; classtype:trojan-activity;sid:83694666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.138.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831567/; classtype:trojan-activity;sid:83694667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.35.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831565/; classtype:trojan-activity;sid:83694665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.242.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831564/; classtype:trojan-activity;sid:83694664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.117.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831563/; classtype:trojan-activity;sid:83694663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.184.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831562/; classtype:trojan-activity;sid:83694662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.224.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831561/; classtype:trojan-activity;sid:83694661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.210.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831560/; classtype:trojan-activity;sid:83694660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.0.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831559/; classtype:trojan-activity;sid:83694659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.248.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831558/; classtype:trojan-activity;sid:83694658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.107.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831557/; classtype:trojan-activity;sid:83694657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"45.13.227.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831556/; classtype:trojan-activity;sid:83694656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.189.21.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831555/; classtype:trojan-activity;sid:83694655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.248.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831554/; classtype:trojan-activity;sid:83694654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831553/; classtype:trojan-activity;sid:83694653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.60.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831552/; classtype:trojan-activity;sid:83694652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.40.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831551/; classtype:trojan-activity;sid:83694651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.116.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831550/; classtype:trojan-activity;sid:83694650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.171.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831549/; classtype:trojan-activity;sid:83694649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.152.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831548/; classtype:trojan-activity;sid:83694648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.254.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831547/; classtype:trojan-activity;sid:83694647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.180.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831546/; classtype:trojan-activity;sid:83694646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831545/; classtype:trojan-activity;sid:83694645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831544/; classtype:trojan-activity;sid:83694644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.149.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831543/; classtype:trojan-activity;sid:83694643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.108.11.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831542/; classtype:trojan-activity;sid:83694642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.198.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831541/; classtype:trojan-activity;sid:83694641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.36.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831540/; classtype:trojan-activity;sid:83694640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.56.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831539/; classtype:trojan-activity;sid:83694639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.167.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831538/; classtype:trojan-activity;sid:83694638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.210.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831537/; classtype:trojan-activity;sid:83694637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.121.147.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831536/; classtype:trojan-activity;sid:83694636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831535/; classtype:trojan-activity;sid:83694635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.238.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831534/; classtype:trojan-activity;sid:83694634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.189.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831533/; classtype:trojan-activity;sid:83694633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.114.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831531/; classtype:trojan-activity;sid:83694631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.30.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831532/; classtype:trojan-activity;sid:83694632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.35.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831530/; classtype:trojan-activity;sid:83694630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.171.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831529/; classtype:trojan-activity;sid:83694629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.254.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831528/; classtype:trojan-activity;sid:83694628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.211.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831527/; classtype:trojan-activity;sid:83694627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831526/; classtype:trojan-activity;sid:83694626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.215.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831525/; classtype:trojan-activity;sid:83694625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.49.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831524/; classtype:trojan-activity;sid:83694624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.56.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831523/; classtype:trojan-activity;sid:83694623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.131.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831522/; classtype:trojan-activity;sid:83694622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.189.103.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831521/; classtype:trojan-activity;sid:83694621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.202.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831520/; classtype:trojan-activity;sid:83694620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.36.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831519/; classtype:trojan-activity;sid:83694619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.99.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831518/; classtype:trojan-activity;sid:83694618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.93.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831517/; classtype:trojan-activity;sid:83694617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.78.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831516/; classtype:trojan-activity;sid:83694616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.75.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831515/; classtype:trojan-activity;sid:83694615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.104.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831514/; classtype:trojan-activity;sid:83694614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.242.106.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831513/; classtype:trojan-activity;sid:83694613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.167.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831512/; classtype:trojan-activity;sid:83694612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.221.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831511/; classtype:trojan-activity;sid:83694611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.189.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831510/; classtype:trojan-activity;sid:83694610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.112.206.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831509/; classtype:trojan-activity;sid:83694609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.227.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831508/; classtype:trojan-activity;sid:83694608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.49.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831507/; classtype:trojan-activity;sid:83694607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.192.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831505/; classtype:trojan-activity;sid:83694605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.211.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831506/; classtype:trojan-activity;sid:83694606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831504/; classtype:trojan-activity;sid:83694604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shk"; depth:4; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831503/; classtype:trojan-activity;sid:83694603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.146.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831502/; classtype:trojan-activity;sid:83694602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.72.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831501/; classtype:trojan-activity;sid:83694601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.208.47.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831500/; classtype:trojan-activity;sid:83694600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.4.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831499/; classtype:trojan-activity;sid:83694599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831498/; classtype:trojan-activity;sid:83694598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.16.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831496/; classtype:trojan-activity;sid:83694596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.227.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831497/; classtype:trojan-activity;sid:83694597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831495/; classtype:trojan-activity;sid:83694595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.221.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831494/; classtype:trojan-activity;sid:83694594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.112.206.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831493/; classtype:trojan-activity;sid:83694593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.180.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831492/; classtype:trojan-activity;sid:83694592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.216.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831491/; classtype:trojan-activity;sid:83694591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.6.7.24"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831490/; classtype:trojan-activity;sid:83694590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.34.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831489/; classtype:trojan-activity;sid:83694589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.72.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831488/; classtype:trojan-activity;sid:83694588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.208.47.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831487/; classtype:trojan-activity;sid:83694587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.166.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831486/; classtype:trojan-activity;sid:83694586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.15.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831485/; classtype:trojan-activity;sid:83694585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.221.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831483/; classtype:trojan-activity;sid:83694583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.243.130.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831484/; classtype:trojan-activity;sid:83694584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.192.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831482/; classtype:trojan-activity;sid:83694582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831481/; classtype:trojan-activity;sid:83694581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.39.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831480/; classtype:trojan-activity;sid:83694580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831479/; classtype:trojan-activity;sid:83694579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831478/; classtype:trojan-activity;sid:83694578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.166.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831477/; classtype:trojan-activity;sid:83694577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.203.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831475/; classtype:trojan-activity;sid:83694575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.216.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831476/; classtype:trojan-activity;sid:83694576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbb.exe"; depth:8; endswith; nocase; http.host; content:"193.233.132.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831474/; classtype:trojan-activity;sid:83694574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.78.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831473/; classtype:trojan-activity;sid:83694573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.14.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831472/; classtype:trojan-activity;sid:83694572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831471/; classtype:trojan-activity;sid:83694571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb.exe"; depth:7; endswith; nocase; http.host; content:"193.233.132.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831470/; classtype:trojan-activity;sid:83694570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.187.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831469/; classtype:trojan-activity;sid:83694569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831468/; classtype:trojan-activity;sid:83694568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.121.60.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831467/; classtype:trojan-activity;sid:83694567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.221.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831466/; classtype:trojan-activity;sid:83694566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.243.130.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831465/; classtype:trojan-activity;sid:83694565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831464/; classtype:trojan-activity;sid:83694564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.14.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831463/; classtype:trojan-activity;sid:83694563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.127.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831462/; classtype:trojan-activity;sid:83694562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.194.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831460/; classtype:trojan-activity;sid:83694560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.188.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831461/; classtype:trojan-activity;sid:83694561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x6iiksiqnqad"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831458/; classtype:trojan-activity;sid:83694558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xbh758amflgx"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831459/; classtype:trojan-activity;sid:83694559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.240.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831457/; classtype:trojan-activity;sid:83694557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.58.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831456/; classtype:trojan-activity;sid:83694556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.111.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831454/; classtype:trojan-activity;sid:83694554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669104839|3f|hash=eesrhseuf42n62mluf7fzan6l0h3eeofznd3waolyyk|7c|26|7c|dl=sxbzzrtwzlpqnwyjzbjzrtebomdc9b26pfydeoh9pvl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831455/; classtype:trojan-activity;sid:83694555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831453/; classtype:trojan-activity;sid:83694553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.74.59.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831452/; classtype:trojan-activity;sid:83694552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.127.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831451/; classtype:trojan-activity;sid:83694551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831448/; classtype:trojan-activity;sid:83694548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831449/; classtype:trojan-activity;sid:83694549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831450/; classtype:trojan-activity;sid:83694550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831446/; classtype:trojan-activity;sid:83694546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831447/; classtype:trojan-activity;sid:83694547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831440/; classtype:trojan-activity;sid:83694540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831441/; classtype:trojan-activity;sid:83694541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831442/; classtype:trojan-activity;sid:83694542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831443/; classtype:trojan-activity;sid:83694543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831444/; classtype:trojan-activity;sid:83694544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"150.95.109.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831445/; classtype:trojan-activity;sid:83694545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.157.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831439/; classtype:trojan-activity;sid:83694539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.9.245.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831438/; classtype:trojan-activity;sid:83694538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.69.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831437/; classtype:trojan-activity;sid:83694537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//fyx.sh"; depth:8; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831436/; classtype:trojan-activity;sid:83694536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.184.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831435/; classtype:trojan-activity;sid:83694535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.221.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831434/; classtype:trojan-activity;sid:83694534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc1.sh"; depth:8; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831433/; classtype:trojan-activity;sid:83694533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc2.sh"; depth:8; endswith; nocase; http.host; content:"qngxgw.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831430/; classtype:trojan-activity;sid:83694530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc3.sh"; depth:8; endswith; nocase; http.host; content:"qngxgw.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831431/; classtype:trojan-activity;sid:83694531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc1.sh"; depth:8; endswith; nocase; http.host; content:"qngxgw.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831432/; classtype:trojan-activity;sid:83694532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831429/; classtype:trojan-activity;sid:83694529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.212.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831428/; classtype:trojan-activity;sid:83694528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.126.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831427/; classtype:trojan-activity;sid:83694527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.192.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831426/; classtype:trojan-activity;sid:83694526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.157.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831425/; classtype:trojan-activity;sid:83694525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbbb.exe"; depth:9; endswith; nocase; http.host; content:"193.233.132.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831424/; classtype:trojan-activity;sid:83694524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.97.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831423/; classtype:trojan-activity;sid:83694523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.69.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831422/; classtype:trojan-activity;sid:83694522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.119.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831421/; classtype:trojan-activity;sid:83694521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.184.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831420/; classtype:trojan-activity;sid:83694520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.243.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831419/; classtype:trojan-activity;sid:83694519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.4.177"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831418/; classtype:trojan-activity;sid:83694518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669101732|3f|hash=pdz75eqj0nlbz9t1tgdgh55oa4aiyh6tnf6iw8dufw8|7c|26|7c|dl=26vnytcxrh7unaytuebbr25tjz8rfllook8xriacg6c|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831417/; classtype:trojan-activity;sid:83694517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.159.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831416/; classtype:trojan-activity;sid:83694516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.221.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831415/; classtype:trojan-activity;sid:83694515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.252.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831413/; classtype:trojan-activity;sid:83694513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.248.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831414/; classtype:trojan-activity;sid:83694514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.112.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831412/; classtype:trojan-activity;sid:83694512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831411/; classtype:trojan-activity;sid:83694511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.48.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831409/; classtype:trojan-activity;sid:83694509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.34.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831410/; classtype:trojan-activity;sid:83694510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.214.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831408/; classtype:trojan-activity;sid:83694508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.170.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831407/; classtype:trojan-activity;sid:83694507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upd/index.php"; depth:14; endswith; nocase; http.host; content:"pofix.red"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831406/; classtype:trojan-activity;sid:83694506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.37.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831404/; classtype:trojan-activity;sid:83694504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.103.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831405/; classtype:trojan-activity;sid:83694505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.166.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831403/; classtype:trojan-activity;sid:83694503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.238.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831402/; classtype:trojan-activity;sid:83694502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.205.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831400/; classtype:trojan-activity;sid:83694500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.112.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831401/; classtype:trojan-activity;sid:83694501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.59.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831399/; classtype:trojan-activity;sid:83694499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sh"; depth:14; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831397/; classtype:trojan-activity;sid:83694497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.4.177"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831398/; classtype:trojan-activity;sid:83694498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xog18phqgoqk"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831396/; classtype:trojan-activity;sid:83694496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.48.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831395/; classtype:trojan-activity;sid:83694495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.49.36.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831394/; classtype:trojan-activity;sid:83694494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.168.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831393/; classtype:trojan-activity;sid:83694493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.161.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831392/; classtype:trojan-activity;sid:83694492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.35.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831391/; classtype:trojan-activity;sid:83694491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.168.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831390/; classtype:trojan-activity;sid:83694490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.86.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831389/; classtype:trojan-activity;sid:83694489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.45.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831388/; classtype:trojan-activity;sid:83694488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.195.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831387/; classtype:trojan-activity;sid:83694487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831386/; classtype:trojan-activity;sid:83694486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.59.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831385/; classtype:trojan-activity;sid:83694485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.168.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831384/; classtype:trojan-activity;sid:83694484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.122.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831383/; classtype:trojan-activity;sid:83694483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.35.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831382/; classtype:trojan-activity;sid:83694482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.216.111.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831380/; classtype:trojan-activity;sid:83694480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.54.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831381/; classtype:trojan-activity;sid:83694481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.4.177"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831379/; classtype:trojan-activity;sid:83694479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.45.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831378/; classtype:trojan-activity;sid:83694478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831377/; classtype:trojan-activity;sid:83694477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.221.221.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831376/; classtype:trojan-activity;sid:83694476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.86.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831375/; classtype:trojan-activity;sid:83694475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.224.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831374/; classtype:trojan-activity;sid:83694474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.173.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831373/; classtype:trojan-activity;sid:83694473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.206.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831372/; classtype:trojan-activity;sid:83694472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mips"; depth:16; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831371/; classtype:trojan-activity;sid:83694471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sparc"; depth:17; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831363/; classtype:trojan-activity;sid:83694463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mpsl"; depth:16; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831364/; classtype:trojan-activity;sid:83694464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm4"; depth:16; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831365/; classtype:trojan-activity;sid:83694465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm7"; depth:16; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831366/; classtype:trojan-activity;sid:83694466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm6"; depth:16; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831367/; classtype:trojan-activity;sid:83694467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm5"; depth:16; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831368/; classtype:trojan-activity;sid:83694468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.x86"; depth:15; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831369/; classtype:trojan-activity;sid:83694469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.ppc"; depth:15; endswith; nocase; http.host; content:"5.42.100.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831370/; classtype:trojan-activity;sid:83694470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"198.46.129.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831362/; classtype:trojan-activity;sid:83694462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co"; depth:3; endswith; nocase; http.host; content:"185.38.142.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831359/; classtype:trojan-activity;sid:83694459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm61"; depth:6; endswith; nocase; http.host; content:"185.38.142.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831360/; classtype:trojan-activity;sid:83694460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mips"; depth:12; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831361/; classtype:trojan-activity;sid:83694461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.m68k"; depth:12; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831354/; classtype:trojan-activity;sid:83694454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dss"; depth:4; endswith; nocase; http.host; content:"185.38.142.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831355/; classtype:trojan-activity;sid:83694455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/586"; depth:4; endswith; nocase; http.host; content:"185.38.142.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831356/; classtype:trojan-activity;sid:83694456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mipsel"; depth:14; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831357/; classtype:trojan-activity;sid:83694457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc"; depth:3; endswith; nocase; http.host; content:"185.38.142.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831358/; classtype:trojan-activity;sid:83694458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4t"; depth:14; endswith; nocase; http.host; content:"185.38.142.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831348/; classtype:trojan-activity;sid:83694448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm6"; depth:12; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831349/; classtype:trojan-activity;sid:83694449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sparc"; depth:13; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831350/; classtype:trojan-activity;sid:83694450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm5"; depth:12; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831351/; classtype:trojan-activity;sid:83694451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sh4"; depth:11; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831352/; classtype:trojan-activity;sid:83694452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.powerpc"; depth:15; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831353/; classtype:trojan-activity;sid:83694453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"185.38.142.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831347/; classtype:trojan-activity;sid:83694447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.10.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831346/; classtype:trojan-activity;sid:83694446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.233.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831345/; classtype:trojan-activity;sid:83694445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.52.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831344/; classtype:trojan-activity;sid:83694444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.16.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831343/; classtype:trojan-activity;sid:83694443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831342/; classtype:trojan-activity;sid:83694442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.224.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831341/; classtype:trojan-activity;sid:83694441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.70.91.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831340/; classtype:trojan-activity;sid:83694440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831339/; classtype:trojan-activity;sid:83694439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831338/; classtype:trojan-activity;sid:83694438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.86.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831337/; classtype:trojan-activity;sid:83694437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.42.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831336/; classtype:trojan-activity;sid:83694436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.32.86.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831335/; classtype:trojan-activity;sid:83694435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.38.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831333/; classtype:trojan-activity;sid:83694433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.36.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831334/; classtype:trojan-activity;sid:83694434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.131.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831332/; classtype:trojan-activity;sid:83694432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.28.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831331/; classtype:trojan-activity;sid:83694431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"159.196.124.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831330/; classtype:trojan-activity;sid:83694430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.108.219.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831329/; classtype:trojan-activity;sid:83694429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831328/; classtype:trojan-activity;sid:83694428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.88.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831326/; classtype:trojan-activity;sid:83694426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.122.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831327/; classtype:trojan-activity;sid:83694427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.130.189.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831325/; classtype:trojan-activity;sid:83694425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.173.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831324/; classtype:trojan-activity;sid:83694424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.206.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831323/; classtype:trojan-activity;sid:83694423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831322/; classtype:trojan-activity;sid:83694422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.134.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831321/; classtype:trojan-activity;sid:83694421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.93.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831320/; classtype:trojan-activity;sid:83694420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.26.16"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831319/; classtype:trojan-activity;sid:83694419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.61.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831316/; classtype:trojan-activity;sid:83694416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831317/; classtype:trojan-activity;sid:83694417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.92.82.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831318/; classtype:trojan-activity;sid:83694418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.16.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831315/; classtype:trojan-activity;sid:83694415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.52.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831314/; classtype:trojan-activity;sid:83694414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.12.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831313/; classtype:trojan-activity;sid:83694413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.63.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831312/; classtype:trojan-activity;sid:83694412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.86.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831311/; classtype:trojan-activity;sid:83694411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.140.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831310/; classtype:trojan-activity;sid:83694410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831309/; classtype:trojan-activity;sid:83694409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.206.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831308/; classtype:trojan-activity;sid:83694408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.242.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831307/; classtype:trojan-activity;sid:83694407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831306/; classtype:trojan-activity;sid:83694406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.70.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831305/; classtype:trojan-activity;sid:83694405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.198.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831304/; classtype:trojan-activity;sid:83694404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831303/; classtype:trojan-activity;sid:83694403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.140.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831302/; classtype:trojan-activity;sid:83694402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.118.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831301/; classtype:trojan-activity;sid:83694401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.197.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831300/; classtype:trojan-activity;sid:83694400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831299/; classtype:trojan-activity;sid:83694399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vape-v4/pap46e1ukz.exe"; depth:23; endswith; nocase; http.host; content:"scan-echo.online"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831298/; classtype:trojan-activity;sid:83694398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.242.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831297/; classtype:trojan-activity;sid:83694397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.241.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831296/; classtype:trojan-activity;sid:83694396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.49.167.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831295/; classtype:trojan-activity;sid:83694395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc.exe"; depth:7; endswith; nocase; http.host; content:"121.40.131.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831294/; classtype:trojan-activity;sid:83694394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.35.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831292/; classtype:trojan-activity;sid:83694392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.247.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831293/; classtype:trojan-activity;sid:83694393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.34.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831291/; classtype:trojan-activity;sid:83694391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.244.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831286/; classtype:trojan-activity;sid:83694386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.84.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831287/; classtype:trojan-activity;sid:83694387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831288/; classtype:trojan-activity;sid:83694388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.222.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831289/; classtype:trojan-activity;sid:83694389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.232.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831290/; classtype:trojan-activity;sid:83694390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"156.245.13.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831285/; classtype:trojan-activity;sid:83694385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/read1y.apk"; depth:11; endswith; nocase; http.host; content:"156.245.13.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831284/; classtype:trojan-activity;sid:83694384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/read1y.apk"; depth:11; endswith; nocase; http.host; content:"156.245.13.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831283/; classtype:trojan-activity;sid:83694383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/read1y.apk"; depth:11; endswith; nocase; http.host; content:"156.245.13.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831282/; classtype:trojan-activity;sid:83694382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"156.245.13.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831281/; classtype:trojan-activity;sid:83694381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"156.245.13.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831280/; classtype:trojan-activity;sid:83694380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831279/; classtype:trojan-activity;sid:83694379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.241.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831278/; classtype:trojan-activity;sid:83694378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8443nobeacon"; depth:13; endswith; nocase; http.host; content:"156.245.13.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831277/; classtype:trojan-activity;sid:83694377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8443nobeacon"; depth:13; endswith; nocase; http.host; content:"156.245.13.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831274/; classtype:trojan-activity;sid:83694374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8443nobeacon"; depth:13; endswith; nocase; http.host; content:"156.245.13.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831275/; classtype:trojan-activity;sid:83694375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8443beacon"; depth:11; endswith; nocase; http.host; content:"156.245.13.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831276/; classtype:trojan-activity;sid:83694376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windowsvirus.exe"; depth:17; endswith; nocase; http.host; content:"156.245.13.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831273/; classtype:trojan-activity;sid:83694373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windowsvirus.exe"; depth:17; endswith; nocase; http.host; content:"156.245.13.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831272/; classtype:trojan-activity;sid:83694372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windowsvirus.exe"; depth:17; endswith; nocase; http.host; content:"156.245.13.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831271/; classtype:trojan-activity;sid:83694371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8443beacon"; depth:11; endswith; nocase; http.host; content:"156.245.13.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831269/; classtype:trojan-activity;sid:83694369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8443beacon"; depth:11; endswith; nocase; http.host; content:"156.245.13.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831270/; classtype:trojan-activity;sid:83694370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/replacepara.exe"; depth:16; endswith; nocase; http.host; content:"156.245.13.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831268/; classtype:trojan-activity;sid:83694368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/replacepara.exe"; depth:16; endswith; nocase; http.host; content:"156.245.13.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831267/; classtype:trojan-activity;sid:83694367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/replacepara.exe"; depth:16; endswith; nocase; http.host; content:"156.245.13.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831266/; classtype:trojan-activity;sid:83694366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.222.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831265/; classtype:trojan-activity;sid:83694365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.235.45.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831264/; classtype:trojan-activity;sid:83694364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.81.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831263/; classtype:trojan-activity;sid:83694363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.36.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831262/; classtype:trojan-activity;sid:83694362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/310/eng.txt"; depth:12; endswith; nocase; http.host; content:"172.245.33.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831261/; classtype:trojan-activity;sid:83694361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/320/pnh/wintheheartofgirlwithagreatachievementhappeninginourlifewithcutehappinesshappenedinsideofourhearttounderstand__sheismylovertogetherback.doc"; depth:148; endswith; nocase; http.host; content:"172.245.33.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831260/; classtype:trojan-activity;sid:83694360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.197.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831259/; classtype:trojan-activity;sid:83694359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831258/; classtype:trojan-activity;sid:83694358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1712750455.elf"; depth:15; endswith; nocase; http.host; content:"123.56.214.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831257/; classtype:trojan-activity;sid:83694357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.244.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831256/; classtype:trojan-activity;sid:83694356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sophos_kill.zip"; depth:16; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831255/; classtype:trojan-activity;sid:83694355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/procexp64.exe"; depth:14; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831254/; classtype:trojan-activity;sid:83694354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.180.164.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831250/; classtype:trojan-activity;sid:83694350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telemetrybridge32.exe"; depth:22; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831251/; classtype:trojan-activity;sid:83694351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.39.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831252/; classtype:trojan-activity;sid:83694352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharphound.exe"; depth:15; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831253/; classtype:trojan-activity;sid:83694353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atspcleannew.ps1"; depth:17; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831249/; classtype:trojan-activity;sid:83694349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdp.exe"; depth:8; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831248/; classtype:trojan-activity;sid:83694348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lazagne.exe"; depth:12; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831247/; classtype:trojan-activity;sid:83694347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpe_all.exe"; depth:12; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831246/; classtype:trojan-activity;sid:83694346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2503.msi"; depth:9; endswith; nocase; http.host; content:"91.215.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831245/; classtype:trojan-activity;sid:83694345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.84.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831244/; classtype:trojan-activity;sid:83694344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utils/cmd.war"; depth:14; endswith; nocase; http.host; content:"193.3.19.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831243/; classtype:trojan-activity;sid:83694343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.142.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831242/; classtype:trojan-activity;sid:83694342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.241.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831241/; classtype:trojan-activity;sid:83694341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.132.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831240/; classtype:trojan-activity;sid:83694340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.31.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831239/; classtype:trojan-activity;sid:83694339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.36.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831238/; classtype:trojan-activity;sid:83694338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831237/; classtype:trojan-activity;sid:83694337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.150.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831236/; classtype:trojan-activity;sid:83694336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831235/; classtype:trojan-activity;sid:83694335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.217.46.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831234/; classtype:trojan-activity;sid:83694334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831233/; classtype:trojan-activity;sid:83694333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.101.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831232/; classtype:trojan-activity;sid:83694332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.169.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831231/; classtype:trojan-activity;sid:83694331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.48.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831229/; classtype:trojan-activity;sid:83694329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/images/iss.exe"; depth:22; endswith; nocase; http.host; content:"ssh44.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831230/; classtype:trojan-activity;sid:83694330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.142.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831228/; classtype:trojan-activity;sid:83694328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.229.205.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831227/; classtype:trojan-activity;sid:83694327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.86.237.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831226/; classtype:trojan-activity;sid:83694326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.248.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831225/; classtype:trojan-activity;sid:83694325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831224/; classtype:trojan-activity;sid:83694324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.254.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831223/; classtype:trojan-activity;sid:83694323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.52.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831222/; classtype:trojan-activity;sid:83694322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.60.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831221/; classtype:trojan-activity;sid:83694321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.217.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831220/; classtype:trojan-activity;sid:83694320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.48.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831218/; classtype:trojan-activity;sid:83694318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.33.249.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831219/; classtype:trojan-activity;sid:83694319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.246.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831217/; classtype:trojan-activity;sid:83694317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.248.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831216/; classtype:trojan-activity;sid:83694316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86_64"; depth:12; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831212/; classtype:trojan-activity;sid:83694312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm7"; depth:10; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831213/; classtype:trojan-activity;sid:83694313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mips"; depth:10; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831214/; classtype:trojan-activity;sid:83694314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86"; depth:9; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831215/; classtype:trojan-activity;sid:83694315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm5"; depth:10; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831209/; classtype:trojan-activity;sid:83694309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm6"; depth:10; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831210/; classtype:trojan-activity;sid:83694310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm"; depth:9; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831211/; classtype:trojan-activity;sid:83694311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.m68k"; depth:10; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831205/; classtype:trojan-activity;sid:83694305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.sh4"; depth:9; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831206/; classtype:trojan-activity;sid:83694306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.spc"; depth:9; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831207/; classtype:trojan-activity;sid:83694307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.ppc"; depth:9; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831208/; classtype:trojan-activity;sid:83694308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mpsl"; depth:10; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831204/; classtype:trojan-activity;sid:83694304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831202/; classtype:trojan-activity;sid:83694302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"legendsworld.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831203/; classtype:trojan-activity;sid:83694303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831201/; classtype:trojan-activity;sid:83694301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831200/; classtype:trojan-activity;sid:83694300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.65.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831199/; classtype:trojan-activity;sid:83694299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.196.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831197/; classtype:trojan-activity;sid:83694297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.43.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831198/; classtype:trojan-activity;sid:83694298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.29.29.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831196/; classtype:trojan-activity;sid:83694296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.37.206.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831195/; classtype:trojan-activity;sid:83694295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.ppc"; depth:16; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831188/; classtype:trojan-activity;sid:83694288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.mpsl"; depth:17; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831189/; classtype:trojan-activity;sid:83694289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.arm5"; depth:17; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831190/; classtype:trojan-activity;sid:83694290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.sh4"; depth:16; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831191/; classtype:trojan-activity;sid:83694291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.spc"; depth:16; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831192/; classtype:trojan-activity;sid:83694292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.arm7"; depth:17; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831193/; classtype:trojan-activity;sid:83694293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.52.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831194/; classtype:trojan-activity;sid:83694294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.arm6"; depth:17; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831185/; classtype:trojan-activity;sid:83694285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.mips"; depth:17; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831186/; classtype:trojan-activity;sid:83694286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.arm"; depth:16; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831187/; classtype:trojan-activity;sid:83694287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831184/; classtype:trojan-activity;sid:83694284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir.sh"; depth:9; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831180/; classtype:trojan-activity;sid:83694280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831181/; classtype:trojan-activity;sid:83694281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"74.208.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831182/; classtype:trojan-activity;sid:83694282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.182.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831183/; classtype:trojan-activity;sid:83694283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.211.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831179/; classtype:trojan-activity;sid:83694279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/go.sh"; depth:6; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831178/; classtype:trojan-activity;sid:83694278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.26.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831172/; classtype:trojan-activity;sid:83694272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.x86"; depth:11; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831173/; classtype:trojan-activity;sid:83694273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.ppc"; depth:11; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831174/; classtype:trojan-activity;sid:83694274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.arm7"; depth:12; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831175/; classtype:trojan-activity;sid:83694275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.arm4"; depth:12; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831176/; classtype:trojan-activity;sid:83694276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.arm5"; depth:12; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831177/; classtype:trojan-activity;sid:83694277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.mpsl"; depth:12; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831170/; classtype:trojan-activity;sid:83694270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sparc"; depth:13; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831171/; classtype:trojan-activity;sid:83694271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831167/; classtype:trojan-activity;sid:83694267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.mips"; depth:12; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831168/; classtype:trojan-activity;sid:83694268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.arm6"; depth:12; endswith; nocase; http.host; content:"46.226.160.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831169/; classtype:trojan-activity;sid:83694269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.242.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831166/; classtype:trojan-activity;sid:83694266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.246.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831165/; classtype:trojan-activity;sid:83694265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.82.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831164/; classtype:trojan-activity;sid:83694264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.26.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831163/; classtype:trojan-activity;sid:83694263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.182.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831162/; classtype:trojan-activity;sid:83694262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.29.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831161/; classtype:trojan-activity;sid:83694261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm6"; depth:7; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831154/; classtype:trojan-activity;sid:83694254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86_64"; depth:9; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831155/; classtype:trojan-activity;sid:83694255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831156/; classtype:trojan-activity;sid:83694256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sspc"; depth:6; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831157/; classtype:trojan-activity;sid:83694257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smpsl"; depth:7; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831158/; classtype:trojan-activity;sid:83694258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sm68k"; depth:7; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831159/; classtype:trojan-activity;sid:83694259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smips"; depth:7; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831160/; classtype:trojan-activity;sid:83694260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831148/; classtype:trojan-activity;sid:83694248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm5"; depth:7; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831149/; classtype:trojan-activity;sid:83694249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831150/; classtype:trojan-activity;sid:83694250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831151/; classtype:trojan-activity;sid:83694251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831152/; classtype:trojan-activity;sid:83694252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86"; depth:6; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831153/; classtype:trojan-activity;sid:83694253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm4"; depth:7; endswith; nocase; http.host; content:"31.42.186.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831147/; classtype:trojan-activity;sid:83694247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.182.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831146/; classtype:trojan-activity;sid:83694246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831145/; classtype:trojan-activity;sid:83694245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.43.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831144/; classtype:trojan-activity;sid:83694244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831143/; classtype:trojan-activity;sid:83694243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.74.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831142/; classtype:trojan-activity;sid:83694242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.59.197.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831141/; classtype:trojan-activity;sid:83694241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.211.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831139/; classtype:trojan-activity;sid:83694239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831138/; classtype:trojan-activity;sid:83694238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831132/; classtype:trojan-activity;sid:83694232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831133/; classtype:trojan-activity;sid:83694233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831134/; classtype:trojan-activity;sid:83694234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831135/; classtype:trojan-activity;sid:83694235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831136/; classtype:trojan-activity;sid:83694236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831137/; classtype:trojan-activity;sid:83694237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831131/; classtype:trojan-activity;sid:83694231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831127/; classtype:trojan-activity;sid:83694227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831128/; classtype:trojan-activity;sid:83694228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831129/; classtype:trojan-activity;sid:83694229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831130/; classtype:trojan-activity;sid:83694230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831125/; classtype:trojan-activity;sid:83694225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"164.90.158.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831126/; classtype:trojan-activity;sid:83694226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.235.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831124/; classtype:trojan-activity;sid:83694224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.14.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831123/; classtype:trojan-activity;sid:83694223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.95.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831122/; classtype:trojan-activity;sid:83694222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.55.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831120/; classtype:trojan-activity;sid:83694220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.182.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831121/; classtype:trojan-activity;sid:83694221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.25.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831119/; classtype:trojan-activity;sid:83694219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.21.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831118/; classtype:trojan-activity;sid:83694218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.214.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831117/; classtype:trojan-activity;sid:83694217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.16.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831116/; classtype:trojan-activity;sid:83694216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.59.197.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831113/; classtype:trojan-activity;sid:83694213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.67.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831112/; classtype:trojan-activity;sid:83694212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.14.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831110/; classtype:trojan-activity;sid:83694210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.28.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831109/; classtype:trojan-activity;sid:83694209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.48.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831107/; classtype:trojan-activity;sid:83694207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.214.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831106/; classtype:trojan-activity;sid:83694206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v3tutorial.mp4"; depth:15; endswith; nocase; http.host; content:"91.92.249.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831105/; classtype:trojan-activity;sid:83694205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.7.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831104/; classtype:trojan-activity;sid:83694204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.20.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831103/; classtype:trojan-activity;sid:83694203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/playkit.mp4"; depth:12; endswith; nocase; http.host; content:"91.92.249.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831101/; classtype:trojan-activity;sid:83694201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teaser.mp4"; depth:11; endswith; nocase; http.host; content:"91.92.249.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831102/; classtype:trojan-activity;sid:83694202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tutorial.mp4"; depth:13; endswith; nocase; http.host; content:"91.92.249.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831100/; classtype:trojan-activity;sid:83694200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.235.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831098/; classtype:trojan-activity;sid:83694198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831097/; classtype:trojan-activity;sid:83694197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.182.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831096/; classtype:trojan-activity;sid:83694196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.16.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831094/; classtype:trojan-activity;sid:83694194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.172.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831093/; classtype:trojan-activity;sid:83694193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831092/; classtype:trojan-activity;sid:83694192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.75.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831091/; classtype:trojan-activity;sid:83694191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.20.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831090/; classtype:trojan-activity;sid:83694190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.48.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831089/; classtype:trojan-activity;sid:83694189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831088/; classtype:trojan-activity;sid:83694188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831087/; classtype:trojan-activity;sid:83694187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.113.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831086/; classtype:trojan-activity;sid:83694186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.43.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831085/; classtype:trojan-activity;sid:83694185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.253.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831083/; classtype:trojan-activity;sid:83694183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.2.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831084/; classtype:trojan-activity;sid:83694184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.61.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831082/; classtype:trojan-activity;sid:83694182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.20.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831081/; classtype:trojan-activity;sid:83694181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831080/; classtype:trojan-activity;sid:83694180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.ppc"; depth:17; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831078/; classtype:trojan-activity;sid:83694178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831079/; classtype:trojan-activity;sid:83694179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831077/; classtype:trojan-activity;sid:83694177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.mips"; depth:18; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831074/; classtype:trojan-activity;sid:83694174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.arm"; depth:17; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831075/; classtype:trojan-activity;sid:83694175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.x86"; depth:17; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831076/; classtype:trojan-activity;sid:83694176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.m68k"; depth:18; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831068/; classtype:trojan-activity;sid:83694168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.mpsl"; depth:18; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831069/; classtype:trojan-activity;sid:83694169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.sh4"; depth:17; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831070/; classtype:trojan-activity;sid:83694170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.arm6"; depth:18; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831071/; classtype:trojan-activity;sid:83694171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.arm5"; depth:18; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831072/; classtype:trojan-activity;sid:83694172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/predator.spc"; depth:17; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831073/; classtype:trojan-activity;sid:83694173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.79.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831067/; classtype:trojan-activity;sid:83694167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831065/; classtype:trojan-activity;sid:83694165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i6"; depth:3; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831066/; classtype:trojan-activity;sid:83694166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831055/; classtype:trojan-activity;sid:83694155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831056/; classtype:trojan-activity;sid:83694156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i5"; depth:3; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831057/; classtype:trojan-activity;sid:83694157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831058/; classtype:trojan-activity;sid:83694158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831059/; classtype:trojan-activity;sid:83694159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831060/; classtype:trojan-activity;sid:83694160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831061/; classtype:trojan-activity;sid:83694161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831062/; classtype:trojan-activity;sid:83694162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831063/; classtype:trojan-activity;sid:83694163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831064/; classtype:trojan-activity;sid:83694164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.138.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831054/; classtype:trojan-activity;sid:83694154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831053/; classtype:trojan-activity;sid:83694153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.173.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831052/; classtype:trojan-activity;sid:83694152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831051/; classtype:trojan-activity;sid:83694151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.25.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831050/; classtype:trojan-activity;sid:83694150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.53.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831049/; classtype:trojan-activity;sid:83694149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.204.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831047/; classtype:trojan-activity;sid:83694147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.21.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831048/; classtype:trojan-activity;sid:83694148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r-m-6.sakura"; depth:15; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831046/; classtype:trojan-activity;sid:83694146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831045/; classtype:trojan-activity;sid:83694145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"179.43.190.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831044/; classtype:trojan-activity;sid:83694144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.5.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831043/; classtype:trojan-activity;sid:83694143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.20.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831042/; classtype:trojan-activity;sid:83694142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.201.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831041/; classtype:trojan-activity;sid:83694141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scdsshfk"; depth:9; endswith; nocase; http.host; content:"hfs.t1linux.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831040/; classtype:trojan-activity;sid:83694140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.75.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831039/; classtype:trojan-activity;sid:83694139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.201.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831038/; classtype:trojan-activity;sid:83694138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.222.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831037/; classtype:trojan-activity;sid:83694137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.0.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831036/; classtype:trojan-activity;sid:83694136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.101.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831035/; classtype:trojan-activity;sid:83694135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831034/; classtype:trojan-activity;sid:83694134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.28.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831033/; classtype:trojan-activity;sid:83694133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831032/; classtype:trojan-activity;sid:83694132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831031/; classtype:trojan-activity;sid:83694131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.94.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831030/; classtype:trojan-activity;sid:83694130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.160.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831029/; classtype:trojan-activity;sid:83694129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831028/; classtype:trojan-activity;sid:83694128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.0.228"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831027/; classtype:trojan-activity;sid:83694127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831026/; classtype:trojan-activity;sid:83694126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831025/; classtype:trojan-activity;sid:83694125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831019/; classtype:trojan-activity;sid:83694119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831020/; classtype:trojan-activity;sid:83694120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831021/; classtype:trojan-activity;sid:83694121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831022/; classtype:trojan-activity;sid:83694122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831023/; classtype:trojan-activity;sid:83694123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831024/; classtype:trojan-activity;sid:83694124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"38.45.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831018/; classtype:trojan-activity;sid:83694118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831015/; classtype:trojan-activity;sid:83694115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831016/; classtype:trojan-activity;sid:83694116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831017/; classtype:trojan-activity;sid:83694117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831013/; classtype:trojan-activity;sid:83694113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831014/; classtype:trojan-activity;sid:83694114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831012/; classtype:trojan-activity;sid:83694112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831007/; classtype:trojan-activity;sid:83694107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831008/; classtype:trojan-activity;sid:83694108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831009/; classtype:trojan-activity;sid:83694109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831010/; classtype:trojan-activity;sid:83694110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831011/; classtype:trojan-activity;sid:83694111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831006/; classtype:trojan-activity;sid:83694106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830997/; classtype:trojan-activity;sid:83694097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830998/; classtype:trojan-activity;sid:83694098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830999/; classtype:trojan-activity;sid:83694099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831000/; classtype:trojan-activity;sid:83694100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831001/; classtype:trojan-activity;sid:83694101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831002/; classtype:trojan-activity;sid:83694102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831003/; classtype:trojan-activity;sid:83694103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831004/; classtype:trojan-activity;sid:83694104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"cecilio.network"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831005/; classtype:trojan-activity;sid:83694105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.135.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830996/; classtype:trojan-activity;sid:83694096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.37.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830995/; classtype:trojan-activity;sid:83694095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sh"; depth:14; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830994/; classtype:trojan-activity;sid:83694094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.215.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830993/; classtype:trojan-activity;sid:83694093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.180.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830992/; classtype:trojan-activity;sid:83694092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830991/; classtype:trojan-activity;sid:83694091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.11.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830990/; classtype:trojan-activity;sid:83694090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.133.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830989/; classtype:trojan-activity;sid:83694089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.135.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830988/; classtype:trojan-activity;sid:83694088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//f"; depth:3; endswith; nocase; http.host; content:"84.54.51.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830987/; classtype:trojan-activity;sid:83694087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.141.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830986/; classtype:trojan-activity;sid:83694086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.160.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830985/; classtype:trojan-activity;sid:83694085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.94.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830984/; classtype:trojan-activity;sid:83694084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830983/; classtype:trojan-activity;sid:83694083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830982/; classtype:trojan-activity;sid:83694082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830981/; classtype:trojan-activity;sid:83694081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830980/; classtype:trojan-activity;sid:83694080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830979/; classtype:trojan-activity;sid:83694079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830978/; classtype:trojan-activity;sid:83694078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830977/; classtype:trojan-activity;sid:83694077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830976/; classtype:trojan-activity;sid:83694076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/neverlose_free.zip"; depth:24; endswith; nocase; http.host; content:"myfile.neverlose.pl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830975/; classtype:trojan-activity;sid:83694075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830974/; classtype:trojan-activity;sid:83694074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830972/; classtype:trojan-activity;sid:83694072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830973/; classtype:trojan-activity;sid:83694073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830971/; classtype:trojan-activity;sid:83694071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830966/; classtype:trojan-activity;sid:83694066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830967/; classtype:trojan-activity;sid:83694067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830968/; classtype:trojan-activity;sid:83694068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"103.14.226.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830970/; classtype:trojan-activity;sid:83694070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwnload/cheat.php|3f|kiddionsmodmenu"; depth:37; endswith; nocase; http.host; content:"hrwejtrgrsdfg.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830965/; classtype:trojan-activity;sid:83694065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server4/v4_file_x86_x64.rar"; depth:28; endswith; nocase; http.host; content:"marvelesol.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830964/; classtype:trojan-activity;sid:83694064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830960/; classtype:trojan-activity;sid:83694060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inj"; depth:4; endswith; nocase; http.host; content:"77.221.149.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830961/; classtype:trojan-activity;sid:83694061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8420e83ceb95f3af/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.172.128.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830962/; classtype:trojan-activity;sid:83694062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7d0cfdb1d966bdd/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830959/; classtype:trojan-activity;sid:83694059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7d0cfdb1d966bdd/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.172.128.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830958/; classtype:trojan-activity;sid:83694058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7d0cfdb1d966bdd/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830954/; classtype:trojan-activity;sid:83694054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delta-io/delta/files/15016110/delta.zip"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7d0cfdb1d966bdd/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830956/; classtype:trojan-activity;sid:83694056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7d0cfdb1d966bdd/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830957/; classtype:trojan-activity;sid:83694057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7d0cfdb1d966bdd/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830952/; classtype:trojan-activity;sid:83694052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7d0cfdb1d966bdd/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.172.128.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830953/; classtype:trojan-activity;sid:83694053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830941/; classtype:trojan-activity;sid:83694041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8420e83ceb95f3af/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830942/; classtype:trojan-activity;sid:83694042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8420e83ceb95f3af/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830943/; classtype:trojan-activity;sid:83694043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830944/; classtype:trojan-activity;sid:83694044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830945/; classtype:trojan-activity;sid:83694045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830946/; classtype:trojan-activity;sid:83694046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830947/; classtype:trojan-activity;sid:83694047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8420e83ceb95f3af/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830948/; classtype:trojan-activity;sid:83694048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830949/; classtype:trojan-activity;sid:83694049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8420e83ceb95f3af/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830950/; classtype:trojan-activity;sid:83694050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830951/; classtype:trojan-activity;sid:83694051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8420e83ceb95f3af/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830940/; classtype:trojan-activity;sid:83694040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8420e83ceb95f3af/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.172.128.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830939/; classtype:trojan-activity;sid:83694039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.79.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830938/; classtype:trojan-activity;sid:83694038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.133.47.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830930/; classtype:trojan-activity;sid:83694030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.193.120.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830927/; classtype:trojan-activity;sid:83694027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.52.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830928/; classtype:trojan-activity;sid:83694028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.189.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830929/; classtype:trojan-activity;sid:83694029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.110.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830926/; classtype:trojan-activity;sid:83694026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.74.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830925/; classtype:trojan-activity;sid:83694025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.14.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830923/; classtype:trojan-activity;sid:83694023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.112.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830924/; classtype:trojan-activity;sid:83694024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830921/; classtype:trojan-activity;sid:83694021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830922/; classtype:trojan-activity;sid:83694022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830916/; classtype:trojan-activity;sid:83694016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830917/; classtype:trojan-activity;sid:83694017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830918/; classtype:trojan-activity;sid:83694018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830919/; classtype:trojan-activity;sid:83694019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830920/; classtype:trojan-activity;sid:83694020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830911/; classtype:trojan-activity;sid:83694011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830912/; classtype:trojan-activity;sid:83694012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830913/; classtype:trojan-activity;sid:83694013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830914/; classtype:trojan-activity;sid:83694014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830915/; classtype:trojan-activity;sid:83694015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830907/; classtype:trojan-activity;sid:83694007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830908/; classtype:trojan-activity;sid:83694008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830909/; classtype:trojan-activity;sid:83694009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830910/; classtype:trojan-activity;sid:83694010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830906/; classtype:trojan-activity;sid:83694006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.110.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830905/; classtype:trojan-activity;sid:83694005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.103.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830904/; classtype:trojan-activity;sid:83694004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830903/; classtype:trojan-activity;sid:83694003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.145.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830901/; classtype:trojan-activity;sid:83694001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830902/; classtype:trojan-activity;sid:83694002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.141.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830900/; classtype:trojan-activity;sid:83694000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.8.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830899/; classtype:trojan-activity;sid:83693999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.126.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830898/; classtype:trojan-activity;sid:83693998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830897/; classtype:trojan-activity;sid:83693997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830892/; classtype:trojan-activity;sid:83693992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830893/; classtype:trojan-activity;sid:83693993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.spc"; depth:9; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830894/; classtype:trojan-activity;sid:83693994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830895/; classtype:trojan-activity;sid:83693995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830896/; classtype:trojan-activity;sid:83693996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830889/; classtype:trojan-activity;sid:83693989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830890/; classtype:trojan-activity;sid:83693990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh4"; depth:9; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830891/; classtype:trojan-activity;sid:83693991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.m68k"; depth:10; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830887/; classtype:trojan-activity;sid:83693987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm"; depth:9; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830888/; classtype:trojan-activity;sid:83693988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830881/; classtype:trojan-activity;sid:83693981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830882/; classtype:trojan-activity;sid:83693982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830883/; classtype:trojan-activity;sid:83693983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830884/; classtype:trojan-activity;sid:83693984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830885/; classtype:trojan-activity;sid:83693985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830886/; classtype:trojan-activity;sid:83693986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.sh4"; depth:14; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830875/; classtype:trojan-activity;sid:83693975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.mips"; depth:15; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830876/; classtype:trojan-activity;sid:83693976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.mpsl"; depth:15; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830877/; classtype:trojan-activity;sid:83693977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm7"; depth:15; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830878/; classtype:trojan-activity;sid:83693978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm6"; depth:15; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830879/; classtype:trojan-activity;sid:83693979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm5"; depth:15; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830880/; classtype:trojan-activity;sid:83693980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.ppc"; depth:14; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830873/; classtype:trojan-activity;sid:83693973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.spc"; depth:14; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830874/; classtype:trojan-activity;sid:83693974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm"; depth:14; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830870/; classtype:trojan-activity;sid:83693970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.m68k"; depth:15; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830871/; classtype:trojan-activity;sid:83693971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.x86"; depth:14; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830872/; classtype:trojan-activity;sid:83693972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.204.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830869/; classtype:trojan-activity;sid:83693969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.221.247.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830868/; classtype:trojan-activity;sid:83693968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.214.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830867/; classtype:trojan-activity;sid:83693967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830866/; classtype:trojan-activity;sid:83693966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.99.201.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830865/; classtype:trojan-activity;sid:83693965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.155.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830864/; classtype:trojan-activity;sid:83693964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.213.212.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830863/; classtype:trojan-activity;sid:83693963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.9.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830862/; classtype:trojan-activity;sid:83693962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830861/; classtype:trojan-activity;sid:83693961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.231.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830860/; classtype:trojan-activity;sid:83693960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.30.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830857/; classtype:trojan-activity;sid:83693957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.151.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830858/; classtype:trojan-activity;sid:83693958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.14.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830859/; classtype:trojan-activity;sid:83693959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.236.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830856/; classtype:trojan-activity;sid:83693956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.251.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830855/; classtype:trojan-activity;sid:83693955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.113.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830852/; classtype:trojan-activity;sid:83693952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.61.93.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830853/; classtype:trojan-activity;sid:83693953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830854/; classtype:trojan-activity;sid:83693954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.207.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830851/; classtype:trojan-activity;sid:83693951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.ppc"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830849/; classtype:trojan-activity;sid:83693949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830850/; classtype:trojan-activity;sid:83693950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86_64"; depth:12; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830848/; classtype:trojan-activity;sid:83693948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mips"; depth:10; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830847/; classtype:trojan-activity;sid:83693947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm7"; depth:10; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830845/; classtype:trojan-activity;sid:83693945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mpsl"; depth:10; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830846/; classtype:trojan-activity;sid:83693946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm6"; depth:10; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830844/; classtype:trojan-activity;sid:83693944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.sh4"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830843/; classtype:trojan-activity;sid:83693943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.m68k"; depth:10; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830842/; classtype:trojan-activity;sid:83693942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86"; depth:9; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830841/; classtype:trojan-activity;sid:83693941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm5"; depth:10; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830840/; classtype:trojan-activity;sid:83693940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//debug.dbg"; depth:11; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830839/; classtype:trojan-activity;sid:83693939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//telnet"; depth:8; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830837/; classtype:trojan-activity;sid:83693937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//and"; depth:5; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830838/; classtype:trojan-activity;sid:83693938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//a"; depth:3; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830836/; classtype:trojan-activity;sid:83693936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"150.95.112.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830835/; classtype:trojan-activity;sid:83693935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830834/; classtype:trojan-activity;sid:83693934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.172.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830833/; classtype:trojan-activity;sid:83693933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.231.203.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830832/; classtype:trojan-activity;sid:83693932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.214.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830831/; classtype:trojan-activity;sid:83693931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.172.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830830/; classtype:trojan-activity;sid:83693930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.45.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830829/; classtype:trojan-activity;sid:83693929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830828/; classtype:trojan-activity;sid:83693928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.0.254"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830827/; classtype:trojan-activity;sid:83693927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.40.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830826/; classtype:trojan-activity;sid:83693926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.172.21.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830825/; classtype:trojan-activity;sid:83693925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.150.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830824/; classtype:trojan-activity;sid:83693924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.221.247.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830823/; classtype:trojan-activity;sid:83693923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830822/; classtype:trojan-activity;sid:83693922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.207.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830821/; classtype:trojan-activity;sid:83693921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.9.100"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830820/; classtype:trojan-activity;sid:83693920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830819/; classtype:trojan-activity;sid:83693919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.ppc"; depth:14; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830818/; classtype:trojan-activity;sid:83693918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.i686"; depth:15; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830817/; classtype:trojan-activity;sid:83693917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.x86"; depth:14; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830807/; classtype:trojan-activity;sid:83693907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm"; depth:14; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830808/; classtype:trojan-activity;sid:83693908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.x86_64"; depth:17; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830809/; classtype:trojan-activity;sid:83693909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.m68k"; depth:15; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830810/; classtype:trojan-activity;sid:83693910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm5"; depth:15; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830811/; classtype:trojan-activity;sid:83693911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.sh4"; depth:14; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830812/; classtype:trojan-activity;sid:83693912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.mips"; depth:15; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830813/; classtype:trojan-activity;sid:83693913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.mpsl"; depth:15; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830814/; classtype:trojan-activity;sid:83693914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm7"; depth:15; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830815/; classtype:trojan-activity;sid:83693915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm6"; depth:15; endswith; nocase; http.host; content:"64.23.184.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830816/; classtype:trojan-activity;sid:83693916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.61.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830806/; classtype:trojan-activity;sid:83693906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.204.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830805/; classtype:trojan-activity;sid:83693905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.251.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830804/; classtype:trojan-activity;sid:83693904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.81.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830803/; classtype:trojan-activity;sid:83693903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830802/; classtype:trojan-activity;sid:83693902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.16.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830801/; classtype:trojan-activity;sid:83693901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.79.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830800/; classtype:trojan-activity;sid:83693900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830799/; classtype:trojan-activity;sid:83693899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.88.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830798/; classtype:trojan-activity;sid:83693898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830797/; classtype:trojan-activity;sid:83693897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.251.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830796/; classtype:trojan-activity;sid:83693896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.45.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830795/; classtype:trojan-activity;sid:83693895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.61.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830794/; classtype:trojan-activity;sid:83693894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.107.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830793/; classtype:trojan-activity;sid:83693893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830792/; classtype:trojan-activity;sid:83693892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830791/; classtype:trojan-activity;sid:83693891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.7.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830790/; classtype:trojan-activity;sid:83693890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830789/; classtype:trojan-activity;sid:83693889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.41.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830788/; classtype:trojan-activity;sid:83693888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830787/; classtype:trojan-activity;sid:83693887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.34.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830786/; classtype:trojan-activity;sid:83693886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.179.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830785/; classtype:trojan-activity;sid:83693885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"203.109.47.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830784/; classtype:trojan-activity;sid:83693884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830783/; classtype:trojan-activity;sid:83693883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.164.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830782/; classtype:trojan-activity;sid:83693882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.227.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830781/; classtype:trojan-activity;sid:83693881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.66.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830779/; classtype:trojan-activity;sid:83693879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.32.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830780/; classtype:trojan-activity;sid:83693880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830778/; classtype:trojan-activity;sid:83693878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.23.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830777/; classtype:trojan-activity;sid:83693877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.36.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830776/; classtype:trojan-activity;sid:83693876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830775/; classtype:trojan-activity;sid:83693875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.33.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830774/; classtype:trojan-activity;sid:83693874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.51.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830773/; classtype:trojan-activity;sid:83693873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.129.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830772/; classtype:trojan-activity;sid:83693872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.113.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830771/; classtype:trojan-activity;sid:83693871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.121.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830770/; classtype:trojan-activity;sid:83693870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.130.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830769/; classtype:trojan-activity;sid:83693869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.34.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830768/; classtype:trojan-activity;sid:83693868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.227.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830767/; classtype:trojan-activity;sid:83693867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.58.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830766/; classtype:trojan-activity;sid:83693866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.191.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830764/; classtype:trojan-activity;sid:83693864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.134.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830765/; classtype:trojan-activity;sid:83693865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830763/; classtype:trojan-activity;sid:83693863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830762/; classtype:trojan-activity;sid:83693862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.70.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830761/; classtype:trojan-activity;sid:83693861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.238.25.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830760/; classtype:trojan-activity;sid:83693860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.53.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830759/; classtype:trojan-activity;sid:83693859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830758/; classtype:trojan-activity;sid:83693858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.210.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830757/; classtype:trojan-activity;sid:83693857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830756/; classtype:trojan-activity;sid:83693856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830755/; classtype:trojan-activity;sid:83693855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.164.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830754/; classtype:trojan-activity;sid:83693854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.32.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830753/; classtype:trojan-activity;sid:83693853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.219.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830752/; classtype:trojan-activity;sid:83693852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.23.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830751/; classtype:trojan-activity;sid:83693851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.121.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830750/; classtype:trojan-activity;sid:83693850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.209.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830749/; classtype:trojan-activity;sid:83693849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.189.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830748/; classtype:trojan-activity;sid:83693848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.240.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830747/; classtype:trojan-activity;sid:83693847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.130.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830746/; classtype:trojan-activity;sid:83693846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.97.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830745/; classtype:trojan-activity;sid:83693845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.69.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830744/; classtype:trojan-activity;sid:83693844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830743/; classtype:trojan-activity;sid:83693843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830742/; classtype:trojan-activity;sid:83693842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.95.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830741/; classtype:trojan-activity;sid:83693841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.58.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830740/; classtype:trojan-activity;sid:83693840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.227.95.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830738/; classtype:trojan-activity;sid:83693838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.85.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830739/; classtype:trojan-activity;sid:83693839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.92.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830737/; classtype:trojan-activity;sid:83693837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.219.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830736/; classtype:trojan-activity;sid:83693836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.26.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830735/; classtype:trojan-activity;sid:83693835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.168.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830734/; classtype:trojan-activity;sid:83693834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830733/; classtype:trojan-activity;sid:83693833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.177.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830732/; classtype:trojan-activity;sid:83693832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.86.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830731/; classtype:trojan-activity;sid:83693831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.48.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830730/; classtype:trojan-activity;sid:83693830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.234.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830729/; classtype:trojan-activity;sid:83693829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.20.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830728/; classtype:trojan-activity;sid:83693828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"152.160.185.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830727/; classtype:trojan-activity;sid:83693827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.234.84.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830726/; classtype:trojan-activity;sid:83693826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830725/; classtype:trojan-activity;sid:83693825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.92.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830724/; classtype:trojan-activity;sid:83693824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.227.95.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830723/; classtype:trojan-activity;sid:83693823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.249.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830720/; classtype:trojan-activity;sid:83693820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.140.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830721/; classtype:trojan-activity;sid:83693821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.117.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830722/; classtype:trojan-activity;sid:83693822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830719/; classtype:trojan-activity;sid:83693819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.251.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830718/; classtype:trojan-activity;sid:83693818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830717/; classtype:trojan-activity;sid:83693817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830716/; classtype:trojan-activity;sid:83693816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.166.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830715/; classtype:trojan-activity;sid:83693815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.26.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830714/; classtype:trojan-activity;sid:83693814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830713/; classtype:trojan-activity;sid:83693813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830712/; classtype:trojan-activity;sid:83693812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.97.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830711/; classtype:trojan-activity;sid:83693811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.234.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830710/; classtype:trojan-activity;sid:83693810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.141.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830709/; classtype:trojan-activity;sid:83693809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.85.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830708/; classtype:trojan-activity;sid:83693808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.73.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830707/; classtype:trojan-activity;sid:83693807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.85.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830706/; classtype:trojan-activity;sid:83693806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"31.163.228.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830705/; classtype:trojan-activity;sid:83693805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.249.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830704/; classtype:trojan-activity;sid:83693804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.33.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830703/; classtype:trojan-activity;sid:83693803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.240.211.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830702/; classtype:trojan-activity;sid:83693802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.71.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830701/; classtype:trojan-activity;sid:83693801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.11.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830700/; classtype:trojan-activity;sid:83693800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.85.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830698/; classtype:trojan-activity;sid:83693798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.65.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830699/; classtype:trojan-activity;sid:83693799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830697/; classtype:trojan-activity;sid:83693797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.134.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830696/; classtype:trojan-activity;sid:83693796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.166.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830695/; classtype:trojan-activity;sid:83693795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.39.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830694/; classtype:trojan-activity;sid:83693794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.33.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830693/; classtype:trojan-activity;sid:83693793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.235.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830692/; classtype:trojan-activity;sid:83693792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.36.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830691/; classtype:trojan-activity;sid:83693791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.13.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830690/; classtype:trojan-activity;sid:83693790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.65.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830689/; classtype:trojan-activity;sid:83693789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830688/; classtype:trojan-activity;sid:83693788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.15.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830687/; classtype:trojan-activity;sid:83693787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.61.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830686/; classtype:trojan-activity;sid:83693786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830685/; classtype:trojan-activity;sid:83693785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.239.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830684/; classtype:trojan-activity;sid:83693784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.213.186.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830683/; classtype:trojan-activity;sid:83693783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.235.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830682/; classtype:trojan-activity;sid:83693782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830681/; classtype:trojan-activity;sid:83693781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.227.95.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830680/; classtype:trojan-activity;sid:83693780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830679/; classtype:trojan-activity;sid:83693779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830678/; classtype:trojan-activity;sid:83693778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.33.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830677/; classtype:trojan-activity;sid:83693777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.36.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830676/; classtype:trojan-activity;sid:83693776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.27.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830675/; classtype:trojan-activity;sid:83693775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.13.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830674/; classtype:trojan-activity;sid:83693774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.61.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830673/; classtype:trojan-activity;sid:83693773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.179.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830672/; classtype:trojan-activity;sid:83693772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830671/; classtype:trojan-activity;sid:83693771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830670/; classtype:trojan-activity;sid:83693770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.109.47.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830668/; classtype:trojan-activity;sid:83693768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.57.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830669/; classtype:trojan-activity;sid:83693769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830667/; classtype:trojan-activity;sid:83693767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.213.186.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830666/; classtype:trojan-activity;sid:83693766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.178.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830665/; classtype:trojan-activity;sid:83693765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.4.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830664/; classtype:trojan-activity;sid:83693764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.117.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830663/; classtype:trojan-activity;sid:83693763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830661/; classtype:trojan-activity;sid:83693761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.23.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830662/; classtype:trojan-activity;sid:83693762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.178.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830659/; classtype:trojan-activity;sid:83693759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.4.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830660/; classtype:trojan-activity;sid:83693760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.101.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830658/; classtype:trojan-activity;sid:83693758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.254.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830657/; classtype:trojan-activity;sid:83693757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.175.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830655/; classtype:trojan-activity;sid:83693755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.86.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830656/; classtype:trojan-activity;sid:83693756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.154.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830654/; classtype:trojan-activity;sid:83693754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830653/; classtype:trojan-activity;sid:83693753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.6.201"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830652/; classtype:trojan-activity;sid:83693752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.0.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830651/; classtype:trojan-activity;sid:83693751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.55.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830650/; classtype:trojan-activity;sid:83693750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm7"; depth:10; endswith; nocase; http.host; content:"45.13.119.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830649/; classtype:trojan-activity;sid:83693749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.117.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830648/; classtype:trojan-activity;sid:83693748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.4.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830647/; classtype:trojan-activity;sid:83693747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.86.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830646/; classtype:trojan-activity;sid:83693746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.247.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830645/; classtype:trojan-activity;sid:83693745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.90.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830644/; classtype:trojan-activity;sid:83693744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.154.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830643/; classtype:trojan-activity;sid:83693743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.175.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830642/; classtype:trojan-activity;sid:83693742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830640/; classtype:trojan-activity;sid:83693740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.228.199.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830641/; classtype:trojan-activity;sid:83693741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830639/; classtype:trojan-activity;sid:83693739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830637/; classtype:trojan-activity;sid:83693737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.16.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830638/; classtype:trojan-activity;sid:83693738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830635/; classtype:trojan-activity;sid:83693735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.101.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830636/; classtype:trojan-activity;sid:83693736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830634/; classtype:trojan-activity;sid:83693734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.55.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830633/; classtype:trojan-activity;sid:83693733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830632/; classtype:trojan-activity;sid:83693732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.211.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830631/; classtype:trojan-activity;sid:83693731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.95.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830630/; classtype:trojan-activity;sid:83693730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830628/; classtype:trojan-activity;sid:83693728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.32.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830629/; classtype:trojan-activity;sid:83693729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.41.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830627/; classtype:trojan-activity;sid:83693727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.71.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830626/; classtype:trojan-activity;sid:83693726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.41.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830625/; classtype:trojan-activity;sid:83693725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.16.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830624/; classtype:trojan-activity;sid:83693724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830623/; classtype:trojan-activity;sid:83693723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830622/; classtype:trojan-activity;sid:83693722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830621/; classtype:trojan-activity;sid:83693721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.247.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830620/; classtype:trojan-activity;sid:83693720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.240.211.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830618/; classtype:trojan-activity;sid:83693718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.121.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830619/; classtype:trojan-activity;sid:83693719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.130.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830617/; classtype:trojan-activity;sid:83693717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830616/; classtype:trojan-activity;sid:83693716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830615/; classtype:trojan-activity;sid:83693715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.240.211.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830614/; classtype:trojan-activity;sid:83693714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.88.232.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830613/; classtype:trojan-activity;sid:83693713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.208.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830612/; classtype:trojan-activity;sid:83693712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830611/; classtype:trojan-activity;sid:83693711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830610/; classtype:trojan-activity;sid:83693710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.41.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830609/; classtype:trojan-activity;sid:83693709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.176.178.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830608/; classtype:trojan-activity;sid:83693708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.4.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830607/; classtype:trojan-activity;sid:83693707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.33.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830606/; classtype:trojan-activity;sid:83693706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.130.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830605/; classtype:trojan-activity;sid:83693705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.93.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830604/; classtype:trojan-activity;sid:83693704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.240.211.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830603/; classtype:trojan-activity;sid:83693703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.235.107.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830601/; classtype:trojan-activity;sid:83693701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.30.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830602/; classtype:trojan-activity;sid:83693702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.53.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830600/; classtype:trojan-activity;sid:83693700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830599/; classtype:trojan-activity;sid:83693699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.180.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830598/; classtype:trojan-activity;sid:83693698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830597/; classtype:trojan-activity;sid:83693697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830596/; classtype:trojan-activity;sid:83693696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.186.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830595/; classtype:trojan-activity;sid:83693695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.221.221.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830594/; classtype:trojan-activity;sid:83693694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.232.210.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830593/; classtype:trojan-activity;sid:83693693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.191.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830592/; classtype:trojan-activity;sid:83693692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.53.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830591/; classtype:trojan-activity;sid:83693691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830590/; classtype:trojan-activity;sid:83693690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.249.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830589/; classtype:trojan-activity;sid:83693689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.117.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830588/; classtype:trojan-activity;sid:83693688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830587/; classtype:trojan-activity;sid:83693687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.8.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830586/; classtype:trojan-activity;sid:83693686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.138"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830585/; classtype:trojan-activity;sid:83693685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.107.8.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830584/; classtype:trojan-activity;sid:83693684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.49.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830583/; classtype:trojan-activity;sid:83693683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.37.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830582/; classtype:trojan-activity;sid:83693682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.78.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830581/; classtype:trojan-activity;sid:83693681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.1.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830580/; classtype:trojan-activity;sid:83693680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.145.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830579/; classtype:trojan-activity;sid:83693679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.8.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830578/; classtype:trojan-activity;sid:83693678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830577/; classtype:trojan-activity;sid:83693677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830576/; classtype:trojan-activity;sid:83693676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.174.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830575/; classtype:trojan-activity;sid:83693675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.58.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830574/; classtype:trojan-activity;sid:83693674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.49.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830573/; classtype:trojan-activity;sid:83693673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.74.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830572/; classtype:trojan-activity;sid:83693672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.4.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830571/; classtype:trojan-activity;sid:83693671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.90.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830570/; classtype:trojan-activity;sid:83693670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.95.229.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830569/; classtype:trojan-activity;sid:83693669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.133.45.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830568/; classtype:trojan-activity;sid:83693668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.75.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830567/; classtype:trojan-activity;sid:83693667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.159.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830566/; classtype:trojan-activity;sid:83693666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.223.130.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830565/; classtype:trojan-activity;sid:83693665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.7.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830564/; classtype:trojan-activity;sid:83693664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.210.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830563/; classtype:trojan-activity;sid:83693663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.78.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830562/; classtype:trojan-activity;sid:83693662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.145.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830561/; classtype:trojan-activity;sid:83693661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.154.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830560/; classtype:trojan-activity;sid:83693660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.162.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830559/; classtype:trojan-activity;sid:83693659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.204.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830558/; classtype:trojan-activity;sid:83693658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"94.228.199.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830557/; classtype:trojan-activity;sid:83693657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.20.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830556/; classtype:trojan-activity;sid:83693656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.139.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830554/; classtype:trojan-activity;sid:83693654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.58.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830555/; classtype:trojan-activity;sid:83693655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"102.41.78.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830553/; classtype:trojan-activity;sid:83693653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.146.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830552/; classtype:trojan-activity;sid:83693652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.197.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830551/; classtype:trojan-activity;sid:83693651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.235.215.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830550/; classtype:trojan-activity;sid:83693650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.139.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830549/; classtype:trojan-activity;sid:83693649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.235.107.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830548/; classtype:trojan-activity;sid:83693648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.89.216.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830547/; classtype:trojan-activity;sid:83693647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.241.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830546/; classtype:trojan-activity;sid:83693646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.209.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830545/; classtype:trojan-activity;sid:83693645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.146.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830544/; classtype:trojan-activity;sid:83693644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.204.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830543/; classtype:trojan-activity;sid:83693643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.162.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830542/; classtype:trojan-activity;sid:83693642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.238.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830541/; classtype:trojan-activity;sid:83693641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.85.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830540/; classtype:trojan-activity;sid:83693640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.89.216.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830538/; classtype:trojan-activity;sid:83693638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.46.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830539/; classtype:trojan-activity;sid:83693639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.94.148"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830537/; classtype:trojan-activity;sid:83693637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.165.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830536/; classtype:trojan-activity;sid:83693636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830535/; classtype:trojan-activity;sid:83693635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830534/; classtype:trojan-activity;sid:83693634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.181.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830533/; classtype:trojan-activity;sid:83693633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.180.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830532/; classtype:trojan-activity;sid:83693632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.224.246.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830531/; classtype:trojan-activity;sid:83693631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.128.17.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830530/; classtype:trojan-activity;sid:83693630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.110.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830529/; classtype:trojan-activity;sid:83693629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.238.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830528/; classtype:trojan-activity;sid:83693628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.194.55.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830527/; classtype:trojan-activity;sid:83693627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.44.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830526/; classtype:trojan-activity;sid:83693626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830525/; classtype:trojan-activity;sid:83693625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.145.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830524/; classtype:trojan-activity;sid:83693624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.215.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830523/; classtype:trojan-activity;sid:83693623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.69.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830522/; classtype:trojan-activity;sid:83693622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.221.221.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830520/; classtype:trojan-activity;sid:83693620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.180.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830521/; classtype:trojan-activity;sid:83693621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.161.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830519/; classtype:trojan-activity;sid:83693619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mariogame.dll"; depth:14; endswith; nocase; http.host; content:"103.249.112.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830518/; classtype:trojan-activity;sid:83693618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.197.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830517/; classtype:trojan-activity;sid:83693617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.162.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830516/; classtype:trojan-activity;sid:83693616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830515/; classtype:trojan-activity;sid:83693615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.147.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830514/; classtype:trojan-activity;sid:83693614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.110.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830513/; classtype:trojan-activity;sid:83693613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.147.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830512/; classtype:trojan-activity;sid:83693612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.246.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830511/; classtype:trojan-activity;sid:83693611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.194.55.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830509/; classtype:trojan-activity;sid:83693609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.81.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830510/; classtype:trojan-activity;sid:83693610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.78.69.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830508/; classtype:trojan-activity;sid:83693608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.26.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830507/; classtype:trojan-activity;sid:83693607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.151.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830506/; classtype:trojan-activity;sid:83693606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.108.251.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830505/; classtype:trojan-activity;sid:83693605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.245.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830503/; classtype:trojan-activity;sid:83693603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.195.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830504/; classtype:trojan-activity;sid:83693604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"156.155.112.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830502/; classtype:trojan-activity;sid:83693602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.161.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830501/; classtype:trojan-activity;sid:83693601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830500/; classtype:trojan-activity;sid:83693600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/images/steam.exe"; depth:24; endswith; nocase; http.host; content:"ssh44.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830499/; classtype:trojan-activity;sid:83693599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.180.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830498/; classtype:trojan-activity;sid:83693598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.113.101.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830497/; classtype:trojan-activity;sid:83693597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.125.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830496/; classtype:trojan-activity;sid:83693596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.229.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830495/; classtype:trojan-activity;sid:83693595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669085554|3f|hash=egpxsxieqt0mlxty3afwlgq3zsqfxgiephozpuckdyh|7c|26|7c|dl=xqypfmrzesw44h7bhvqm829hg5dsvhfzsuazvr5qxjl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830494/; classtype:trojan-activity;sid:83693594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.246.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830493/; classtype:trojan-activity;sid:83693593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.203.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830492/; classtype:trojan-activity;sid:83693592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.34.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830491/; classtype:trojan-activity;sid:83693591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.2.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830490/; classtype:trojan-activity;sid:83693590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830489/; classtype:trojan-activity;sid:83693589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.78.69.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830488/; classtype:trojan-activity;sid:83693588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830487/; classtype:trojan-activity;sid:83693587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830485/; classtype:trojan-activity;sid:83693585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830486/; classtype:trojan-activity;sid:83693586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.34.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830484/; classtype:trojan-activity;sid:83693584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830483/; classtype:trojan-activity;sid:83693583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.4.196"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830482/; classtype:trojan-activity;sid:83693582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830481/; classtype:trojan-activity;sid:83693581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.100.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830478/; classtype:trojan-activity;sid:83693578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.177.180.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830479/; classtype:trojan-activity;sid:83693579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.22.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830480/; classtype:trojan-activity;sid:83693580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830476/; classtype:trojan-activity;sid:83693576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.27.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830477/; classtype:trojan-activity;sid:83693577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lander/file_294/setup294.exe"; depth:29; endswith; nocase; http.host; content:"evangelized.sbs"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830475/; classtype:trojan-activity;sid:83693575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830473/; classtype:trojan-activity;sid:83693573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.100.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830474/; classtype:trojan-activity;sid:83693574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.12.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830472/; classtype:trojan-activity;sid:83693572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.16.234.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830471/; classtype:trojan-activity;sid:83693571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.73.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830469/; classtype:trojan-activity;sid:83693569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.12.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830470/; classtype:trojan-activity;sid:83693570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.212.142.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830468/; classtype:trojan-activity;sid:83693568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.173.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830467/; classtype:trojan-activity;sid:83693567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.189.245.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830466/; classtype:trojan-activity;sid:83693566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830465/; classtype:trojan-activity;sid:83693565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830464/; classtype:trojan-activity;sid:83693564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.62.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830463/; classtype:trojan-activity;sid:83693563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.179.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830462/; classtype:trojan-activity;sid:83693562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.241.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830461/; classtype:trojan-activity;sid:83693561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830460/; classtype:trojan-activity;sid:83693560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.83.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830459/; classtype:trojan-activity;sid:83693559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.47.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830458/; classtype:trojan-activity;sid:83693558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.141.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830457/; classtype:trojan-activity;sid:83693557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.189.245.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830456/; classtype:trojan-activity;sid:83693556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.47.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830455/; classtype:trojan-activity;sid:83693555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.27.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830454/; classtype:trojan-activity;sid:83693554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.153.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830453/; classtype:trojan-activity;sid:83693553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.91.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830452/; classtype:trojan-activity;sid:83693552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.148.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830451/; classtype:trojan-activity;sid:83693551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.222.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830450/; classtype:trojan-activity;sid:83693550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830449/; classtype:trojan-activity;sid:83693549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.129.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830448/; classtype:trojan-activity;sid:83693548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830447/; classtype:trojan-activity;sid:83693547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/padla/fiona.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830446/; classtype:trojan-activity;sid:83693546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.89.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830445/; classtype:trojan-activity;sid:83693545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.158.11.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830444/; classtype:trojan-activity;sid:83693544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.214.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830443/; classtype:trojan-activity;sid:83693543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.241.14.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830442/; classtype:trojan-activity;sid:83693542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.16.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830441/; classtype:trojan-activity;sid:83693541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.60.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830440/; classtype:trojan-activity;sid:83693540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.37.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830439/; classtype:trojan-activity;sid:83693539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.44.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830438/; classtype:trojan-activity;sid:83693538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.153.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830437/; classtype:trojan-activity;sid:83693537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.201.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830436/; classtype:trojan-activity;sid:83693536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.65.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830435/; classtype:trojan-activity;sid:83693535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.90.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830434/; classtype:trojan-activity;sid:83693534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.143.99.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830432/; classtype:trojan-activity;sid:83693532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.89.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830433/; classtype:trojan-activity;sid:83693533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.47.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830431/; classtype:trojan-activity;sid:83693531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.26.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830430/; classtype:trojan-activity;sid:83693530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.183.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830429/; classtype:trojan-activity;sid:83693529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.176.209.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830428/; classtype:trojan-activity;sid:83693528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.60.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830427/; classtype:trojan-activity;sid:83693527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.156.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830426/; classtype:trojan-activity;sid:83693526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.22.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830425/; classtype:trojan-activity;sid:83693525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830424/; classtype:trojan-activity;sid:83693524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830423/; classtype:trojan-activity;sid:83693523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.30.76.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830422/; classtype:trojan-activity;sid:83693522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.112.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830421/; classtype:trojan-activity;sid:83693521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.44.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830420/; classtype:trojan-activity;sid:83693520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.176.209.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830419/; classtype:trojan-activity;sid:83693519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.218.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830418/; classtype:trojan-activity;sid:83693518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.140.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830417/; classtype:trojan-activity;sid:83693517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.7.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830416/; classtype:trojan-activity;sid:83693516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.143.99.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830415/; classtype:trojan-activity;sid:83693515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830414/; classtype:trojan-activity;sid:83693514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.72.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830413/; classtype:trojan-activity;sid:83693513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.156.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830412/; classtype:trojan-activity;sid:83693512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.118.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830411/; classtype:trojan-activity;sid:83693511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.43.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830410/; classtype:trojan-activity;sid:83693510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.91.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830409/; classtype:trojan-activity;sid:83693509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.248.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830408/; classtype:trojan-activity;sid:83693508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.245.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830407/; classtype:trojan-activity;sid:83693507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.22.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830406/; classtype:trojan-activity;sid:83693506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.91.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830405/; classtype:trojan-activity;sid:83693505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.119.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830404/; classtype:trojan-activity;sid:83693504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.176.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830403/; classtype:trojan-activity;sid:83693503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.17.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830402/; classtype:trojan-activity;sid:83693502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.171.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830400/; classtype:trojan-activity;sid:83693500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.223.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830401/; classtype:trojan-activity;sid:83693501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.126.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830399/; classtype:trojan-activity;sid:83693499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830398/; classtype:trojan-activity;sid:83693498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.43.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830396/; classtype:trojan-activity;sid:83693496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830397/; classtype:trojan-activity;sid:83693497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.118.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830395/; classtype:trojan-activity;sid:83693495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.45.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830394/; classtype:trojan-activity;sid:83693494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.16.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830393/; classtype:trojan-activity;sid:83693493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.119.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830392/; classtype:trojan-activity;sid:83693492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.188.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830391/; classtype:trojan-activity;sid:83693491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.176.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830390/; classtype:trojan-activity;sid:83693490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.209.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830389/; classtype:trojan-activity;sid:83693489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.95.21.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830388/; classtype:trojan-activity;sid:83693488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.223.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830387/; classtype:trojan-activity;sid:83693487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830386/; classtype:trojan-activity;sid:83693486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.171.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830385/; classtype:trojan-activity;sid:83693485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830384/; classtype:trojan-activity;sid:83693484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.106.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830383/; classtype:trojan-activity;sid:83693483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830382/; classtype:trojan-activity;sid:83693482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.203.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830381/; classtype:trojan-activity;sid:83693481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.22.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830380/; classtype:trojan-activity;sid:83693480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.179.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830379/; classtype:trojan-activity;sid:83693479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.33.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830378/; classtype:trojan-activity;sid:83693478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830377/; classtype:trojan-activity;sid:83693477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.112.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830375/; classtype:trojan-activity;sid:83693475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.187.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830376/; classtype:trojan-activity;sid:83693476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669078780|3f|hash=ro6hd56v8j3ffz5mr24xxm7aaka8iznzdcz9xg8wstl|7c|26|7c|dl=soz7cdzjjfnc1eflakgrrtfyxdscsezb90sjloeaznp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830374/; classtype:trojan-activity;sid:83693474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.117.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830373/; classtype:trojan-activity;sid:83693473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.0.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830372/; classtype:trojan-activity;sid:83693472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830371/; classtype:trojan-activity;sid:83693471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.5.146.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830370/; classtype:trojan-activity;sid:83693470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.95.21.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830369/; classtype:trojan-activity;sid:83693469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.74.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830368/; classtype:trojan-activity;sid:83693468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.243.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830367/; classtype:trojan-activity;sid:83693467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.203.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830366/; classtype:trojan-activity;sid:83693466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.179.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830365/; classtype:trojan-activity;sid:83693465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.22.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830364/; classtype:trojan-activity;sid:83693464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xqap5p41u8di"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830362/; classtype:trojan-activity;sid:83693462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830363/; classtype:trojan-activity;sid:83693463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830361/; classtype:trojan-activity;sid:83693461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.53.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830360/; classtype:trojan-activity;sid:83693460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.59.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830359/; classtype:trojan-activity;sid:83693459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.185.232.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830358/; classtype:trojan-activity;sid:83693458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.112.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830357/; classtype:trojan-activity;sid:83693457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.104.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830356/; classtype:trojan-activity;sid:83693456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.84.159.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830355/; classtype:trojan-activity;sid:83693455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.187.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830353/; classtype:trojan-activity;sid:83693453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830354/; classtype:trojan-activity;sid:83693454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.133.45.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830352/; classtype:trojan-activity;sid:83693452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.115.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830350/; classtype:trojan-activity;sid:83693450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.235.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830351/; classtype:trojan-activity;sid:83693451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.228.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830349/; classtype:trojan-activity;sid:83693449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.104.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830348/; classtype:trojan-activity;sid:83693448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.74.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830347/; classtype:trojan-activity;sid:83693447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.232.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830346/; classtype:trojan-activity;sid:83693446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.234.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830345/; classtype:trojan-activity;sid:83693445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.172.21.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830344/; classtype:trojan-activity;sid:83693444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.243.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830343/; classtype:trojan-activity;sid:83693443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.22.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830342/; classtype:trojan-activity;sid:83693442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.48.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830341/; classtype:trojan-activity;sid:83693441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.186.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830340/; classtype:trojan-activity;sid:83693440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830339/; classtype:trojan-activity;sid:83693439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.75.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830338/; classtype:trojan-activity;sid:83693438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.177.97.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830336/; classtype:trojan-activity;sid:83693436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.228.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830337/; classtype:trojan-activity;sid:83693437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.203.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830335/; classtype:trojan-activity;sid:83693435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.84.159.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830334/; classtype:trojan-activity;sid:83693434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.28.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830333/; classtype:trojan-activity;sid:83693433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.232.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830332/; classtype:trojan-activity;sid:83693432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/about-us/js/ss/molitri.exe"; depth:27; endswith; nocase; http.host; content:"fragaim.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830331/; classtype:trojan-activity;sid:83693431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.177.97.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830330/; classtype:trojan-activity;sid:83693430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.95.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830329/; classtype:trojan-activity;sid:83693429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.247.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830328/; classtype:trojan-activity;sid:83693428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830327/; classtype:trojan-activity;sid:83693427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.143.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830326/; classtype:trojan-activity;sid:83693426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.47.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830325/; classtype:trojan-activity;sid:83693425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.232.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830324/; classtype:trojan-activity;sid:83693424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.170.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830323/; classtype:trojan-activity;sid:83693423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.234.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830322/; classtype:trojan-activity;sid:83693422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830321/; classtype:trojan-activity;sid:83693421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.106.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830320/; classtype:trojan-activity;sid:83693420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830319/; classtype:trojan-activity;sid:83693419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.202.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830317/; classtype:trojan-activity;sid:83693417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.203.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830318/; classtype:trojan-activity;sid:83693418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830316/; classtype:trojan-activity;sid:83693416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.251.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830315/; classtype:trojan-activity;sid:83693415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.0.178"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830314/; classtype:trojan-activity;sid:83693414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830313/; classtype:trojan-activity;sid:83693413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.66.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830312/; classtype:trojan-activity;sid:83693412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.93.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830311/; classtype:trojan-activity;sid:83693411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.47.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830310/; classtype:trojan-activity;sid:83693410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.22.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830309/; classtype:trojan-activity;sid:83693409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.70.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830308/; classtype:trojan-activity;sid:83693408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.23.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830307/; classtype:trojan-activity;sid:83693407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.184.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830306/; classtype:trojan-activity;sid:83693406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.251.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830305/; classtype:trojan-activity;sid:83693405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.47.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830304/; classtype:trojan-activity;sid:83693404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.178"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830303/; classtype:trojan-activity;sid:83693403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.73.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830302/; classtype:trojan-activity;sid:83693402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830301/; classtype:trojan-activity;sid:83693401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.138.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830300/; classtype:trojan-activity;sid:83693400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669074803|3f|hash=gtxjyddukaikxlwy09aijpg5gj5trtjhovyhzgbp72o|7c|26|7c|dl=a9s6lampuqcyacgxt0hxzf0mvabjbv8eilyefae3tsw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830299/; classtype:trojan-activity;sid:83693399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830298/; classtype:trojan-activity;sid:83693398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830297/; classtype:trojan-activity;sid:83693397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.34.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830295/; classtype:trojan-activity;sid:83693395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.109.182.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830296/; classtype:trojan-activity;sid:83693396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.153.206.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830294/; classtype:trojan-activity;sid:83693394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.16.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830293/; classtype:trojan-activity;sid:83693393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.141.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830292/; classtype:trojan-activity;sid:83693392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.55.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830291/; classtype:trojan-activity;sid:83693391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.23.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830290/; classtype:trojan-activity;sid:83693390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.119.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830289/; classtype:trojan-activity;sid:83693389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.73.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830288/; classtype:trojan-activity;sid:83693388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.47.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830287/; classtype:trojan-activity;sid:83693387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.225.165.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830286/; classtype:trojan-activity;sid:83693386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.39.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830285/; classtype:trojan-activity;sid:83693385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830284/; classtype:trojan-activity;sid:83693384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.183.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830283/; classtype:trojan-activity;sid:83693383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.0.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830282/; classtype:trojan-activity;sid:83693382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.102.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830281/; classtype:trojan-activity;sid:83693381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.16.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830280/; classtype:trojan-activity;sid:83693380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.180.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830279/; classtype:trojan-activity;sid:83693379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.210.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830278/; classtype:trojan-activity;sid:83693378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.11.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830277/; classtype:trojan-activity;sid:83693377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.47.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830276/; classtype:trojan-activity;sid:83693376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.225.165.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830275/; classtype:trojan-activity;sid:83693375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.119.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830274/; classtype:trojan-activity;sid:83693374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.224.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830273/; classtype:trojan-activity;sid:83693373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.122.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830272/; classtype:trojan-activity;sid:83693372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.22.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830271/; classtype:trojan-activity;sid:83693371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.149.165.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830270/; classtype:trojan-activity;sid:83693370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.180.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830269/; classtype:trojan-activity;sid:83693369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.35.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830268/; classtype:trojan-activity;sid:83693368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.1.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830267/; classtype:trojan-activity;sid:83693367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.209.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830265/; classtype:trojan-activity;sid:83693365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.113.101.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830266/; classtype:trojan-activity;sid:83693366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.15.191.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830264/; classtype:trojan-activity;sid:83693364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.122.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830263/; classtype:trojan-activity;sid:83693363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.230.187.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830262/; classtype:trojan-activity;sid:83693362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.210.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830261/; classtype:trojan-activity;sid:83693361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.108.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830260/; classtype:trojan-activity;sid:83693360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.197.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830259/; classtype:trojan-activity;sid:83693359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.30.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830258/; classtype:trojan-activity;sid:83693358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.11.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830257/; classtype:trojan-activity;sid:83693357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.35.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830256/; classtype:trojan-activity;sid:83693356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.50.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830252/; classtype:trojan-activity;sid:83693352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.61.88.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830253/; classtype:trojan-activity;sid:83693353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.95.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830254/; classtype:trojan-activity;sid:83693354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.108.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830255/; classtype:trojan-activity;sid:83693355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.192.207.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830251/; classtype:trojan-activity;sid:83693351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.239.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830250/; classtype:trojan-activity;sid:83693350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.1.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830249/; classtype:trojan-activity;sid:83693349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.39.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830248/; classtype:trojan-activity;sid:83693348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.57.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830246/; classtype:trojan-activity;sid:83693346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.181.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830247/; classtype:trojan-activity;sid:83693347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.49.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830245/; classtype:trojan-activity;sid:83693345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.239.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830243/; classtype:trojan-activity;sid:83693343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.202.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830244/; classtype:trojan-activity;sid:83693344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.61.88.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830242/; classtype:trojan-activity;sid:83693342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.188.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830241/; classtype:trojan-activity;sid:83693341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.57.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830240/; classtype:trojan-activity;sid:83693340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.232.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830239/; classtype:trojan-activity;sid:83693339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830238/; classtype:trojan-activity;sid:83693338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.250.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830236/; classtype:trojan-activity;sid:83693336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.90.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830237/; classtype:trojan-activity;sid:83693337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.69.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830235/; classtype:trojan-activity;sid:83693335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.72.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830234/; classtype:trojan-activity;sid:83693334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.218.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830233/; classtype:trojan-activity;sid:83693333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.158"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830232/; classtype:trojan-activity;sid:83693332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.148.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830231/; classtype:trojan-activity;sid:83693331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830230/; classtype:trojan-activity;sid:83693330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.193.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830229/; classtype:trojan-activity;sid:83693329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.202.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830228/; classtype:trojan-activity;sid:83693328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.26.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830227/; classtype:trojan-activity;sid:83693327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.69.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830226/; classtype:trojan-activity;sid:83693326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.90.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830225/; classtype:trojan-activity;sid:83693325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.162.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830224/; classtype:trojan-activity;sid:83693324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.107.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830223/; classtype:trojan-activity;sid:83693323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.74.59.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830222/; classtype:trojan-activity;sid:83693322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.72.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830221/; classtype:trojan-activity;sid:83693321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.229.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830220/; classtype:trojan-activity;sid:83693320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.215.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830219/; classtype:trojan-activity;sid:83693319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.26.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830218/; classtype:trojan-activity;sid:83693318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.44.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830217/; classtype:trojan-activity;sid:83693317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.17.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830216/; classtype:trojan-activity;sid:83693316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.92.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830215/; classtype:trojan-activity;sid:83693315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.189.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830214/; classtype:trojan-activity;sid:83693314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.217.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830213/; classtype:trojan-activity;sid:83693313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.69.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830212/; classtype:trojan-activity;sid:83693312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.66.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830211/; classtype:trojan-activity;sid:83693311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.217.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830210/; classtype:trojan-activity;sid:83693310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830209/; classtype:trojan-activity;sid:83693309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.193.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830208/; classtype:trojan-activity;sid:83693308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.162.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830207/; classtype:trojan-activity;sid:83693307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.107.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830206/; classtype:trojan-activity;sid:83693306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830205/; classtype:trojan-activity;sid:83693305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.1.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830204/; classtype:trojan-activity;sid:83693304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.58.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830203/; classtype:trojan-activity;sid:83693303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830202/; classtype:trojan-activity;sid:83693302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.3.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830201/; classtype:trojan-activity;sid:83693301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.124.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830200/; classtype:trojan-activity;sid:83693300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.48.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830199/; classtype:trojan-activity;sid:83693299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.5.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830198/; classtype:trojan-activity;sid:83693298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.92.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830197/; classtype:trojan-activity;sid:83693297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.193.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830196/; classtype:trojan-activity;sid:83693296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830194/; classtype:trojan-activity;sid:83693294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.148.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830195/; classtype:trojan-activity;sid:83693295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.185.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830193/; classtype:trojan-activity;sid:83693293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.5.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830192/; classtype:trojan-activity;sid:83693292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.134.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830191/; classtype:trojan-activity;sid:83693291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.51.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830190/; classtype:trojan-activity;sid:83693290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.152.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830189/; classtype:trojan-activity;sid:83693289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830188/; classtype:trojan-activity;sid:83693288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830187/; classtype:trojan-activity;sid:83693287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830186/; classtype:trojan-activity;sid:83693286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.armv4"; depth:11; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830184/; classtype:trojan-activity;sid:83693284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.arm6"; depth:8; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830185/; classtype:trojan-activity;sid:83693285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mipsel"; depth:13; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830178/; classtype:trojan-activity;sid:83693278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sh4"; depth:10; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830179/; classtype:trojan-activity;sid:83693279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.sh4"; depth:9; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830180/; classtype:trojan-activity;sid:83693280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv5"; depth:12; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830181/; classtype:trojan-activity;sid:83693281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830182/; classtype:trojan-activity;sid:83693282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xh0roxxnavebusyoo.x86"; depth:23; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830183/; classtype:trojan-activity;sid:83693283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4"; depth:13; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830173/; classtype:trojan-activity;sid:83693273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4"; depth:13; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830174/; classtype:trojan-activity;sid:83693274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipst"; depth:6; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830175/; classtype:trojan-activity;sid:83693275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv6l"; depth:13; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830176/; classtype:trojan-activity;sid:83693276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv4"; depth:12; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830177/; classtype:trojan-activity;sid:83693277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"84.54.51.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830168/; classtype:trojan-activity;sid:83693268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830169/; classtype:trojan-activity;sid:83693269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.ppc"; depth:10; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830170/; classtype:trojan-activity;sid:83693270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.mpsl"; depth:8; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830171/; classtype:trojan-activity;sid:83693271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.spc"; depth:12; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830172/; classtype:trojan-activity;sid:83693272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830164/; classtype:trojan-activity;sid:83693264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830165/; classtype:trojan-activity;sid:83693265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.arm4"; depth:8; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830166/; classtype:trojan-activity;sid:83693266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830167/; classtype:trojan-activity;sid:83693267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4t"; depth:14; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830162/; classtype:trojan-activity;sid:83693262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830163/; classtype:trojan-activity;sid:83693263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.sh4"; depth:7; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830157/; classtype:trojan-activity;sid:83693257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm7"; depth:10; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830158/; classtype:trojan-activity;sid:83693258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.i686"; depth:13; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830159/; classtype:trojan-activity;sid:83693259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830160/; classtype:trojan-activity;sid:83693260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830161/; classtype:trojan-activity;sid:83693261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830156/; classtype:trojan-activity;sid:83693256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830155/; classtype:trojan-activity;sid:83693255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830153/; classtype:trojan-activity;sid:83693253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4t"; depth:14; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830154/; classtype:trojan-activity;sid:83693254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"156.251.19.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830149/; classtype:trojan-activity;sid:83693249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.spc"; depth:12; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830150/; classtype:trojan-activity;sid:83693250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"45.158.9.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830151/; classtype:trojan-activity;sid:83693251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.mipsel"; depth:12; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830152/; classtype:trojan-activity;sid:83693252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830146/; classtype:trojan-activity;sid:83693246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830147/; classtype:trojan-activity;sid:83693247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830148/; classtype:trojan-activity;sid:83693248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830143/; classtype:trojan-activity;sid:83693243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.m68k"; depth:11; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830144/; classtype:trojan-activity;sid:83693244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68"; depth:12; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830145/; classtype:trojan-activity;sid:83693245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.arm4t"; depth:9; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830141/; classtype:trojan-activity;sid:83693241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sparc"; depth:12; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830142/; classtype:trojan-activity;sid:83693242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.arm7"; depth:8; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830138/; classtype:trojan-activity;sid:83693238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830139/; classtype:trojan-activity;sid:83693239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.armv6"; depth:11; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830140/; classtype:trojan-activity;sid:83693240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830133/; classtype:trojan-activity;sid:83693233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.armv7"; depth:11; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830134/; classtype:trojan-activity;sid:83693234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.142.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830135/; classtype:trojan-activity;sid:83693235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.i686"; depth:10; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830136/; classtype:trojan-activity;sid:83693236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.armv5"; depth:11; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830137/; classtype:trojan-activity;sid:83693237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.i686"; depth:8; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830128/; classtype:trojan-activity;sid:83693228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830129/; classtype:trojan-activity;sid:83693229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830130/; classtype:trojan-activity;sid:83693230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830131/; classtype:trojan-activity;sid:83693231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830132/; classtype:trojan-activity;sid:83693232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830127/; classtype:trojan-activity;sid:83693227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830125/; classtype:trojan-activity;sid:83693225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830126/; classtype:trojan-activity;sid:83693226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830122/; classtype:trojan-activity;sid:83693222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i586"; depth:11; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830123/; classtype:trojan-activity;sid:83693223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830124/; classtype:trojan-activity;sid:83693224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830117/; classtype:trojan-activity;sid:83693217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm5"; depth:16; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830118/; classtype:trojan-activity;sid:83693218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.ppc"; depth:9; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830119/; classtype:trojan-activity;sid:83693219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm68k"; depth:6; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830120/; classtype:trojan-activity;sid:83693220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830121/; classtype:trojan-activity;sid:83693221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830115/; classtype:trojan-activity;sid:83693215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perppc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830116/; classtype:trojan-activity;sid:83693216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830111/; classtype:trojan-activity;sid:83693211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i686"; depth:11; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830112/; classtype:trojan-activity;sid:83693212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830113/; classtype:trojan-activity;sid:83693213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830114/; classtype:trojan-activity;sid:83693214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830107/; classtype:trojan-activity;sid:83693207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.i586"; depth:10; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830108/; classtype:trojan-activity;sid:83693208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.ppc"; depth:15; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830109/; classtype:trojan-activity;sid:83693209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.ppc"; depth:7; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830110/; classtype:trojan-activity;sid:83693210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.m68k"; depth:10; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830105/; classtype:trojan-activity;sid:83693205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/permips"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830106/; classtype:trojan-activity;sid:83693206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830100/; classtype:trojan-activity;sid:83693200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830101/; classtype:trojan-activity;sid:83693201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830102/; classtype:trojan-activity;sid:83693202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830103/; classtype:trojan-activity;sid:83693203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830104/; classtype:trojan-activity;sid:83693204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.arm5"; depth:8; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830099/; classtype:trojan-activity;sid:83693199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm7"; depth:16; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830095/; classtype:trojan-activity;sid:83693195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830096/; classtype:trojan-activity;sid:83693196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.sparc"; depth:11; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830097/; classtype:trojan-activity;sid:83693197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830098/; classtype:trojan-activity;sid:83693198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.spc"; depth:7; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830091/; classtype:trojan-activity;sid:83693191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.mips"; depth:8; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830092/; classtype:trojan-activity;sid:83693192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.x86"; depth:10; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830093/; classtype:trojan-activity;sid:83693193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.mips"; depth:10; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830094/; classtype:trojan-activity;sid:83693194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830088/; classtype:trojan-activity;sid:83693188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830089/; classtype:trojan-activity;sid:83693189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.x86"; depth:7; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830090/; classtype:trojan-activity;sid:83693190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roze.x86"; depth:9; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830086/; classtype:trojan-activity;sid:83693186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mips"; depth:11; endswith; nocase; http.host; content:"94.156.66.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830087/; classtype:trojan-activity;sid:83693187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perspc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830083/; classtype:trojan-activity;sid:83693183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830084/; classtype:trojan-activity;sid:83693184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68"; depth:12; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830085/; classtype:trojan-activity;sid:83693185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830079/; classtype:trojan-activity;sid:83693179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zk.m68"; depth:7; endswith; nocase; http.host; content:"5.253.246.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830080/; classtype:trojan-activity;sid:83693180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830081/; classtype:trojan-activity;sid:83693181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/permpsl"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830082/; classtype:trojan-activity;sid:83693182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm6"; depth:16; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830076/; classtype:trojan-activity;sid:83693176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.i686"; depth:13; endswith; nocase; http.host; content:"93.123.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830077/; classtype:trojan-activity;sid:83693177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.x86"; depth:15; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830078/; classtype:trojan-activity;sid:83693178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830073/; classtype:trojan-activity;sid:83693173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sparc"; depth:17; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830074/; classtype:trojan-activity;sid:83693174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830075/; classtype:trojan-activity;sid:83693175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830070/; classtype:trojan-activity;sid:83693170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830071/; classtype:trojan-activity;sid:83693171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidtest"; depth:9; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830072/; classtype:trojan-activity;sid:83693172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830066/; classtype:trojan-activity;sid:83693166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830067/; classtype:trojan-activity;sid:83693167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mips"; depth:16; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830068/; classtype:trojan-activity;sid:83693168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"94.156.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830069/; classtype:trojan-activity;sid:83693169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830062/; classtype:trojan-activity;sid:83693162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830063/; classtype:trojan-activity;sid:83693163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830064/; classtype:trojan-activity;sid:83693164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perm68k"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830065/; classtype:trojan-activity;sid:83693165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830058/; classtype:trojan-activity;sid:83693158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"93.123.85.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830059/; classtype:trojan-activity;sid:83693159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830060/; classtype:trojan-activity;sid:83693160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"5.42.102.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830061/; classtype:trojan-activity;sid:83693161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm4"; depth:16; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830056/; classtype:trojan-activity;sid:83693156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mpsl"; depth:16; endswith; nocase; http.host; content:"94.156.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830057/; classtype:trojan-activity;sid:83693157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.93.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830055/; classtype:trojan-activity;sid:83693155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.32.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830054/; classtype:trojan-activity;sid:83693154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.156.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830053/; classtype:trojan-activity;sid:83693153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830052/; classtype:trojan-activity;sid:83693152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.46.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830051/; classtype:trojan-activity;sid:83693151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.152.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830049/; classtype:trojan-activity;sid:83693149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.44.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830050/; classtype:trojan-activity;sid:83693150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.160.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830048/; classtype:trojan-activity;sid:83693148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.103.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830047/; classtype:trojan-activity;sid:83693147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.104.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830046/; classtype:trojan-activity;sid:83693146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830045/; classtype:trojan-activity;sid:83693145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.235.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830044/; classtype:trojan-activity;sid:83693144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.107.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830042/; classtype:trojan-activity;sid:83693142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.109.205.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830043/; classtype:trojan-activity;sid:83693143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.6.70.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830041/; classtype:trojan-activity;sid:83693141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.96.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830040/; classtype:trojan-activity;sid:83693140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.185.16.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830039/; classtype:trojan-activity;sid:83693139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.46.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830038/; classtype:trojan-activity;sid:83693138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.47.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830037/; classtype:trojan-activity;sid:83693137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830036/; classtype:trojan-activity;sid:83693136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.54.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830035/; classtype:trojan-activity;sid:83693135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.131.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830034/; classtype:trojan-activity;sid:83693134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.104.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830033/; classtype:trojan-activity;sid:83693133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.231.203.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830032/; classtype:trojan-activity;sid:83693132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.28.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830031/; classtype:trojan-activity;sid:83693131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.156.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830030/; classtype:trojan-activity;sid:83693130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.254.98.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830029/; classtype:trojan-activity;sid:83693129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.96.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830028/; classtype:trojan-activity;sid:83693128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.234.125.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830027/; classtype:trojan-activity;sid:83693127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.82.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830026/; classtype:trojan-activity;sid:83693126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830025/; classtype:trojan-activity;sid:83693125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830024/; classtype:trojan-activity;sid:83693124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.246.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830023/; classtype:trojan-activity;sid:83693123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830022/; classtype:trojan-activity;sid:83693122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.254.98.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830021/; classtype:trojan-activity;sid:83693121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.28.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830020/; classtype:trojan-activity;sid:83693120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.168.190.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830019/; classtype:trojan-activity;sid:83693119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.16.234.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830018/; classtype:trojan-activity;sid:83693118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.53.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830017/; classtype:trojan-activity;sid:83693117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.210.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830016/; classtype:trojan-activity;sid:83693116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.174.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830015/; classtype:trojan-activity;sid:83693115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830014/; classtype:trojan-activity;sid:83693114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.22.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830013/; classtype:trojan-activity;sid:83693113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.205.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830012/; classtype:trojan-activity;sid:83693112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.93.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830011/; classtype:trojan-activity;sid:83693111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.184.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830010/; classtype:trojan-activity;sid:83693110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.4.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830009/; classtype:trojan-activity;sid:83693109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.82.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830008/; classtype:trojan-activity;sid:83693108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.240.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830007/; classtype:trojan-activity;sid:83693107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830006/; classtype:trojan-activity;sid:83693106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830005/; classtype:trojan-activity;sid:83693105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.22.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830004/; classtype:trojan-activity;sid:83693104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"103.166.184.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830002/; classtype:trojan-activity;sid:83693102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"103.166.184.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830003/; classtype:trojan-activity;sid:83693103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.162.14.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830001/; classtype:trojan-activity;sid:83693101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.24.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830000/; classtype:trojan-activity;sid:83693100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.215.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829999/; classtype:trojan-activity;sid:83693099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829998/; classtype:trojan-activity;sid:83693098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.205.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829997/; classtype:trojan-activity;sid:83693097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829996/; classtype:trojan-activity;sid:83693096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.93.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829995/; classtype:trojan-activity;sid:83693095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669064882|3f|hash=jbszvjtabfdpa3nlcnl8ohpq6osdsuytzxolwdxtf9w|7c|26|7c|dl=wyg1ybmdltpymrfrj9e1wzjt5vzveleppvz2aiu3utp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829994/; classtype:trojan-activity;sid:83693094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tech/1.jpg"; depth:11; endswith; nocase; http.host; content:"ra-ftp.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829993/; classtype:trojan-activity;sid:83693093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.209.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829990/; classtype:trojan-activity;sid:83693090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829991/; classtype:trojan-activity;sid:83693091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.203.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829992/; classtype:trojan-activity;sid:83693092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.36.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829989/; classtype:trojan-activity;sid:83693089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.110.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829988/; classtype:trojan-activity;sid:83693088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spondulix.aaf"; depth:14; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829986/; classtype:trojan-activity;sid:83693086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alkoholtesterne.inf"; depth:20; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829987/; classtype:trojan-activity;sid:83693087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zojmiqalg175.bin"; depth:17; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829983/; classtype:trojan-activity;sid:83693083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dataindsamlingsmetode.aaf"; depth:26; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829984/; classtype:trojan-activity;sid:83693084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rcesemzzxcbmuxrajxwefbc103.bin"; depth:31; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829985/; classtype:trojan-activity;sid:83693085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829982/; classtype:trojan-activity;sid:83693082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quinquevirs.snp"; depth:16; endswith; nocase; http.host; content:"103.176.113.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829981/; classtype:trojan-activity;sid:83693081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tbxbwkgeplxkoa249.bin"; depth:22; endswith; nocase; http.host; content:"103.176.113.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829980/; classtype:trojan-activity;sid:83693080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829979/; classtype:trojan-activity;sid:83693079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.240.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829978/; classtype:trojan-activity;sid:83693078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hzcpkodrhc240.bin"; depth:18; endswith; nocase; http.host; content:"193.239.86.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829976/; classtype:trojan-activity;sid:83693076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xwjph99.bin"; depth:12; endswith; nocase; http.host; content:"193.239.86.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829977/; classtype:trojan-activity;sid:83693077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smhtrkojczympisfmulhi11.bin"; depth:28; endswith; nocase; http.host; content:"park-your-track.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829975/; classtype:trojan-activity;sid:83693075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fisjjflno136.bin"; depth:17; endswith; nocase; http.host; content:"park-your-track.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829973/; classtype:trojan-activity;sid:83693073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmfevnelsd168.bin"; depth:18; endswith; nocase; http.host; content:"park-your-track.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829974/; classtype:trojan-activity;sid:83693074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buightcqrjhlpgdsxlwhfq10.bin"; depth:29; endswith; nocase; http.host; content:"147.78.103.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829970/; classtype:trojan-activity;sid:83693070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxgbvlunubxakgmwntiasqqvpkm94.bin"; depth:34; endswith; nocase; http.host; content:"147.78.103.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829971/; classtype:trojan-activity;sid:83693071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/segregeringers.asd"; depth:19; endswith; nocase; http.host; content:"147.78.103.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829972/; classtype:trojan-activity;sid:83693072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lxazjjlvczlq55.bin"; depth:19; endswith; nocase; http.host; content:"209.90.234.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829969/; classtype:trojan-activity;sid:83693069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qplxncrktklyleb160.bin"; depth:23; endswith; nocase; http.host; content:"209.90.234.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829968/; classtype:trojan-activity;sid:83693068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tilsudlet.deploy"; depth:17; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829965/; classtype:trojan-activity;sid:83693065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aksgrsserne.inf"; depth:16; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829966/; classtype:trojan-activity;sid:83693066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yhhzznqaepdsuakafmhwn151.bin"; depth:29; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829967/; classtype:trojan-activity;sid:83693067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829964/; classtype:trojan-activity;sid:83693064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saltss127.rar"; depth:14; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829963/; classtype:trojan-activity;sid:83693063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/domkapitler.msi"; depth:16; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829958/; classtype:trojan-activity;sid:83693058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/punktet.hhp"; depth:12; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829959/; classtype:trojan-activity;sid:83693059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acariatre43.chm"; depth:16; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829960/; classtype:trojan-activity;sid:83693060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akaudbtg140.bin"; depth:16; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829961/; classtype:trojan-activity;sid:83693061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsxykhcjvipiukye4.bin"; depth:22; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829962/; classtype:trojan-activity;sid:83693062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.154.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829957/; classtype:trojan-activity;sid:83693057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.254.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829956/; classtype:trojan-activity;sid:83693056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.214.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829955/; classtype:trojan-activity;sid:83693055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yz/panel/uploads/zobhihjlsgy.wav"; depth:33; endswith; nocase; http.host; content:"aideca.org.pe"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829954/; classtype:trojan-activity;sid:83693054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vgolkc42.bin"; depth:13; endswith; nocase; http.host; content:"146.70.113.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829953/; classtype:trojan-activity;sid:83693053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akmbts190.bin"; depth:14; endswith; nocase; http.host; content:"172.93.222.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829951/; classtype:trojan-activity;sid:83693051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qcrndhtadifkzfqh172.bin"; depth:24; endswith; nocase; http.host; content:"172.93.222.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829952/; classtype:trojan-activity;sid:83693052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829950/; classtype:trojan-activity;sid:83693050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829949/; classtype:trojan-activity;sid:83693049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.96.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829948/; classtype:trojan-activity;sid:83693048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.203.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829947/; classtype:trojan-activity;sid:83693047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.67.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829945/; classtype:trojan-activity;sid:83693045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829946/; classtype:trojan-activity;sid:83693046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.230.243.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829944/; classtype:trojan-activity;sid:83693044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.176.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829942/; classtype:trojan-activity;sid:83693042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829943/; classtype:trojan-activity;sid:83693043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.215.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829941/; classtype:trojan-activity;sid:83693041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"47.231.98.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829940/; classtype:trojan-activity;sid:83693040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.41.78.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829939/; classtype:trojan-activity;sid:83693039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.242.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829938/; classtype:trojan-activity;sid:83693038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.208.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829937/; classtype:trojan-activity;sid:83693037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.242.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829936/; classtype:trojan-activity;sid:83693036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.147.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829935/; classtype:trojan-activity;sid:83693035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.222.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829934/; classtype:trojan-activity;sid:83693034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.254.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829933/; classtype:trojan-activity;sid:83693033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.195.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829932/; classtype:trojan-activity;sid:83693032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829931/; classtype:trojan-activity;sid:83693031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829930/; classtype:trojan-activity;sid:83693030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.178.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829928/; classtype:trojan-activity;sid:83693028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.147.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829929/; classtype:trojan-activity;sid:83693029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.213.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829927/; classtype:trojan-activity;sid:83693027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.78.149.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829926/; classtype:trojan-activity;sid:83693026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.162.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829925/; classtype:trojan-activity;sid:83693025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.59.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829924/; classtype:trojan-activity;sid:83693024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.111.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829923/; classtype:trojan-activity;sid:83693023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.124.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829922/; classtype:trojan-activity;sid:83693022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829921/; classtype:trojan-activity;sid:83693021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.255.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829920/; classtype:trojan-activity;sid:83693020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.242.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829918/; classtype:trojan-activity;sid:83693018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829917/; classtype:trojan-activity;sid:83693017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.64.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829916/; classtype:trojan-activity;sid:83693016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.111.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829915/; classtype:trojan-activity;sid:83693015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829914/; classtype:trojan-activity;sid:83693014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.57.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829913/; classtype:trojan-activity;sid:83693013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/902e53a07830e030.php"; depth:21; endswith; nocase; http.host; content:"185.172.128.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829912/; classtype:trojan-activity;sid:83693012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829911/; classtype:trojan-activity;sid:83693011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.180.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829910/; classtype:trojan-activity;sid:83693010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.48.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829909/; classtype:trojan-activity;sid:83693009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.222.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829908/; classtype:trojan-activity;sid:83693008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829907/; classtype:trojan-activity;sid:83693007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.247.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829906/; classtype:trojan-activity;sid:83693006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.87.160"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829903/; classtype:trojan-activity;sid:83693003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.239.38.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829904/; classtype:trojan-activity;sid:83693004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.46.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829902/; classtype:trojan-activity;sid:83693002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.44.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829901/; classtype:trojan-activity;sid:83693001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.111.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829900/; classtype:trojan-activity;sid:83693000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.255.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829899/; classtype:trojan-activity;sid:83692999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.59.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829898/; classtype:trojan-activity;sid:83692998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829897/; classtype:trojan-activity;sid:83692997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.188.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829896/; classtype:trojan-activity;sid:83692996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.124.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829895/; classtype:trojan-activity;sid:83692995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829894/; classtype:trojan-activity;sid:83692994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.214.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829893/; classtype:trojan-activity;sid:83692993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.141.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829892/; classtype:trojan-activity;sid:83692992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.57.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829891/; classtype:trojan-activity;sid:83692991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.152.208.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829890/; classtype:trojan-activity;sid:83692990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829889/; classtype:trojan-activity;sid:83692989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/tyrvn"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829887/; classtype:trojan-activity;sid:83692987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/vdra0"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829888/; classtype:trojan-activity;sid:83692988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/windows.txt"; depth:14; endswith; nocase; http.host; content:"s2r.tn"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829886/; classtype:trojan-activity;sid:83692986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.246.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829884/; classtype:trojan-activity;sid:83692984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/kotbb"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829885/; classtype:trojan-activity;sid:83692985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.217.229.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829883/; classtype:trojan-activity;sid:83692983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.63.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829882/; classtype:trojan-activity;sid:83692982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829881/; classtype:trojan-activity;sid:83692981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829880/; classtype:trojan-activity;sid:83692980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.5.22.149"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829879/; classtype:trojan-activity;sid:83692979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829877/; classtype:trojan-activity;sid:83692977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.82.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829878/; classtype:trojan-activity;sid:83692978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.78.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829876/; classtype:trojan-activity;sid:83692976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.223.106.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829875/; classtype:trojan-activity;sid:83692975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.57.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829874/; classtype:trojan-activity;sid:83692974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.0.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829873/; classtype:trojan-activity;sid:83692973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.69.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829872/; classtype:trojan-activity;sid:83692972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.246.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829871/; classtype:trojan-activity;sid:83692971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.159.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829870/; classtype:trojan-activity;sid:83692970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.161.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829869/; classtype:trojan-activity;sid:83692969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829868/; classtype:trojan-activity;sid:83692968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quasarlantest.exe"; depth:18; endswith; nocase; http.host; content:"fluggis.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829866/; classtype:trojan-activity;sid:83692966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.30.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829867/; classtype:trojan-activity;sid:83692967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lssatcp64.exe"; depth:14; endswith; nocase; http.host; content:"fluggis.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829864/; classtype:trojan-activity;sid:83692964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.12.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829865/; classtype:trojan-activity;sid:83692965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829863/; classtype:trojan-activity;sid:83692963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.82.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829861/; classtype:trojan-activity;sid:83692961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.248.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829862/; classtype:trojan-activity;sid:83692962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.8.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829860/; classtype:trojan-activity;sid:83692960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.86.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829859/; classtype:trojan-activity;sid:83692959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829858/; classtype:trojan-activity;sid:83692958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829857/; classtype:trojan-activity;sid:83692957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829856/; classtype:trojan-activity;sid:83692956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.191.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829855/; classtype:trojan-activity;sid:83692955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"139.60.162.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829850/; classtype:trojan-activity;sid:83692950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"139.60.162.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829851/; classtype:trojan-activity;sid:83692951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"139.60.162.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829852/; classtype:trojan-activity;sid:83692952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"139.60.162.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829853/; classtype:trojan-activity;sid:83692953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/nss3.dll"; depth:26; endswith; nocase; http.host; content:"139.60.162.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829849/; classtype:trojan-activity;sid:83692949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"139.60.162.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829847/; classtype:trojan-activity;sid:83692947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"139.60.162.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829848/; classtype:trojan-activity;sid:83692948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829845/; classtype:trojan-activity;sid:83692945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.172.128.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829846/; classtype:trojan-activity;sid:83692946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829844/; classtype:trojan-activity;sid:83692944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829843/; classtype:trojan-activity;sid:83692943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.172.128.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829842/; classtype:trojan-activity;sid:83692942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.70.186.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829839/; classtype:trojan-activity;sid:83692939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829838/; classtype:trojan-activity;sid:83692938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829835/; classtype:trojan-activity;sid:83692935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829836/; classtype:trojan-activity;sid:83692936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.172.128.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829837/; classtype:trojan-activity;sid:83692937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cb78a92c463a69f/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829834/; classtype:trojan-activity;sid:83692934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829825/; classtype:trojan-activity;sid:83692925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829826/; classtype:trojan-activity;sid:83692926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.172.128.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829827/; classtype:trojan-activity;sid:83692927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.70.186.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829828/; classtype:trojan-activity;sid:83692928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.70.186.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829829/; classtype:trojan-activity;sid:83692929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.70.186.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829830/; classtype:trojan-activity;sid:83692930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.70.186.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829831/; classtype:trojan-activity;sid:83692931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.70.186.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829832/; classtype:trojan-activity;sid:83692932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829833/; classtype:trojan-activity;sid:83692933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc79ef49e382fdb7/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.70.186.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829824/; classtype:trojan-activity;sid:83692924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69cd1a5596d101dd/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.161.248.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829823/; classtype:trojan-activity;sid:83692923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69cd1a5596d101dd/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.161.248.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829820/; classtype:trojan-activity;sid:83692920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69cd1a5596d101dd/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.161.248.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829821/; classtype:trojan-activity;sid:83692921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69cd1a5596d101dd/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.161.248.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829817/; classtype:trojan-activity;sid:83692917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69cd1a5596d101dd/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.161.248.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829818/; classtype:trojan-activity;sid:83692918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69cd1a5596d101dd/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.161.248.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829819/; classtype:trojan-activity;sid:83692919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69cd1a5596d101dd/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.161.248.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829816/; classtype:trojan-activity;sid:83692916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/7os5cx2x4rp70nm/upl0ader.7z/file"; depth:38; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829815/; classtype:trojan-activity;sid:83692915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1226148623633616937/1226152095611355169/removerai.exe|3f|ex=6623ba20|7c|26|7c|is=66114520|7c|26|7c|hm=9801c4f179d29bf85b768ad75acfdbd89cdf3c621bca75ee1e8f81065a4caae4|7c|26|7c|"; depth:189; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829813/; classtype:trojan-activity;sid:83692913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m3mastika/three/main/qqyt33.sh"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829814/; classtype:trojan-activity;sid:83692914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.242.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829812/; classtype:trojan-activity;sid:83692912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.234.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829810/; classtype:trojan-activity;sid:83692910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.117.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829811/; classtype:trojan-activity;sid:83692911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.65.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829808/; classtype:trojan-activity;sid:83692908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.215.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829809/; classtype:trojan-activity;sid:83692909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.206.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829807/; classtype:trojan-activity;sid:83692907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.229.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829806/; classtype:trojan-activity;sid:83692906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.121.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829805/; classtype:trojan-activity;sid:83692905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.191.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829804/; classtype:trojan-activity;sid:83692904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.61.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829803/; classtype:trojan-activity;sid:83692903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.21.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829802/; classtype:trojan-activity;sid:83692902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.164.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829801/; classtype:trojan-activity;sid:83692901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829800/; classtype:trojan-activity;sid:83692900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.242.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829799/; classtype:trojan-activity;sid:83692899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829798/; classtype:trojan-activity;sid:83692898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829797/; classtype:trojan-activity;sid:83692897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829796/; classtype:trojan-activity;sid:83692896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829795/; classtype:trojan-activity;sid:83692895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.205.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829794/; classtype:trojan-activity;sid:83692894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.206.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829793/; classtype:trojan-activity;sid:83692893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.95.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829792/; classtype:trojan-activity;sid:83692892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.63.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829791/; classtype:trojan-activity;sid:83692891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.206.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829790/; classtype:trojan-activity;sid:83692890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.240.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829789/; classtype:trojan-activity;sid:83692889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.196.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829788/; classtype:trojan-activity;sid:83692888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829787/; classtype:trojan-activity;sid:83692887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.164.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829786/; classtype:trojan-activity;sid:83692886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.250.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829785/; classtype:trojan-activity;sid:83692885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.239.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829784/; classtype:trojan-activity;sid:83692884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.106.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829783/; classtype:trojan-activity;sid:83692883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.5.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829782/; classtype:trojan-activity;sid:83692882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829781/; classtype:trojan-activity;sid:83692881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.47.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829780/; classtype:trojan-activity;sid:83692880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829779/; classtype:trojan-activity;sid:83692879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.38.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829778/; classtype:trojan-activity;sid:83692878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829776/; classtype:trojan-activity;sid:83692876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.184.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829777/; classtype:trojan-activity;sid:83692877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.46.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829774/; classtype:trojan-activity;sid:83692874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.118.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829775/; classtype:trojan-activity;sid:83692875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.21.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829773/; classtype:trojan-activity;sid:83692873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829772/; classtype:trojan-activity;sid:83692872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.111.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829771/; classtype:trojan-activity;sid:83692871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.205.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829770/; classtype:trojan-activity;sid:83692870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.206.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829769/; classtype:trojan-activity;sid:83692869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.230.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829768/; classtype:trojan-activity;sid:83692868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.212.142.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829767/; classtype:trojan-activity;sid:83692867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.196.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829765/; classtype:trojan-activity;sid:83692865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.21.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829766/; classtype:trojan-activity;sid:83692866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.131.60.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829764/; classtype:trojan-activity;sid:83692864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.118.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829763/; classtype:trojan-activity;sid:83692863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829762/; classtype:trojan-activity;sid:83692862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.147.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829761/; classtype:trojan-activity;sid:83692861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.130.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829760/; classtype:trojan-activity;sid:83692860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829759/; classtype:trojan-activity;sid:83692859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.186.23.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829758/; classtype:trojan-activity;sid:83692858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829757/; classtype:trojan-activity;sid:83692857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.147.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829756/; classtype:trojan-activity;sid:83692856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.108.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829755/; classtype:trojan-activity;sid:83692855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.234.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829754/; classtype:trojan-activity;sid:83692854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829753/; classtype:trojan-activity;sid:83692853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829752/; classtype:trojan-activity;sid:83692852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829751/; classtype:trojan-activity;sid:83692851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.230.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829750/; classtype:trojan-activity;sid:83692850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.137.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829749/; classtype:trojan-activity;sid:83692849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829748/; classtype:trojan-activity;sid:83692848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.180.221.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829746/; classtype:trojan-activity;sid:83692846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.53.42.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829747/; classtype:trojan-activity;sid:83692847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.12.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829745/; classtype:trojan-activity;sid:83692845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.116.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829743/; classtype:trojan-activity;sid:83692843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829744/; classtype:trojan-activity;sid:83692844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.246.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829741/; classtype:trojan-activity;sid:83692841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.131.60.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829742/; classtype:trojan-activity;sid:83692842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.232.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829740/; classtype:trojan-activity;sid:83692840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829739/; classtype:trojan-activity;sid:83692839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829738/; classtype:trojan-activity;sid:83692838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.223.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829737/; classtype:trojan-activity;sid:83692837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.147.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829736/; classtype:trojan-activity;sid:83692836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.127.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829735/; classtype:trojan-activity;sid:83692835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829734/; classtype:trojan-activity;sid:83692834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1232897598218571787/1233983637008158781/done.exe|3f|ex=662f1451|7c|26|7c|is=662dc2d1|7c|26|7c|hm=eb40de796aa6a6329ad5b4c70e875a50398a9c34fb15f37dd7804e3ba6bd13f4|7c|26|7c|"; depth:184; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829733/; classtype:trojan-activity;sid:83692833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.12.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829732/; classtype:trojan-activity;sid:83692832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.108.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829731/; classtype:trojan-activity;sid:83692831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.177.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829730/; classtype:trojan-activity;sid:83692830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829729/; classtype:trojan-activity;sid:83692829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.24.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829728/; classtype:trojan-activity;sid:83692828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.74.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829727/; classtype:trojan-activity;sid:83692827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.246.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829726/; classtype:trojan-activity;sid:83692826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.110.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829725/; classtype:trojan-activity;sid:83692825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.254.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829724/; classtype:trojan-activity;sid:83692824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.250.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829723/; classtype:trojan-activity;sid:83692823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.70.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829722/; classtype:trojan-activity;sid:83692822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.223.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829721/; classtype:trojan-activity;sid:83692821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.13.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829720/; classtype:trojan-activity;sid:83692820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.234.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829719/; classtype:trojan-activity;sid:83692819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829718/; classtype:trojan-activity;sid:83692818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829717/; classtype:trojan-activity;sid:83692817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829716/; classtype:trojan-activity;sid:83692816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.177.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829715/; classtype:trojan-activity;sid:83692815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.233.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829714/; classtype:trojan-activity;sid:83692814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.255.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829713/; classtype:trojan-activity;sid:83692813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829712/; classtype:trojan-activity;sid:83692812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.108.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829711/; classtype:trojan-activity;sid:83692811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.177.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829710/; classtype:trojan-activity;sid:83692810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.29.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829709/; classtype:trojan-activity;sid:83692809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.27.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829708/; classtype:trojan-activity;sid:83692808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.28.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829707/; classtype:trojan-activity;sid:83692807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.128.17.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829706/; classtype:trojan-activity;sid:83692806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.251.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829705/; classtype:trojan-activity;sid:83692805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829704/; classtype:trojan-activity;sid:83692804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.118.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829703/; classtype:trojan-activity;sid:83692803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.237.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829702/; classtype:trojan-activity;sid:83692802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.173.8.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829701/; classtype:trojan-activity;sid:83692801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.58.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829700/; classtype:trojan-activity;sid:83692800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.25.76.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829699/; classtype:trojan-activity;sid:83692799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829698/; classtype:trojan-activity;sid:83692798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829697/; classtype:trojan-activity;sid:83692797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.118.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829695/; classtype:trojan-activity;sid:83692795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.221.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829696/; classtype:trojan-activity;sid:83692796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829694/; classtype:trojan-activity;sid:83692794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.69.158.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829693/; classtype:trojan-activity;sid:83692793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829692/; classtype:trojan-activity;sid:83692792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.177.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829691/; classtype:trojan-activity;sid:83692791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.171.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829690/; classtype:trojan-activity;sid:83692790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.27.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829689/; classtype:trojan-activity;sid:83692789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.54.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829688/; classtype:trojan-activity;sid:83692788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829687/; classtype:trojan-activity;sid:83692787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.7.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829686/; classtype:trojan-activity;sid:83692786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"94.156.79.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829685/; classtype:trojan-activity;sid:83692785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.92.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829684/; classtype:trojan-activity;sid:83692784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.30.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829681/; classtype:trojan-activity;sid:83692781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.41.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829682/; classtype:trojan-activity;sid:83692782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.177.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829683/; classtype:trojan-activity;sid:83692783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829680/; classtype:trojan-activity;sid:83692780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.103.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829678/; classtype:trojan-activity;sid:83692778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.54.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829679/; classtype:trojan-activity;sid:83692779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.232.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829677/; classtype:trojan-activity;sid:83692777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829676/; classtype:trojan-activity;sid:83692776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.47.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829675/; classtype:trojan-activity;sid:83692775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829674/; classtype:trojan-activity;sid:83692774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829673/; classtype:trojan-activity;sid:83692773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.92.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829672/; classtype:trojan-activity;sid:83692772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.125.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829671/; classtype:trojan-activity;sid:83692771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829670/; classtype:trojan-activity;sid:83692770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829669/; classtype:trojan-activity;sid:83692769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.183.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829668/; classtype:trojan-activity;sid:83692768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.181.252.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829667/; classtype:trojan-activity;sid:83692767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.202.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829665/; classtype:trojan-activity;sid:83692765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829666/; classtype:trojan-activity;sid:83692766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.231.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829664/; classtype:trojan-activity;sid:83692764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.7.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829663/; classtype:trojan-activity;sid:83692763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.61.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829662/; classtype:trojan-activity;sid:83692762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.156.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829661/; classtype:trojan-activity;sid:83692761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.73.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829660/; classtype:trojan-activity;sid:83692760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.237.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829659/; classtype:trojan-activity;sid:83692759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829658/; classtype:trojan-activity;sid:83692758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.171.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829657/; classtype:trojan-activity;sid:83692757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829656/; classtype:trojan-activity;sid:83692756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.232.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829655/; classtype:trojan-activity;sid:83692755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829654/; classtype:trojan-activity;sid:83692754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829653/; classtype:trojan-activity;sid:83692753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829652/; classtype:trojan-activity;sid:83692752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.30.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829651/; classtype:trojan-activity;sid:83692751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.44.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829650/; classtype:trojan-activity;sid:83692750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.24.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829649/; classtype:trojan-activity;sid:83692749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.226.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829648/; classtype:trojan-activity;sid:83692748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.16.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829647/; classtype:trojan-activity;sid:83692747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.27.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829646/; classtype:trojan-activity;sid:83692746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.8.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829645/; classtype:trojan-activity;sid:83692745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.132.88.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829644/; classtype:trojan-activity;sid:83692744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.248.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829643/; classtype:trojan-activity;sid:83692743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829642/; classtype:trojan-activity;sid:83692742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.163.228.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829641/; classtype:trojan-activity;sid:83692741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829640/; classtype:trojan-activity;sid:83692740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.125.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829639/; classtype:trojan-activity;sid:83692739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.166.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829638/; classtype:trojan-activity;sid:83692738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.231.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829637/; classtype:trojan-activity;sid:83692737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.48.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829636/; classtype:trojan-activity;sid:83692736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829635/; classtype:trojan-activity;sid:83692735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.205.253.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829634/; classtype:trojan-activity;sid:83692734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.8.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829632/; classtype:trojan-activity;sid:83692732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.23.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829633/; classtype:trojan-activity;sid:83692733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.171.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829631/; classtype:trojan-activity;sid:83692731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829630/; classtype:trojan-activity;sid:83692730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.44.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829629/; classtype:trojan-activity;sid:83692729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.24.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829628/; classtype:trojan-activity;sid:83692728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.6.70.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829627/; classtype:trojan-activity;sid:83692727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.0.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829626/; classtype:trojan-activity;sid:83692726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829625/; classtype:trojan-activity;sid:83692725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.171.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829624/; classtype:trojan-activity;sid:83692724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.175.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829623/; classtype:trojan-activity;sid:83692723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.63.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829622/; classtype:trojan-activity;sid:83692722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.11.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829621/; classtype:trojan-activity;sid:83692721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.44.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829619/; classtype:trojan-activity;sid:83692719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.166.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829620/; classtype:trojan-activity;sid:83692720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829618/; classtype:trojan-activity;sid:83692718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.252.44.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829617/; classtype:trojan-activity;sid:83692717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.48.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829615/; classtype:trojan-activity;sid:83692715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.147.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829616/; classtype:trojan-activity;sid:83692716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.35.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829614/; classtype:trojan-activity;sid:83692714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.11.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829613/; classtype:trojan-activity;sid:83692713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.206.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829612/; classtype:trojan-activity;sid:83692712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829611/; classtype:trojan-activity;sid:83692711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.177.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829609/; classtype:trojan-activity;sid:83692709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.250"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829610/; classtype:trojan-activity;sid:83692710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.210.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829608/; classtype:trojan-activity;sid:83692708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.101.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829607/; classtype:trojan-activity;sid:83692707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.71.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829606/; classtype:trojan-activity;sid:83692706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.242.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829605/; classtype:trojan-activity;sid:83692705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.140.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829604/; classtype:trojan-activity;sid:83692704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.35.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829603/; classtype:trojan-activity;sid:83692703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.148.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829602/; classtype:trojan-activity;sid:83692702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.60.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829601/; classtype:trojan-activity;sid:83692701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.215.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829600/; classtype:trojan-activity;sid:83692700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829599/; classtype:trojan-activity;sid:83692699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.229.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829598/; classtype:trojan-activity;sid:83692698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.5.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829597/; classtype:trojan-activity;sid:83692697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.197.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829596/; classtype:trojan-activity;sid:83692696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.11.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829595/; classtype:trojan-activity;sid:83692695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.98.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829594/; classtype:trojan-activity;sid:83692694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829593/; classtype:trojan-activity;sid:83692693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.252.233.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829592/; classtype:trojan-activity;sid:83692692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.238.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829591/; classtype:trojan-activity;sid:83692691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.250"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829590/; classtype:trojan-activity;sid:83692690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.210.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829589/; classtype:trojan-activity;sid:83692689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.194.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829588/; classtype:trojan-activity;sid:83692688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.71.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829586/; classtype:trojan-activity;sid:83692686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.31.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829587/; classtype:trojan-activity;sid:83692687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829585/; classtype:trojan-activity;sid:83692685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.15.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829584/; classtype:trojan-activity;sid:83692684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.242.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829583/; classtype:trojan-activity;sid:83692683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.8.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829581/; classtype:trojan-activity;sid:83692681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.101.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829582/; classtype:trojan-activity;sid:83692682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.229.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829580/; classtype:trojan-activity;sid:83692680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.212.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829579/; classtype:trojan-activity;sid:83692679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.140.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829578/; classtype:trojan-activity;sid:83692678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.60.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829577/; classtype:trojan-activity;sid:83692677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.238.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829575/; classtype:trojan-activity;sid:83692675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.209.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829576/; classtype:trojan-activity;sid:83692676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.252.233.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829574/; classtype:trojan-activity;sid:83692674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829573/; classtype:trojan-activity;sid:83692673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.36.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829572/; classtype:trojan-activity;sid:83692672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829571/; classtype:trojan-activity;sid:83692671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.35.120.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829570/; classtype:trojan-activity;sid:83692670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.215.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829569/; classtype:trojan-activity;sid:83692669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.179.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829568/; classtype:trojan-activity;sid:83692668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.119.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829566/; classtype:trojan-activity;sid:83692666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.179.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829567/; classtype:trojan-activity;sid:83692667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.2.179"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829565/; classtype:trojan-activity;sid:83692665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.212.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829564/; classtype:trojan-activity;sid:83692664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829563/; classtype:trojan-activity;sid:83692663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.209.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829562/; classtype:trojan-activity;sid:83692662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.169.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829561/; classtype:trojan-activity;sid:83692661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.108.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829560/; classtype:trojan-activity;sid:83692660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.86.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829559/; classtype:trojan-activity;sid:83692659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829558/; classtype:trojan-activity;sid:83692658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.134.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829557/; classtype:trojan-activity;sid:83692657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.150.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829556/; classtype:trojan-activity;sid:83692656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.254.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829555/; classtype:trojan-activity;sid:83692655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.19.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829554/; classtype:trojan-activity;sid:83692654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.37.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829553/; classtype:trojan-activity;sid:83692653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.9.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829552/; classtype:trojan-activity;sid:83692652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829551/; classtype:trojan-activity;sid:83692651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.115.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829550/; classtype:trojan-activity;sid:83692650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.10.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829549/; classtype:trojan-activity;sid:83692649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.193.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829548/; classtype:trojan-activity;sid:83692648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.7.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829547/; classtype:trojan-activity;sid:83692647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.195.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829545/; classtype:trojan-activity;sid:83692645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.241.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829546/; classtype:trojan-activity;sid:83692646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829544/; classtype:trojan-activity;sid:83692644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.14.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829543/; classtype:trojan-activity;sid:83692643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.21.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829542/; classtype:trojan-activity;sid:83692642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.43.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829541/; classtype:trojan-activity;sid:83692641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.4.102.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829540/; classtype:trojan-activity;sid:83692640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.169.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829539/; classtype:trojan-activity;sid:83692639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.2.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829538/; classtype:trojan-activity;sid:83692638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.79.188.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829537/; classtype:trojan-activity;sid:83692637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.14.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829536/; classtype:trojan-activity;sid:83692636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.137.196.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829535/; classtype:trojan-activity;sid:83692635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.19.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829534/; classtype:trojan-activity;sid:83692634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.254.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829533/; classtype:trojan-activity;sid:83692633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829532/; classtype:trojan-activity;sid:83692632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.142.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829531/; classtype:trojan-activity;sid:83692631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.204.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829530/; classtype:trojan-activity;sid:83692630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.76.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829529/; classtype:trojan-activity;sid:83692629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.251.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829528/; classtype:trojan-activity;sid:83692628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829527/; classtype:trojan-activity;sid:83692627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.37.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829526/; classtype:trojan-activity;sid:83692626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.55.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829525/; classtype:trojan-activity;sid:83692625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.10.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829524/; classtype:trojan-activity;sid:83692624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.164.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829523/; classtype:trojan-activity;sid:83692623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.227.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829522/; classtype:trojan-activity;sid:83692622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829521/; classtype:trojan-activity;sid:83692621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.253.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829520/; classtype:trojan-activity;sid:83692620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829519/; classtype:trojan-activity;sid:83692619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.228.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829518/; classtype:trojan-activity;sid:83692618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.195.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829517/; classtype:trojan-activity;sid:83692617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829516/; classtype:trojan-activity;sid:83692616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.4.102.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829515/; classtype:trojan-activity;sid:83692615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829514/; classtype:trojan-activity;sid:83692614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.15.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829513/; classtype:trojan-activity;sid:83692613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829512/; classtype:trojan-activity;sid:83692612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829511/; classtype:trojan-activity;sid:83692611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.164.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829510/; classtype:trojan-activity;sid:83692610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.31.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829508/; classtype:trojan-activity;sid:83692608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.227.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829509/; classtype:trojan-activity;sid:83692609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.14.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829507/; classtype:trojan-activity;sid:83692607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829506/; classtype:trojan-activity;sid:83692606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.181.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829505/; classtype:trojan-activity;sid:83692605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829503/; classtype:trojan-activity;sid:83692603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829504/; classtype:trojan-activity;sid:83692604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829502/; classtype:trojan-activity;sid:83692602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.184.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829501/; classtype:trojan-activity;sid:83692601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.188.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829500/; classtype:trojan-activity;sid:83692600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.241.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829499/; classtype:trojan-activity;sid:83692599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.76.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829498/; classtype:trojan-activity;sid:83692598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829497/; classtype:trojan-activity;sid:83692597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.202.197.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829496/; classtype:trojan-activity;sid:83692596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.68.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829495/; classtype:trojan-activity;sid:83692595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.227.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829494/; classtype:trojan-activity;sid:83692594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829493/; classtype:trojan-activity;sid:83692593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.14.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829492/; classtype:trojan-activity;sid:83692592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.31.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829491/; classtype:trojan-activity;sid:83692591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829490/; classtype:trojan-activity;sid:83692590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829489/; classtype:trojan-activity;sid:83692589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.36.153.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829488/; classtype:trojan-activity;sid:83692588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829487/; classtype:trojan-activity;sid:83692587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.2.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829485/; classtype:trojan-activity;sid:83692585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.227.4.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829486/; classtype:trojan-activity;sid:83692586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.180.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829484/; classtype:trojan-activity;sid:83692584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.59.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829481/; classtype:trojan-activity;sid:83692581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.149.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829482/; classtype:trojan-activity;sid:83692582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829483/; classtype:trojan-activity;sid:83692583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.184.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829480/; classtype:trojan-activity;sid:83692580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/logo5.jpg"; depth:14; endswith; nocase; http.host; content:"public-ftp.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829479/; classtype:trojan-activity;sid:83692579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829478/; classtype:trojan-activity;sid:83692578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.76.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829477/; classtype:trojan-activity;sid:83692577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.131.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829476/; classtype:trojan-activity;sid:83692576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.109.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829475/; classtype:trojan-activity;sid:83692575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.42.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829474/; classtype:trojan-activity;sid:83692574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.82.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829473/; classtype:trojan-activity;sid:83692573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.68.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829472/; classtype:trojan-activity;sid:83692572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829471/; classtype:trojan-activity;sid:83692571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.51.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829470/; classtype:trojan-activity;sid:83692570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829469/; classtype:trojan-activity;sid:83692569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829468/; classtype:trojan-activity;sid:83692568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.182.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829467/; classtype:trojan-activity;sid:83692567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.109.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829466/; classtype:trojan-activity;sid:83692566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.72.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829464/; classtype:trojan-activity;sid:83692564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.42.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829465/; classtype:trojan-activity;sid:83692565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829463/; classtype:trojan-activity;sid:83692563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.206.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829462/; classtype:trojan-activity;sid:83692562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.124.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829461/; classtype:trojan-activity;sid:83692561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.131.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829460/; classtype:trojan-activity;sid:83692560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.45.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829459/; classtype:trojan-activity;sid:83692559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.61.145.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829458/; classtype:trojan-activity;sid:83692558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.214.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829457/; classtype:trojan-activity;sid:83692557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.28.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829456/; classtype:trojan-activity;sid:83692556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.79.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829455/; classtype:trojan-activity;sid:83692555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829454/; classtype:trojan-activity;sid:83692554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.82.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829453/; classtype:trojan-activity;sid:83692553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669052388|3f|hash=tu9xlwxqbus58iil6nxudxm1brxqvducd33thgb9dqs|7c|26|7c|dl=3fzxs5vzwi3har2zc88ti1yu6gujnhw14zcqe6avgwh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829452/; classtype:trojan-activity;sid:83692552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.69.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829451/; classtype:trojan-activity;sid:83692551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.63.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829450/; classtype:trojan-activity;sid:83692550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.19.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829448/; classtype:trojan-activity;sid:83692548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.90.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829449/; classtype:trojan-activity;sid:83692549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.152.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829446/; classtype:trojan-activity;sid:83692546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.44.252"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829447/; classtype:trojan-activity;sid:83692547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829445/; classtype:trojan-activity;sid:83692545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.185.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829443/; classtype:trojan-activity;sid:83692543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.182.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829444/; classtype:trojan-activity;sid:83692544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829442/; classtype:trojan-activity;sid:83692542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.243.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829441/; classtype:trojan-activity;sid:83692541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.14.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829440/; classtype:trojan-activity;sid:83692540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829439/; classtype:trojan-activity;sid:83692539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829438/; classtype:trojan-activity;sid:83692538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.166.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829437/; classtype:trojan-activity;sid:83692537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.206.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829436/; classtype:trojan-activity;sid:83692536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829435/; classtype:trojan-activity;sid:83692535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.161.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829433/; classtype:trojan-activity;sid:83692533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829434/; classtype:trojan-activity;sid:83692534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbxga.exe"; depth:10; endswith; nocase; http.host; content:"filekg-download-01.fra1.cdn.digitaloceanspaces.com"; depth:50; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829431/; classtype:trojan-activity;sid:83692531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.11.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829432/; classtype:trojan-activity;sid:83692532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829430/; classtype:trojan-activity;sid:83692530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829429/; classtype:trojan-activity;sid:83692529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829428/; classtype:trojan-activity;sid:83692528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.211.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829427/; classtype:trojan-activity;sid:83692527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.65.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829426/; classtype:trojan-activity;sid:83692526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829425/; classtype:trojan-activity;sid:83692525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.221.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829424/; classtype:trojan-activity;sid:83692524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.244.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829423/; classtype:trojan-activity;sid:83692523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.0.38.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829422/; classtype:trojan-activity;sid:83692522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829421/; classtype:trojan-activity;sid:83692521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.159.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829420/; classtype:trojan-activity;sid:83692520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.243.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829419/; classtype:trojan-activity;sid:83692519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.0.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829418/; classtype:trojan-activity;sid:83692518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.254.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829417/; classtype:trojan-activity;sid:83692517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.71.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829416/; classtype:trojan-activity;sid:83692516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.161.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829415/; classtype:trojan-activity;sid:83692515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.204.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829414/; classtype:trojan-activity;sid:83692514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829413/; classtype:trojan-activity;sid:83692513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.39.194.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829411/; classtype:trojan-activity;sid:83692511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829412/; classtype:trojan-activity;sid:83692512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.30.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829410/; classtype:trojan-activity;sid:83692510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.47.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829409/; classtype:trojan-activity;sid:83692509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.0.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829408/; classtype:trojan-activity;sid:83692508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.59.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829406/; classtype:trojan-activity;sid:83692506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.78.149.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829407/; classtype:trojan-activity;sid:83692507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829405/; classtype:trojan-activity;sid:83692505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829404/; classtype:trojan-activity;sid:83692504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829402/; classtype:trojan-activity;sid:83692502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.134.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829403/; classtype:trojan-activity;sid:83692503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.155.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829399/; classtype:trojan-activity;sid:83692499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829400/; classtype:trojan-activity;sid:83692500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.158.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829401/; classtype:trojan-activity;sid:83692501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.159.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829398/; classtype:trojan-activity;sid:83692498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.186.112.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829397/; classtype:trojan-activity;sid:83692497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.177.105.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829396/; classtype:trojan-activity;sid:83692496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829395/; classtype:trojan-activity;sid:83692495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.71.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829394/; classtype:trojan-activity;sid:83692494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.176.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829393/; classtype:trojan-activity;sid:83692493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829392/; classtype:trojan-activity;sid:83692492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.137.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829391/; classtype:trojan-activity;sid:83692491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.112.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829390/; classtype:trojan-activity;sid:83692490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.199.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829389/; classtype:trojan-activity;sid:83692489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.88.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829388/; classtype:trojan-activity;sid:83692488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669052417|3f|hash=qifudy3lm6knjqkvvac8bk5fuqobzrcsgunc4j7thbe|7c|26|7c|dl=igvyu6ezdyfd1ameqbpl2sz2zzzgytmxgp8sgwgnark|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829387/; classtype:trojan-activity;sid:83692487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.180.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829386/; classtype:trojan-activity;sid:83692486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.36.135"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829384/; classtype:trojan-activity;sid:83692484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829385/; classtype:trojan-activity;sid:83692485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668993823|3f|hash=iriogyb2d7166araqx427emazdma6jlowih4cnocags|7c|26|7c|dl=rbni7zizjuu1gyjgfv7ulhatawjcpdpd40eg7lkjxzt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829383/; classtype:trojan-activity;sid:83692483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.172.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829381/; classtype:trojan-activity;sid:83692481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.156.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829382/; classtype:trojan-activity;sid:83692482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/oofd0zebot"; depth:15; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829380/; classtype:trojan-activity;sid:83692480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.112.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829379/; classtype:trojan-activity;sid:83692479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.19.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829378/; classtype:trojan-activity;sid:83692478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829377/; classtype:trojan-activity;sid:83692477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.137.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829376/; classtype:trojan-activity;sid:83692476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.180.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829374/; classtype:trojan-activity;sid:83692474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.14.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829375/; classtype:trojan-activity;sid:83692475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.15.119"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829373/; classtype:trojan-activity;sid:83692473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.32.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829372/; classtype:trojan-activity;sid:83692472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.154.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829371/; classtype:trojan-activity;sid:83692471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.251.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829370/; classtype:trojan-activity;sid:83692470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.90.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829369/; classtype:trojan-activity;sid:83692469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829368/; classtype:trojan-activity;sid:83692468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.251.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829367/; classtype:trojan-activity;sid:83692467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.215.167.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829366/; classtype:trojan-activity;sid:83692466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829365/; classtype:trojan-activity;sid:83692465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.244.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829364/; classtype:trojan-activity;sid:83692464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.172.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829363/; classtype:trojan-activity;sid:83692463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829362/; classtype:trojan-activity;sid:83692462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.230.80.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829361/; classtype:trojan-activity;sid:83692461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.32.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829360/; classtype:trojan-activity;sid:83692460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.214.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829359/; classtype:trojan-activity;sid:83692459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.36.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829358/; classtype:trojan-activity;sid:83692458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.161.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829357/; classtype:trojan-activity;sid:83692457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829356/; classtype:trojan-activity;sid:83692456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.150.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829355/; classtype:trojan-activity;sid:83692455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.251.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829354/; classtype:trojan-activity;sid:83692454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.202.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829353/; classtype:trojan-activity;sid:83692453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.102.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829352/; classtype:trojan-activity;sid:83692452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.154.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829351/; classtype:trojan-activity;sid:83692451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.90.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829350/; classtype:trojan-activity;sid:83692450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.147.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829349/; classtype:trojan-activity;sid:83692449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.230.243.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829348/; classtype:trojan-activity;sid:83692448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.105.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829347/; classtype:trojan-activity;sid:83692447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.95.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829346/; classtype:trojan-activity;sid:83692446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.161.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829345/; classtype:trojan-activity;sid:83692445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.97.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829344/; classtype:trojan-activity;sid:83692444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.220.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829343/; classtype:trojan-activity;sid:83692443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.99.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829342/; classtype:trojan-activity;sid:83692442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829341/; classtype:trojan-activity;sid:83692441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829340/; classtype:trojan-activity;sid:83692440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.221.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829339/; classtype:trojan-activity;sid:83692439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.83.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829338/; classtype:trojan-activity;sid:83692438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.75.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829337/; classtype:trojan-activity;sid:83692437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.75.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829336/; classtype:trojan-activity;sid:83692436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829335/; classtype:trojan-activity;sid:83692435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.126.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829334/; classtype:trojan-activity;sid:83692434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.221.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829333/; classtype:trojan-activity;sid:83692433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.230.243.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829332/; classtype:trojan-activity;sid:83692432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.1.17"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829331/; classtype:trojan-activity;sid:83692431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829330/; classtype:trojan-activity;sid:83692430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.197.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829329/; classtype:trojan-activity;sid:83692429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829328/; classtype:trojan-activity;sid:83692428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.32.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829326/; classtype:trojan-activity;sid:83692426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.97.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829327/; classtype:trojan-activity;sid:83692427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"160.179.142.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829324/; classtype:trojan-activity;sid:83692424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.88.125.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829325/; classtype:trojan-activity;sid:83692425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.181.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829322/; classtype:trojan-activity;sid:83692422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.65.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829323/; classtype:trojan-activity;sid:83692423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.83.247.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829321/; classtype:trojan-activity;sid:83692421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.248.129.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829320/; classtype:trojan-activity;sid:83692420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.174.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829319/; classtype:trojan-activity;sid:83692419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.255.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829318/; classtype:trojan-activity;sid:83692418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.179.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829317/; classtype:trojan-activity;sid:83692417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.48.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829316/; classtype:trojan-activity;sid:83692416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.32.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829315/; classtype:trojan-activity;sid:83692415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.147.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829314/; classtype:trojan-activity;sid:83692414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829313/; classtype:trojan-activity;sid:83692413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.1.17"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829312/; classtype:trojan-activity;sid:83692412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm6"; depth:10; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829311/; classtype:trojan-activity;sid:83692411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mips"; depth:10; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829306/; classtype:trojan-activity;sid:83692406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86"; depth:9; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829307/; classtype:trojan-activity;sid:83692407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm7"; depth:10; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829308/; classtype:trojan-activity;sid:83692408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm"; depth:9; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829309/; classtype:trojan-activity;sid:83692409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86_64"; depth:12; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829310/; classtype:trojan-activity;sid:83692410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm5"; depth:10; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829300/; classtype:trojan-activity;sid:83692400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.ppc"; depth:9; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829301/; classtype:trojan-activity;sid:83692401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.m68k"; depth:10; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829302/; classtype:trojan-activity;sid:83692402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.sh4"; depth:9; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829303/; classtype:trojan-activity;sid:83692403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.spc"; depth:9; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829304/; classtype:trojan-activity;sid:83692404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mpsl"; depth:10; endswith; nocase; http.host; content:"14.225.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829305/; classtype:trojan-activity;sid:83692405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.229.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829299/; classtype:trojan-activity;sid:83692399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829298/; classtype:trojan-activity;sid:83692398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.146.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829297/; classtype:trojan-activity;sid:83692397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.0.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829296/; classtype:trojan-activity;sid:83692396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.83.247.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829295/; classtype:trojan-activity;sid:83692395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.48.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829294/; classtype:trojan-activity;sid:83692394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.190.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829293/; classtype:trojan-activity;sid:83692393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.21.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829291/; classtype:trojan-activity;sid:83692391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.179.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829292/; classtype:trojan-activity;sid:83692392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.21.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829290/; classtype:trojan-activity;sid:83692390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.12.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829289/; classtype:trojan-activity;sid:83692389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.237.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829288/; classtype:trojan-activity;sid:83692388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.85.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829287/; classtype:trojan-activity;sid:83692387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.85.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829286/; classtype:trojan-activity;sid:83692386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.96.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829285/; classtype:trojan-activity;sid:83692385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.144.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829284/; classtype:trojan-activity;sid:83692384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.174.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829283/; classtype:trojan-activity;sid:83692383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.22.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829282/; classtype:trojan-activity;sid:83692382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.98.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829281/; classtype:trojan-activity;sid:83692381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.254.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829278/; classtype:trojan-activity;sid:83692378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.164.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829279/; classtype:trojan-activity;sid:83692379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829280/; classtype:trojan-activity;sid:83692380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829277/; classtype:trojan-activity;sid:83692377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.180.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829276/; classtype:trojan-activity;sid:83692376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.146.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829275/; classtype:trojan-activity;sid:83692375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.44.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829274/; classtype:trojan-activity;sid:83692374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829273/; classtype:trojan-activity;sid:83692373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.239.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829272/; classtype:trojan-activity;sid:83692372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.23.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829271/; classtype:trojan-activity;sid:83692371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.3.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829270/; classtype:trojan-activity;sid:83692370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.123.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829269/; classtype:trojan-activity;sid:83692369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.66.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829268/; classtype:trojan-activity;sid:83692368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.98.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829267/; classtype:trojan-activity;sid:83692367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829266/; classtype:trojan-activity;sid:83692366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.53.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829265/; classtype:trojan-activity;sid:83692365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.199.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829264/; classtype:trojan-activity;sid:83692364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.176.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829262/; classtype:trojan-activity;sid:83692362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.67.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829263/; classtype:trojan-activity;sid:83692363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.44.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829261/; classtype:trojan-activity;sid:83692361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.165.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829260/; classtype:trojan-activity;sid:83692360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829259/; classtype:trojan-activity;sid:83692359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.19.43.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829258/; classtype:trojan-activity;sid:83692358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.79.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829257/; classtype:trojan-activity;sid:83692357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829256/; classtype:trojan-activity;sid:83692356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.241.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829255/; classtype:trojan-activity;sid:83692355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829254/; classtype:trojan-activity;sid:83692354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.105.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829253/; classtype:trojan-activity;sid:83692353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829252/; classtype:trojan-activity;sid:83692352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.230.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829251/; classtype:trojan-activity;sid:83692351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.4.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829250/; classtype:trojan-activity;sid:83692350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.203.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829249/; classtype:trojan-activity;sid:83692349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829248/; classtype:trojan-activity;sid:83692348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.100.246.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829247/; classtype:trojan-activity;sid:83692347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.6.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829246/; classtype:trojan-activity;sid:83692346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829245/; classtype:trojan-activity;sid:83692345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.4.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829244/; classtype:trojan-activity;sid:83692344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.210.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829243/; classtype:trojan-activity;sid:83692343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829242/; classtype:trojan-activity;sid:83692342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.85.102.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829241/; classtype:trojan-activity;sid:83692341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.85.102.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829240/; classtype:trojan-activity;sid:83692340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.100.246.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829239/; classtype:trojan-activity;sid:83692339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.199.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829238/; classtype:trojan-activity;sid:83692338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.177.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829237/; classtype:trojan-activity;sid:83692337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.108.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829236/; classtype:trojan-activity;sid:83692336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829235/; classtype:trojan-activity;sid:83692335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829234/; classtype:trojan-activity;sid:83692334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.238.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829232/; classtype:trojan-activity;sid:83692332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.202.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829233/; classtype:trojan-activity;sid:83692333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.210.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829231/; classtype:trojan-activity;sid:83692331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.70.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829230/; classtype:trojan-activity;sid:83692330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829229/; classtype:trojan-activity;sid:83692329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.85.102.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829228/; classtype:trojan-activity;sid:83692328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"94.156.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829227/; classtype:trojan-activity;sid:83692327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.108.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829226/; classtype:trojan-activity;sid:83692326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.147.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829225/; classtype:trojan-activity;sid:83692325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829224/; classtype:trojan-activity;sid:83692324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.238.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829223/; classtype:trojan-activity;sid:83692323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.76.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829222/; classtype:trojan-activity;sid:83692322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.53.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829220/; classtype:trojan-activity;sid:83692320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.230.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829221/; classtype:trojan-activity;sid:83692321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.9.121.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829219/; classtype:trojan-activity;sid:83692319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.174.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829218/; classtype:trojan-activity;sid:83692318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.157.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829217/; classtype:trojan-activity;sid:83692317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829216/; classtype:trojan-activity;sid:83692316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.10.161"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829215/; classtype:trojan-activity;sid:83692315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.79.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829214/; classtype:trojan-activity;sid:83692314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.173.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829212/; classtype:trojan-activity;sid:83692312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.219.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829213/; classtype:trojan-activity;sid:83692313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.45.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829211/; classtype:trojan-activity;sid:83692311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.188.146.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829210/; classtype:trojan-activity;sid:83692310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.15.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829209/; classtype:trojan-activity;sid:83692309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.222.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829208/; classtype:trojan-activity;sid:83692308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829207/; classtype:trojan-activity;sid:83692307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.173.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829206/; classtype:trojan-activity;sid:83692306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829205/; classtype:trojan-activity;sid:83692305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.219.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829204/; classtype:trojan-activity;sid:83692304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.76.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829203/; classtype:trojan-activity;sid:83692303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.63.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829202/; classtype:trojan-activity;sid:83692302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.214.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829201/; classtype:trojan-activity;sid:83692301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.62.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829200/; classtype:trojan-activity;sid:83692300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829199/; classtype:trojan-activity;sid:83692299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.79.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829198/; classtype:trojan-activity;sid:83692298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.10.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829197/; classtype:trojan-activity;sid:83692297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.188.146.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829196/; classtype:trojan-activity;sid:83692296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.221.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829195/; classtype:trojan-activity;sid:83692295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.22.238.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829194/; classtype:trojan-activity;sid:83692294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.240.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829193/; classtype:trojan-activity;sid:83692293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829192/; classtype:trojan-activity;sid:83692292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.56.97.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829191/; classtype:trojan-activity;sid:83692291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.206.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829190/; classtype:trojan-activity;sid:83692290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"151.177.251.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829189/; classtype:trojan-activity;sid:83692289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829188/; classtype:trojan-activity;sid:83692288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829187/; classtype:trojan-activity;sid:83692287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.15.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829186/; classtype:trojan-activity;sid:83692286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.10.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829185/; classtype:trojan-activity;sid:83692285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.214.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829184/; classtype:trojan-activity;sid:83692284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.42.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829182/; classtype:trojan-activity;sid:83692282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.11.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829183/; classtype:trojan-activity;sid:83692283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.98.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829181/; classtype:trojan-activity;sid:83692281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.51.173.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829180/; classtype:trojan-activity;sid:83692280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.189.103.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829179/; classtype:trojan-activity;sid:83692279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.67.28.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829178/; classtype:trojan-activity;sid:83692278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829177/; classtype:trojan-activity;sid:83692277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.67.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829176/; classtype:trojan-activity;sid:83692276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.218.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829175/; classtype:trojan-activity;sid:83692275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829174/; classtype:trojan-activity;sid:83692274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.159.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829173/; classtype:trojan-activity;sid:83692273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.212.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829172/; classtype:trojan-activity;sid:83692272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.24.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829171/; classtype:trojan-activity;sid:83692271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.67.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829170/; classtype:trojan-activity;sid:83692270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.76.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829169/; classtype:trojan-activity;sid:83692269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/5wwdrjhi"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829168/; classtype:trojan-activity;sid:83692268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/utfplahg"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829167/; classtype:trojan-activity;sid:83692267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829166/; classtype:trojan-activity;sid:83692266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829164/; classtype:trojan-activity;sid:83692264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829165/; classtype:trojan-activity;sid:83692265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829157/; classtype:trojan-activity;sid:83692257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829158/; classtype:trojan-activity;sid:83692258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829159/; classtype:trojan-activity;sid:83692259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829160/; classtype:trojan-activity;sid:83692260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829161/; classtype:trojan-activity;sid:83692261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829162/; classtype:trojan-activity;sid:83692262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"94.156.66.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829163/; classtype:trojan-activity;sid:83692263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.196.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829156/; classtype:trojan-activity;sid:83692256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.45.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829155/; classtype:trojan-activity;sid:83692255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.224.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829154/; classtype:trojan-activity;sid:83692254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.123.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829153/; classtype:trojan-activity;sid:83692253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.30.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829152/; classtype:trojan-activity;sid:83692252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829151/; classtype:trojan-activity;sid:83692251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.246.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829150/; classtype:trojan-activity;sid:83692250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669040344|3f|hash=zhwecl1jwafpec5ren3vcvibtydxgrgwifuep3a6qb8|7c|26|7c|dl=2zlq17ytrfph3hvz0axev1jujpmaswhpzhobwrzff2z|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829149/; classtype:trojan-activity;sid:83692249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.222.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829148/; classtype:trojan-activity;sid:83692248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/returnlegendsetup.rar"; depth:31; endswith; nocase; http.host; content:"returnlegend.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829147/; classtype:trojan-activity;sid:83692247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829145/; classtype:trojan-activity;sid:83692245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829146/; classtype:trojan-activity;sid:83692246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829137/; classtype:trojan-activity;sid:83692237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829138/; classtype:trojan-activity;sid:83692238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829139/; classtype:trojan-activity;sid:83692239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829140/; classtype:trojan-activity;sid:83692240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829141/; classtype:trojan-activity;sid:83692241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829142/; classtype:trojan-activity;sid:83692242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829143/; classtype:trojan-activity;sid:83692243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829144/; classtype:trojan-activity;sid:83692244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829136/; classtype:trojan-activity;sid:83692236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.118.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829135/; classtype:trojan-activity;sid:83692235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.178.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829134/; classtype:trojan-activity;sid:83692234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.196.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829133/; classtype:trojan-activity;sid:83692233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.13.236.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829132/; classtype:trojan-activity;sid:83692232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.45.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829130/; classtype:trojan-activity;sid:83692230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.89.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829131/; classtype:trojan-activity;sid:83692231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"164.92.176.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829128/; classtype:trojan-activity;sid:83692228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"164.92.176.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829129/; classtype:trojan-activity;sid:83692229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.222.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829127/; classtype:trojan-activity;sid:83692227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.181.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829126/; classtype:trojan-activity;sid:83692226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.64.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829125/; classtype:trojan-activity;sid:83692225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.134.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829124/; classtype:trojan-activity;sid:83692224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829123/; classtype:trojan-activity;sid:83692223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829122/; classtype:trojan-activity;sid:83692222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.93.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829121/; classtype:trojan-activity;sid:83692221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.99.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829119/; classtype:trojan-activity;sid:83692219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.172.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829120/; classtype:trojan-activity;sid:83692220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.13.236.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829118/; classtype:trojan-activity;sid:83692218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829116/; classtype:trojan-activity;sid:83692216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"42.112.26.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829117/; classtype:trojan-activity;sid:83692217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.12.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829115/; classtype:trojan-activity;sid:83692215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829114/; classtype:trojan-activity;sid:83692214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.89.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829113/; classtype:trojan-activity;sid:83692213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.242.93.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829112/; classtype:trojan-activity;sid:83692212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829111/; classtype:trojan-activity;sid:83692211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.64.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829110/; classtype:trojan-activity;sid:83692210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.246.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829109/; classtype:trojan-activity;sid:83692209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.159.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829107/; classtype:trojan-activity;sid:83692207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.23.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829108/; classtype:trojan-activity;sid:83692208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669038830|3f|hash=lxyq07lxtbktlqtqhsuxfs2udomnbzw3ds4ocqqpdzg|7c|26|7c|dl=ufaw7rzxle9sqcfbbmszo67s0rs7ddfzljopgpwhzsh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829106/; classtype:trojan-activity;sid:83692206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.214.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829105/; classtype:trojan-activity;sid:83692205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.spc"; depth:14; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829102/; classtype:trojan-activity;sid:83692202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.arm"; depth:18; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829103/; classtype:trojan-activity;sid:83692203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.arm"; depth:25; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829104/; classtype:trojan-activity;sid:83692204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm"; depth:14; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829101/; classtype:trojan-activity;sid:83692201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829100/; classtype:trojan-activity;sid:83692200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.40.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829099/; classtype:trojan-activity;sid:83692199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.135.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829098/; classtype:trojan-activity;sid:83692198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.197.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829097/; classtype:trojan-activity;sid:83692197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/5248630/msedge1.exe"; depth:23; endswith; nocase; http.host; content:"tmpfiles.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829096/; classtype:trojan-activity;sid:83692196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.197.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829095/; classtype:trojan-activity;sid:83692195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.210.183.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829094/; classtype:trojan-activity;sid:83692194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.170.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829093/; classtype:trojan-activity;sid:83692193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.127.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829092/; classtype:trojan-activity;sid:83692192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.214.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829089/; classtype:trojan-activity;sid:83692189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.110.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829090/; classtype:trojan-activity;sid:83692190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.239.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829091/; classtype:trojan-activity;sid:83692191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.103.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829088/; classtype:trojan-activity;sid:83692188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.45.11.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829087/; classtype:trojan-activity;sid:83692187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.235.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829085/; classtype:trojan-activity;sid:83692185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.40.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829086/; classtype:trojan-activity;sid:83692186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.221.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829084/; classtype:trojan-activity;sid:83692184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.176.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829083/; classtype:trojan-activity;sid:83692183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.72.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829082/; classtype:trojan-activity;sid:83692182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829081/; classtype:trojan-activity;sid:83692181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.110.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829080/; classtype:trojan-activity;sid:83692180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.224.99.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829078/; classtype:trojan-activity;sid:83692178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829079/; classtype:trojan-activity;sid:83692179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.127.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829077/; classtype:trojan-activity;sid:83692177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.210.183.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829076/; classtype:trojan-activity;sid:83692176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.28.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829075/; classtype:trojan-activity;sid:83692175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829074/; classtype:trojan-activity;sid:83692174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829073/; classtype:trojan-activity;sid:83692173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829072/; classtype:trojan-activity;sid:83692172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829071/; classtype:trojan-activity;sid:83692171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.4.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829070/; classtype:trojan-activity;sid:83692170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.126.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829069/; classtype:trojan-activity;sid:83692169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.11.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829068/; classtype:trojan-activity;sid:83692168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829067/; classtype:trojan-activity;sid:83692167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829066/; classtype:trojan-activity;sid:83692166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829063/; classtype:trojan-activity;sid:83692163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829064/; classtype:trojan-activity;sid:83692164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829065/; classtype:trojan-activity;sid:83692165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829061/; classtype:trojan-activity;sid:83692161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829062/; classtype:trojan-activity;sid:83692162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.txt"; depth:6; endswith; nocase; http.host; content:"104.218.236.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829060/; classtype:trojan-activity;sid:83692160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829056/; classtype:trojan-activity;sid:83692156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829057/; classtype:trojan-activity;sid:83692157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829058/; classtype:trojan-activity;sid:83692158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"91.92.252.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829059/; classtype:trojan-activity;sid:83692159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.mips"; depth:26; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829055/; classtype:trojan-activity;sid:83692155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829048/; classtype:trojan-activity;sid:83692148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.x86"; depth:25; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829049/; classtype:trojan-activity;sid:83692149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829050/; classtype:trojan-activity;sid:83692150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829051/; classtype:trojan-activity;sid:83692151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.arm6"; depth:19; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829052/; classtype:trojan-activity;sid:83692152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86_64"; depth:15; endswith; nocase; http.host; content:"89.213.164.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829053/; classtype:trojan-activity;sid:83692153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mips"; depth:12; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829054/; classtype:trojan-activity;sid:83692154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.arm6"; depth:26; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829047/; classtype:trojan-activity;sid:83692147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mipsel"; depth:14; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829040/; classtype:trojan-activity;sid:83692140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm"; depth:13; endswith; nocase; http.host; content:"94.156.66.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829041/; classtype:trojan-activity;sid:83692141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.arm7"; depth:26; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829042/; classtype:trojan-activity;sid:83692142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829043/; classtype:trojan-activity;sid:83692143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.x86"; depth:18; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829044/; classtype:trojan-activity;sid:83692144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm7"; depth:13; endswith; nocase; http.host; content:"89.213.164.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829045/; classtype:trojan-activity;sid:83692145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36shr.txt"; depth:10; endswith; nocase; http.host; content:"92.118.112.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829046/; classtype:trojan-activity;sid:83692146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm6"; depth:14; endswith; nocase; http.host; content:"94.156.66.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829039/; classtype:trojan-activity;sid:83692139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.ppc"; depth:18; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829037/; classtype:trojan-activity;sid:83692137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.m68k"; depth:12; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829038/; classtype:trojan-activity;sid:83692138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.arm7"; depth:19; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829033/; classtype:trojan-activity;sid:83692133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.m68k"; depth:15; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829034/; classtype:trojan-activity;sid:83692134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829035/; classtype:trojan-activity;sid:83692135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm6"; depth:15; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829036/; classtype:trojan-activity;sid:83692136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829027/; classtype:trojan-activity;sid:83692127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.ppc"; depth:25; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829028/; classtype:trojan-activity;sid:83692128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm7"; depth:14; endswith; nocase; http.host; content:"94.156.66.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829029/; classtype:trojan-activity;sid:83692129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.sh4"; depth:18; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829030/; classtype:trojan-activity;sid:83692130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mpsl"; depth:14; endswith; nocase; http.host; content:"94.156.66.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829031/; classtype:trojan-activity;sid:83692131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829032/; classtype:trojan-activity;sid:83692132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.i686"; depth:15; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829026/; classtype:trojan-activity;sid:83692126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829025/; classtype:trojan-activity;sid:83692125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.m68k"; depth:26; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829023/; classtype:trojan-activity;sid:83692123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm6"; depth:13; endswith; nocase; http.host; content:"89.213.164.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829024/; classtype:trojan-activity;sid:83692124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829022/; classtype:trojan-activity;sid:83692122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm7"; depth:15; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829018/; classtype:trojan-activity;sid:83692118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.mpsl"; depth:19; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829019/; classtype:trojan-activity;sid:83692119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.powerpc"; depth:15; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829020/; classtype:trojan-activity;sid:83692120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm5"; depth:14; endswith; nocase; http.host; content:"94.156.66.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829021/; classtype:trojan-activity;sid:83692121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.arm5"; depth:26; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829016/; classtype:trojan-activity;sid:83692116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.sh4"; depth:25; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829017/; classtype:trojan-activity;sid:83692117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829013/; classtype:trojan-activity;sid:83692113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigbot"; depth:7; endswith; nocase; http.host; content:"94.156.66.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829014/; classtype:trojan-activity;sid:83692114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mips"; depth:14; endswith; nocase; http.host; content:"94.156.66.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829015/; classtype:trojan-activity;sid:83692115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.x86"; depth:14; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829011/; classtype:trojan-activity;sid:83692111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.mpsl"; depth:26; endswith; nocase; http.host; content:"104.243.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829012/; classtype:trojan-activity;sid:83692112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sh4"; depth:11; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829007/; classtype:trojan-activity;sid:83692107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829008/; classtype:trojan-activity;sid:83692108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.mips"; depth:15; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829009/; classtype:trojan-activity;sid:83692109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829010/; classtype:trojan-activity;sid:83692110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829004/; classtype:trojan-activity;sid:83692104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.mips"; depth:19; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829005/; classtype:trojan-activity;sid:83692105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.sh4"; depth:14; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829006/; classtype:trojan-activity;sid:83692106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.ppc"; depth:14; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829001/; classtype:trojan-activity;sid:83692101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm6"; depth:12; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829002/; classtype:trojan-activity;sid:83692102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm5"; depth:15; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829003/; classtype:trojan-activity;sid:83692103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.m68k"; depth:19; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828995/; classtype:trojan-activity;sid:83692095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.mpsl"; depth:15; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828996/; classtype:trojan-activity;sid:83692096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sparc"; depth:13; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828997/; classtype:trojan-activity;sid:83692097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm5"; depth:12; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828998/; classtype:trojan-activity;sid:83692098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828999/; classtype:trojan-activity;sid:83692099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"79.124.40.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829000/; classtype:trojan-activity;sid:83692100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.x86_64"; depth:17; endswith; nocase; http.host; content:"91.92.242.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828993/; classtype:trojan-activity;sid:83692093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unhanaaw.arm5"; depth:19; endswith; nocase; http.host; content:"185.117.3.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828994/; classtype:trojan-activity;sid:83692094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828992/; classtype:trojan-activity;sid:83692092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.126.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828991/; classtype:trojan-activity;sid:83692091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828990/; classtype:trojan-activity;sid:83692090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.30.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828989/; classtype:trojan-activity;sid:83692089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.109.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828988/; classtype:trojan-activity;sid:83692088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828987/; classtype:trojan-activity;sid:83692087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.125.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828986/; classtype:trojan-activity;sid:83692086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828985/; classtype:trojan-activity;sid:83692085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.88.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828983/; classtype:trojan-activity;sid:83692083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.231.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828984/; classtype:trojan-activity;sid:83692084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.207.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828982/; classtype:trojan-activity;sid:83692082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.33.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828981/; classtype:trojan-activity;sid:83692081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.246.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828980/; classtype:trojan-activity;sid:83692080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.44.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828979/; classtype:trojan-activity;sid:83692079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.107.97.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828978/; classtype:trojan-activity;sid:83692078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828977/; classtype:trojan-activity;sid:83692077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.242.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828976/; classtype:trojan-activity;sid:83692076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828975/; classtype:trojan-activity;sid:83692075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.246.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828974/; classtype:trojan-activity;sid:83692074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.214.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828973/; classtype:trojan-activity;sid:83692073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.195.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828972/; classtype:trojan-activity;sid:83692072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828971/; classtype:trojan-activity;sid:83692071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828970/; classtype:trojan-activity;sid:83692070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.91.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828969/; classtype:trojan-activity;sid:83692069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.197.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828968/; classtype:trojan-activity;sid:83692068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828967/; classtype:trojan-activity;sid:83692067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.42.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828966/; classtype:trojan-activity;sid:83692066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.109.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828965/; classtype:trojan-activity;sid:83692065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828964/; classtype:trojan-activity;sid:83692064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.220.38.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828963/; classtype:trojan-activity;sid:83692063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.235.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828962/; classtype:trojan-activity;sid:83692062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.145.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828960/; classtype:trojan-activity;sid:83692060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.159.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828961/; classtype:trojan-activity;sid:83692061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.195.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828959/; classtype:trojan-activity;sid:83692059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669033727|3f|hash=5shrrjnzgexrbfgzysivlgxouno0akh6dwrmky1ywno|7c|26|7c|dl=zgeuxfmxjmjcslx1q6hn7z65fxnkqfj2vwczllriy8w|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828958/; classtype:trojan-activity;sid:83692058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828957/; classtype:trojan-activity;sid:83692057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.26.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828956/; classtype:trojan-activity;sid:83692056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.37.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828955/; classtype:trojan-activity;sid:83692055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.197.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828954/; classtype:trojan-activity;sid:83692054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.149.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828953/; classtype:trojan-activity;sid:83692053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.118.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828951/; classtype:trojan-activity;sid:83692051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828952/; classtype:trojan-activity;sid:83692052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.159.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828950/; classtype:trojan-activity;sid:83692050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828949/; classtype:trojan-activity;sid:83692049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.79.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828948/; classtype:trojan-activity;sid:83692048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.46.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828947/; classtype:trojan-activity;sid:83692047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.145.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828946/; classtype:trojan-activity;sid:83692046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.107.8.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828945/; classtype:trojan-activity;sid:83692045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.83.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828943/; classtype:trojan-activity;sid:83692043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1232897598218571787/1233725964500996127/csgg.exe|3f|ex=662e2457|7c|26|7c|is=662cd2d7|7c|26|7c|hm=505ce3df6c3daa79a71a95fe96bbc34c63911100fbc325304c7e4b2117b78c0f|7c|26|7c|"; depth:184; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828944/; classtype:trojan-activity;sid:83692044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.89.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828941/; classtype:trojan-activity;sid:83692041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.128.17.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828942/; classtype:trojan-activity;sid:83692042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828940/; classtype:trojan-activity;sid:83692040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828939/; classtype:trojan-activity;sid:83692039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.251.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828938/; classtype:trojan-activity;sid:83692038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.228.135.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828937/; classtype:trojan-activity;sid:83692037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.214.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828936/; classtype:trojan-activity;sid:83692036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.227.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828935/; classtype:trojan-activity;sid:83692035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.181.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828934/; classtype:trojan-activity;sid:83692034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828933/; classtype:trojan-activity;sid:83692033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.37.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828932/; classtype:trojan-activity;sid:83692032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.47.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828931/; classtype:trojan-activity;sid:83692031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.83.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828930/; classtype:trojan-activity;sid:83692030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.87.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828929/; classtype:trojan-activity;sid:83692029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.128.17.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828928/; classtype:trojan-activity;sid:83692028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.89.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828927/; classtype:trojan-activity;sid:83692027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828926/; classtype:trojan-activity;sid:83692026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.181.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828924/; classtype:trojan-activity;sid:83692024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.93.182.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828925/; classtype:trojan-activity;sid:83692025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"156.155.112.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828923/; classtype:trojan-activity;sid:83692023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.13.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828922/; classtype:trojan-activity;sid:83692022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828921/; classtype:trojan-activity;sid:83692021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828920/; classtype:trojan-activity;sid:83692020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.172.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828919/; classtype:trojan-activity;sid:83692019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.87.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828918/; classtype:trojan-activity;sid:83692018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.50.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828917/; classtype:trojan-activity;sid:83692017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.160.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828916/; classtype:trojan-activity;sid:83692016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xie.exe"; depth:8; endswith; nocase; http.host; content:"zhngxie.wf"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828915/; classtype:trojan-activity;sid:83692015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.50.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828914/; classtype:trojan-activity;sid:83692014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.149.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828913/; classtype:trojan-activity;sid:83692013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.87.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828912/; classtype:trojan-activity;sid:83692012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.127.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828911/; classtype:trojan-activity;sid:83692011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.112.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828910/; classtype:trojan-activity;sid:83692010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.209.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828908/; classtype:trojan-activity;sid:83692008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.38.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828909/; classtype:trojan-activity;sid:83692009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.51.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828907/; classtype:trojan-activity;sid:83692007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.19.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828906/; classtype:trojan-activity;sid:83692006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.205.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828905/; classtype:trojan-activity;sid:83692005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.172.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828904/; classtype:trojan-activity;sid:83692004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828902/; classtype:trojan-activity;sid:83692002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.81.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828903/; classtype:trojan-activity;sid:83692003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.246.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828901/; classtype:trojan-activity;sid:83692001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828900/; classtype:trojan-activity;sid:83692000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.113.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828898/; classtype:trojan-activity;sid:83691998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.161.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828899/; classtype:trojan-activity;sid:83691999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828897/; classtype:trojan-activity;sid:83691997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828896/; classtype:trojan-activity;sid:83691996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.38.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828895/; classtype:trojan-activity;sid:83691995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.12.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828894/; classtype:trojan-activity;sid:83691994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.131.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828893/; classtype:trojan-activity;sid:83691993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.209.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828892/; classtype:trojan-activity;sid:83691992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.87.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828891/; classtype:trojan-activity;sid:83691991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.81.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828890/; classtype:trojan-activity;sid:83691990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.112.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828889/; classtype:trojan-activity;sid:83691989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.53.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828888/; classtype:trojan-activity;sid:83691988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.86.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828887/; classtype:trojan-activity;sid:83691987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.109.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828886/; classtype:trojan-activity;sid:83691986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.24.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828885/; classtype:trojan-activity;sid:83691985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828882/; classtype:trojan-activity;sid:83691982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.27.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828883/; classtype:trojan-activity;sid:83691983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.224.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828884/; classtype:trojan-activity;sid:83691984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.246.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828881/; classtype:trojan-activity;sid:83691981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.22.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828880/; classtype:trojan-activity;sid:83691980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.94.12.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828878/; classtype:trojan-activity;sid:83691978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.113.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828879/; classtype:trojan-activity;sid:83691979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.113.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828877/; classtype:trojan-activity;sid:83691977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828876/; classtype:trojan-activity;sid:83691976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.131.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828875/; classtype:trojan-activity;sid:83691975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.121.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828874/; classtype:trojan-activity;sid:83691974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.27.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828872/; classtype:trojan-activity;sid:83691972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.6.70.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828873/; classtype:trojan-activity;sid:83691973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.12.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828871/; classtype:trojan-activity;sid:83691971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828870/; classtype:trojan-activity;sid:83691970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.220.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828869/; classtype:trojan-activity;sid:83691969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.82.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828867/; classtype:trojan-activity;sid:83691967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.234.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828868/; classtype:trojan-activity;sid:83691968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.79.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828865/; classtype:trojan-activity;sid:83691965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.178.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828866/; classtype:trojan-activity;sid:83691966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.98.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828864/; classtype:trojan-activity;sid:83691964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.246.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828862/; classtype:trojan-activity;sid:83691962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.178.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828863/; classtype:trojan-activity;sid:83691963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828861/; classtype:trojan-activity;sid:83691961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.224.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828860/; classtype:trojan-activity;sid:83691960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.22.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828859/; classtype:trojan-activity;sid:83691959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828858/; classtype:trojan-activity;sid:83691958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.99.0.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828857/; classtype:trojan-activity;sid:83691957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.24.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828856/; classtype:trojan-activity;sid:83691956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.68.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828855/; classtype:trojan-activity;sid:83691955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.15.53.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828854/; classtype:trojan-activity;sid:83691954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.52.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828853/; classtype:trojan-activity;sid:83691953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.33.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828851/; classtype:trojan-activity;sid:83691951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.154.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828852/; classtype:trojan-activity;sid:83691952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828850/; classtype:trojan-activity;sid:83691950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.118.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828849/; classtype:trojan-activity;sid:83691949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.178.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828848/; classtype:trojan-activity;sid:83691948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828847/; classtype:trojan-activity;sid:83691947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.101.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828846/; classtype:trojan-activity;sid:83691946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.21.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828845/; classtype:trojan-activity;sid:83691945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828844/; classtype:trojan-activity;sid:83691944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.42.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828843/; classtype:trojan-activity;sid:83691943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828839/; classtype:trojan-activity;sid:83691939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828840/; classtype:trojan-activity;sid:83691940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828841/; classtype:trojan-activity;sid:83691941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828842/; classtype:trojan-activity;sid:83691942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828835/; classtype:trojan-activity;sid:83691935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828836/; classtype:trojan-activity;sid:83691936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828837/; classtype:trojan-activity;sid:83691937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828838/; classtype:trojan-activity;sid:83691938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828829/; classtype:trojan-activity;sid:83691929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828830/; classtype:trojan-activity;sid:83691930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828831/; classtype:trojan-activity;sid:83691931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828832/; classtype:trojan-activity;sid:83691932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828833/; classtype:trojan-activity;sid:83691933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.sh"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828834/; classtype:trojan-activity;sid:83691934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828820/; classtype:trojan-activity;sid:83691920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828821/; classtype:trojan-activity;sid:83691921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828822/; classtype:trojan-activity;sid:83691922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828823/; classtype:trojan-activity;sid:83691923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828824/; classtype:trojan-activity;sid:83691924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828825/; classtype:trojan-activity;sid:83691925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828826/; classtype:trojan-activity;sid:83691926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828827/; classtype:trojan-activity;sid:83691927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828828/; classtype:trojan-activity;sid:83691928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828816/; classtype:trojan-activity;sid:83691916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828817/; classtype:trojan-activity;sid:83691917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828818/; classtype:trojan-activity;sid:83691918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828819/; classtype:trojan-activity;sid:83691919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828811/; classtype:trojan-activity;sid:83691911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828812/; classtype:trojan-activity;sid:83691912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828813/; classtype:trojan-activity;sid:83691913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828814/; classtype:trojan-activity;sid:83691914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828815/; classtype:trojan-activity;sid:83691915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828804/; classtype:trojan-activity;sid:83691904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828805/; classtype:trojan-activity;sid:83691905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc"; depth:3; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828806/; classtype:trojan-activity;sid:83691906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828807/; classtype:trojan-activity;sid:83691907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828808/; classtype:trojan-activity;sid:83691908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828809/; classtype:trojan-activity;sid:83691909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828810/; classtype:trojan-activity;sid:83691910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828796/; classtype:trojan-activity;sid:83691896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828797/; classtype:trojan-activity;sid:83691897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828798/; classtype:trojan-activity;sid:83691898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828799/; classtype:trojan-activity;sid:83691899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828800/; classtype:trojan-activity;sid:83691900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/so"; depth:3; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828801/; classtype:trojan-activity;sid:83691901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828802/; classtype:trojan-activity;sid:83691902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.sh"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828803/; classtype:trojan-activity;sid:83691903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828794/; classtype:trojan-activity;sid:83691894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828795/; classtype:trojan-activity;sid:83691895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828790/; classtype:trojan-activity;sid:83691890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828791/; classtype:trojan-activity;sid:83691891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828792/; classtype:trojan-activity;sid:83691892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828793/; classtype:trojan-activity;sid:83691893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828787/; classtype:trojan-activity;sid:83691887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828788/; classtype:trojan-activity;sid:83691888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol"; depth:4; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828789/; classtype:trojan-activity;sid:83691889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828778/; classtype:trojan-activity;sid:83691878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828779/; classtype:trojan-activity;sid:83691879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828780/; classtype:trojan-activity;sid:83691880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828781/; classtype:trojan-activity;sid:83691881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828782/; classtype:trojan-activity;sid:83691882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828783/; classtype:trojan-activity;sid:83691883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828784/; classtype:trojan-activity;sid:83691884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828785/; classtype:trojan-activity;sid:83691885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828786/; classtype:trojan-activity;sid:83691886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828777/; classtype:trojan-activity;sid:83691877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828776/; classtype:trojan-activity;sid:83691876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.24.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828775/; classtype:trojan-activity;sid:83691875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828774/; classtype:trojan-activity;sid:83691874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828773/; classtype:trojan-activity;sid:83691873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.235.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828772/; classtype:trojan-activity;sid:83691872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.34.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828771/; classtype:trojan-activity;sid:83691871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.5.36.193"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828770/; classtype:trojan-activity;sid:83691870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.131.60.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828769/; classtype:trojan-activity;sid:83691869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.61.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828768/; classtype:trojan-activity;sid:83691868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.159.62.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828767/; classtype:trojan-activity;sid:83691867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828764/; classtype:trojan-activity;sid:83691864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828765/; classtype:trojan-activity;sid:83691865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828766/; classtype:trojan-activity;sid:83691866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.i686"; depth:13; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828757/; classtype:trojan-activity;sid:83691857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828758/; classtype:trojan-activity;sid:83691858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68"; depth:12; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828759/; classtype:trojan-activity;sid:83691859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828760/; classtype:trojan-activity;sid:83691860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828761/; classtype:trojan-activity;sid:83691861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828762/; classtype:trojan-activity;sid:83691862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4"; depth:13; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828763/; classtype:trojan-activity;sid:83691863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.spc"; depth:12; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828754/; classtype:trojan-activity;sid:83691854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828755/; classtype:trojan-activity;sid:83691855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.158.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828756/; classtype:trojan-activity;sid:83691856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.111.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828753/; classtype:trojan-activity;sid:83691853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.176.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828752/; classtype:trojan-activity;sid:83691852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.117.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828751/; classtype:trojan-activity;sid:83691851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.48.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828750/; classtype:trojan-activity;sid:83691850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.x86_64"; depth:13; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828747/; classtype:trojan-activity;sid:83691847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828748/; classtype:trojan-activity;sid:83691848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.mips"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828749/; classtype:trojan-activity;sid:83691849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828746/; classtype:trojan-activity;sid:83691846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.arm6"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828744/; classtype:trojan-activity;sid:83691844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.arm5"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828745/; classtype:trojan-activity;sid:83691845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828740/; classtype:trojan-activity;sid:83691840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828741/; classtype:trojan-activity;sid:83691841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828742/; classtype:trojan-activity;sid:83691842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.m68k"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828743/; classtype:trojan-activity;sid:83691843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828733/; classtype:trojan-activity;sid:83691833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828734/; classtype:trojan-activity;sid:83691834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828735/; classtype:trojan-activity;sid:83691835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.mpsl"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828736/; classtype:trojan-activity;sid:83691836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828737/; classtype:trojan-activity;sid:83691837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828738/; classtype:trojan-activity;sid:83691838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro6x.sh"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828739/; classtype:trojan-activity;sid:83691839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.sh4"; depth:10; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828727/; classtype:trojan-activity;sid:83691827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.arc"; depth:10; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828728/; classtype:trojan-activity;sid:83691828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828729/; classtype:trojan-activity;sid:83691829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828730/; classtype:trojan-activity;sid:83691830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.ppc"; depth:10; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828731/; classtype:trojan-activity;sid:83691831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828732/; classtype:trojan-activity;sid:83691832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.spc"; depth:10; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828720/; classtype:trojan-activity;sid:83691820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828721/; classtype:trojan-activity;sid:83691821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828722/; classtype:trojan-activity;sid:83691822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828723/; classtype:trojan-activity;sid:83691823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828724/; classtype:trojan-activity;sid:83691824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.x86"; depth:10; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828725/; classtype:trojan-activity;sid:83691825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.i686"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828726/; classtype:trojan-activity;sid:83691826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828718/; classtype:trojan-activity;sid:83691818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.230.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828717/; classtype:trojan-activity;sid:83691817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.169.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828716/; classtype:trojan-activity;sid:83691816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.47.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828715/; classtype:trojan-activity;sid:83691815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.133.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828714/; classtype:trojan-activity;sid:83691814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.31.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828713/; classtype:trojan-activity;sid:83691813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.19.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828712/; classtype:trojan-activity;sid:83691812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.238.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828711/; classtype:trojan-activity;sid:83691811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.5.36.193"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828710/; classtype:trojan-activity;sid:83691810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.123.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828709/; classtype:trojan-activity;sid:83691809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.57.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828708/; classtype:trojan-activity;sid:83691808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.67.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828706/; classtype:trojan-activity;sid:83691806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.25.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828707/; classtype:trojan-activity;sid:83691807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828705/; classtype:trojan-activity;sid:83691805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828704/; classtype:trojan-activity;sid:83691804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.158.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828703/; classtype:trojan-activity;sid:83691803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.179.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828702/; classtype:trojan-activity;sid:83691802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.190.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828701/; classtype:trojan-activity;sid:83691801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.237.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828700/; classtype:trojan-activity;sid:83691800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eveninggreatformonkeykingtounderstandtheyfeelingtheloveandsxentirethingswhichneverbreakupallthingsfromtheheart___shemygirlmywifesheismy.doc"; depth:140; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828699/; classtype:trojan-activity;sid:83691799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.21.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828698/; classtype:trojan-activity;sid:83691798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.57.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828697/; classtype:trojan-activity;sid:83691797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.111.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828696/; classtype:trojan-activity;sid:83691796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.123.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828695/; classtype:trojan-activity;sid:83691795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.144.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828694/; classtype:trojan-activity;sid:83691794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.237.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828693/; classtype:trojan-activity;sid:83691793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.203.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828692/; classtype:trojan-activity;sid:83691792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.169.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828691/; classtype:trojan-activity;sid:83691791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.28.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828690/; classtype:trojan-activity;sid:83691790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.80.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828689/; classtype:trojan-activity;sid:83691789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.31.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828688/; classtype:trojan-activity;sid:83691788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828687/; classtype:trojan-activity;sid:83691787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.209.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828686/; classtype:trojan-activity;sid:83691786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.50.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828685/; classtype:trojan-activity;sid:83691785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.69.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828684/; classtype:trojan-activity;sid:83691784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828683/; classtype:trojan-activity;sid:83691783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.179.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828682/; classtype:trojan-activity;sid:83691782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.111.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828681/; classtype:trojan-activity;sid:83691781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.144.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828680/; classtype:trojan-activity;sid:83691780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828679/; classtype:trojan-activity;sid:83691779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.62.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828678/; classtype:trojan-activity;sid:83691778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.28.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828677/; classtype:trojan-activity;sid:83691777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.190.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828676/; classtype:trojan-activity;sid:83691776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828675/; classtype:trojan-activity;sid:83691775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morningworkingforgetbackwithentireprocessgetmebacktomesheisverydetailedinprojectgetunderstand___sheisverybeautifulsheisgreat.doc"; depth:129; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828674/; classtype:trojan-activity;sid:83691774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.240.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828673/; classtype:trojan-activity;sid:83691773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.37.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828672/; classtype:trojan-activity;sid:83691772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.250.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828671/; classtype:trojan-activity;sid:83691771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.88.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828670/; classtype:trojan-activity;sid:83691770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm/"; depth:13; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828669/; classtype:trojan-activity;sid:83691769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.5.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828668/; classtype:trojan-activity;sid:83691768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828667/; classtype:trojan-activity;sid:83691767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.216.248.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828666/; classtype:trojan-activity;sid:83691766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.90.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828665/; classtype:trojan-activity;sid:83691765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828664/; classtype:trojan-activity;sid:83691764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.221.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828663/; classtype:trojan-activity;sid:83691763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828662/; classtype:trojan-activity;sid:83691762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828661/; classtype:trojan-activity;sid:83691761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.33.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828660/; classtype:trojan-activity;sid:83691760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.221.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828659/; classtype:trojan-activity;sid:83691759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828658/; classtype:trojan-activity;sid:83691758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.146.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828657/; classtype:trojan-activity;sid:83691757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.132.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828656/; classtype:trojan-activity;sid:83691756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.194.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828655/; classtype:trojan-activity;sid:83691755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.190.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828654/; classtype:trojan-activity;sid:83691754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668993752|3f|hash=n6ashhdneszwmugqz4v43xjmonozj4jjeb0yup7ci8w|7c|26|7c|dl=mma4dicbivmeu9j1sbsic5wb6qxsviqo6xd8cujpzbs|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828653/; classtype:trojan-activity;sid:83691753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.59.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828652/; classtype:trojan-activity;sid:83691752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.59.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828651/; classtype:trojan-activity;sid:83691751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.82.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828650/; classtype:trojan-activity;sid:83691750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.105.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828649/; classtype:trojan-activity;sid:83691749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.92.82.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828648/; classtype:trojan-activity;sid:83691748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.60.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828647/; classtype:trojan-activity;sid:83691747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828646/; classtype:trojan-activity;sid:83691746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.206.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828645/; classtype:trojan-activity;sid:83691745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828644/; classtype:trojan-activity;sid:83691744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828643/; classtype:trojan-activity;sid:83691743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.70.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828642/; classtype:trojan-activity;sid:83691742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828641/; classtype:trojan-activity;sid:83691741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.210.183.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828640/; classtype:trojan-activity;sid:83691740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.33.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828639/; classtype:trojan-activity;sid:83691739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.206.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828638/; classtype:trojan-activity;sid:83691738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.17.252"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828637/; classtype:trojan-activity;sid:83691737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.186.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828636/; classtype:trojan-activity;sid:83691736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828635/; classtype:trojan-activity;sid:83691735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.171.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828634/; classtype:trojan-activity;sid:83691734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828633/; classtype:trojan-activity;sid:83691733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.221.221.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828632/; classtype:trojan-activity;sid:83691732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.238.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828631/; classtype:trojan-activity;sid:83691731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.59.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828630/; classtype:trojan-activity;sid:83691730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828629/; classtype:trojan-activity;sid:83691729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.172.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828628/; classtype:trojan-activity;sid:83691728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.81.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828627/; classtype:trojan-activity;sid:83691727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.107.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828626/; classtype:trojan-activity;sid:83691726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.247.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828625/; classtype:trojan-activity;sid:83691725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.243.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828624/; classtype:trojan-activity;sid:83691724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.44.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828623/; classtype:trojan-activity;sid:83691723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828622/; classtype:trojan-activity;sid:83691722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.52.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828621/; classtype:trojan-activity;sid:83691721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.220.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828620/; classtype:trojan-activity;sid:83691720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.185.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828619/; classtype:trojan-activity;sid:83691719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.186.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828618/; classtype:trojan-activity;sid:83691718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.67.194.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828617/; classtype:trojan-activity;sid:83691717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828616/; classtype:trojan-activity;sid:83691716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828615/; classtype:trojan-activity;sid:83691715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.247.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828614/; classtype:trojan-activity;sid:83691714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828613/; classtype:trojan-activity;sid:83691713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.137.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828612/; classtype:trojan-activity;sid:83691712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828611/; classtype:trojan-activity;sid:83691711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828610/; classtype:trojan-activity;sid:83691710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.215.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828609/; classtype:trojan-activity;sid:83691709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828608/; classtype:trojan-activity;sid:83691708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.237.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828607/; classtype:trojan-activity;sid:83691707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.61.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828606/; classtype:trojan-activity;sid:83691706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.185.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828605/; classtype:trojan-activity;sid:83691705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.80.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828604/; classtype:trojan-activity;sid:83691704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.123.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828603/; classtype:trojan-activity;sid:83691703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.105.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828602/; classtype:trojan-activity;sid:83691702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828601/; classtype:trojan-activity;sid:83691701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828600/; classtype:trojan-activity;sid:83691700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828599/; classtype:trojan-activity;sid:83691699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.231.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828598/; classtype:trojan-activity;sid:83691698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828597/; classtype:trojan-activity;sid:83691697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.148.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828596/; classtype:trojan-activity;sid:83691696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.25.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828595/; classtype:trojan-activity;sid:83691695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.15.143.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828594/; classtype:trojan-activity;sid:83691694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.19.149.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828593/; classtype:trojan-activity;sid:83691693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.248.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828592/; classtype:trojan-activity;sid:83691692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.41.215.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828591/; classtype:trojan-activity;sid:83691691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.15.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828590/; classtype:trojan-activity;sid:83691690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.142.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828589/; classtype:trojan-activity;sid:83691689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.23.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828588/; classtype:trojan-activity;sid:83691688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.173.8.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828587/; classtype:trojan-activity;sid:83691687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.25.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828586/; classtype:trojan-activity;sid:83691686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.59.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828585/; classtype:trojan-activity;sid:83691685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.105.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828584/; classtype:trojan-activity;sid:83691684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.23.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828583/; classtype:trojan-activity;sid:83691683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828582/; classtype:trojan-activity;sid:83691682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828576/; classtype:trojan-activity;sid:83691676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828577/; classtype:trojan-activity;sid:83691677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828578/; classtype:trojan-activity;sid:83691678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828579/; classtype:trojan-activity;sid:83691679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828580/; classtype:trojan-activity;sid:83691680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828581/; classtype:trojan-activity;sid:83691681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828574/; classtype:trojan-activity;sid:83691674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828575/; classtype:trojan-activity;sid:83691675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828573/; classtype:trojan-activity;sid:83691673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.105.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828572/; classtype:trojan-activity;sid:83691672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.arm/"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828571/; classtype:trojan-activity;sid:83691671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.67.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828570/; classtype:trojan-activity;sid:83691670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.218.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828569/; classtype:trojan-activity;sid:83691669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.15.143.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828567/; classtype:trojan-activity;sid:83691667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.249.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828568/; classtype:trojan-activity;sid:83691668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828566/; classtype:trojan-activity;sid:83691666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.154.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828565/; classtype:trojan-activity;sid:83691665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.231.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828564/; classtype:trojan-activity;sid:83691664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.19.149.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828563/; classtype:trojan-activity;sid:83691663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.220.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828561/; classtype:trojan-activity;sid:83691661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.224.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828562/; classtype:trojan-activity;sid:83691662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.241.160.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828560/; classtype:trojan-activity;sid:83691660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.142.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828559/; classtype:trojan-activity;sid:83691659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828558/; classtype:trojan-activity;sid:83691658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.154.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828557/; classtype:trojan-activity;sid:83691657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.234.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828555/; classtype:trojan-activity;sid:83691655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.23.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828556/; classtype:trojan-activity;sid:83691656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.17.226.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828554/; classtype:trojan-activity;sid:83691654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828553/; classtype:trojan-activity;sid:83691653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.67.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828552/; classtype:trojan-activity;sid:83691652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.249.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828551/; classtype:trojan-activity;sid:83691651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828550/; classtype:trojan-activity;sid:83691650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828549/; classtype:trojan-activity;sid:83691649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.237.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828546/; classtype:trojan-activity;sid:83691646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.235.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828547/; classtype:trojan-activity;sid:83691647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828548/; classtype:trojan-activity;sid:83691648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.21.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828545/; classtype:trojan-activity;sid:83691645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.61.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828544/; classtype:trojan-activity;sid:83691644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.94.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828543/; classtype:trojan-activity;sid:83691643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.252.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828542/; classtype:trojan-activity;sid:83691642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.25.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828541/; classtype:trojan-activity;sid:83691641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.25.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828540/; classtype:trojan-activity;sid:83691640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.234.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828539/; classtype:trojan-activity;sid:83691639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.179.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828538/; classtype:trojan-activity;sid:83691638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.123.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828537/; classtype:trojan-activity;sid:83691637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828536/; classtype:trojan-activity;sid:83691636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.32.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828535/; classtype:trojan-activity;sid:83691635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828534/; classtype:trojan-activity;sid:83691634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.248.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828533/; classtype:trojan-activity;sid:83691633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.58.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828532/; classtype:trojan-activity;sid:83691632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.25.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828531/; classtype:trojan-activity;sid:83691631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.21.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828530/; classtype:trojan-activity;sid:83691630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828529/; classtype:trojan-activity;sid:83691629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.27.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828528/; classtype:trojan-activity;sid:83691628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.61.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828526/; classtype:trojan-activity;sid:83691626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828527/; classtype:trojan-activity;sid:83691627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.171.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828525/; classtype:trojan-activity;sid:83691625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.235.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828524/; classtype:trojan-activity;sid:83691624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.35.158.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828523/; classtype:trojan-activity;sid:83691623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828522/; classtype:trojan-activity;sid:83691622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.81.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828521/; classtype:trojan-activity;sid:83691621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.123.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828520/; classtype:trojan-activity;sid:83691620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.114.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828519/; classtype:trojan-activity;sid:83691619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.245.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828518/; classtype:trojan-activity;sid:83691618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.44.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828517/; classtype:trojan-activity;sid:83691617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.146.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828515/; classtype:trojan-activity;sid:83691615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.9.67.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828516/; classtype:trojan-activity;sid:83691616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.176.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828514/; classtype:trojan-activity;sid:83691614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.191.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828513/; classtype:trojan-activity;sid:83691613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.53.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828512/; classtype:trojan-activity;sid:83691612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.184.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828511/; classtype:trojan-activity;sid:83691611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828510/; classtype:trojan-activity;sid:83691610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.125.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828509/; classtype:trojan-activity;sid:83691609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.119.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828508/; classtype:trojan-activity;sid:83691608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.3.136"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828507/; classtype:trojan-activity;sid:83691607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828505/; classtype:trojan-activity;sid:83691605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.89.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828506/; classtype:trojan-activity;sid:83691606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.99.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828504/; classtype:trojan-activity;sid:83691604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.162.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828503/; classtype:trojan-activity;sid:83691603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.164.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828502/; classtype:trojan-activity;sid:83691602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.199.230.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828501/; classtype:trojan-activity;sid:83691601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.146.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828499/; classtype:trojan-activity;sid:83691599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.248.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828500/; classtype:trojan-activity;sid:83691600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.184.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828497/; classtype:trojan-activity;sid:83691597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.53.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828498/; classtype:trojan-activity;sid:83691598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.159.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828496/; classtype:trojan-activity;sid:83691596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.11.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828495/; classtype:trojan-activity;sid:83691595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.191.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828493/; classtype:trojan-activity;sid:83691593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.133.90.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828494/; classtype:trojan-activity;sid:83691594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.3.136"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828492/; classtype:trojan-activity;sid:83691592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.83.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828491/; classtype:trojan-activity;sid:83691591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.89.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828490/; classtype:trojan-activity;sid:83691590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828489/; classtype:trojan-activity;sid:83691589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.69.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828488/; classtype:trojan-activity;sid:83691588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.254.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828487/; classtype:trojan-activity;sid:83691587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.254.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828486/; classtype:trojan-activity;sid:83691586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.185.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828485/; classtype:trojan-activity;sid:83691585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.199.230.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828484/; classtype:trojan-activity;sid:83691584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.27.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828483/; classtype:trojan-activity;sid:83691583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.11.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828482/; classtype:trojan-activity;sid:83691582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.61.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828481/; classtype:trojan-activity;sid:83691581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828480/; classtype:trojan-activity;sid:83691580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.236.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828479/; classtype:trojan-activity;sid:83691579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828478/; classtype:trojan-activity;sid:83691578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.133.90.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828477/; classtype:trojan-activity;sid:83691577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.254.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828476/; classtype:trojan-activity;sid:83691576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.158.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828475/; classtype:trojan-activity;sid:83691575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.112.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828474/; classtype:trojan-activity;sid:83691574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.254.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828473/; classtype:trojan-activity;sid:83691573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828470/; classtype:trojan-activity;sid:83691570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.61.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828471/; classtype:trojan-activity;sid:83691571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.59.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828472/; classtype:trojan-activity;sid:83691572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.126.118.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828468/; classtype:trojan-activity;sid:83691568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.104.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828469/; classtype:trojan-activity;sid:83691569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.94.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828467/; classtype:trojan-activity;sid:83691567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.208.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828466/; classtype:trojan-activity;sid:83691566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.237.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828465/; classtype:trojan-activity;sid:83691565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828464/; classtype:trojan-activity;sid:83691564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.185.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828463/; classtype:trojan-activity;sid:83691563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.192.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828462/; classtype:trojan-activity;sid:83691562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.85.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828460/; classtype:trojan-activity;sid:83691560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.1.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828461/; classtype:trojan-activity;sid:83691561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.221.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828459/; classtype:trojan-activity;sid:83691559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.64.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828458/; classtype:trojan-activity;sid:83691558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.158.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828457/; classtype:trojan-activity;sid:83691557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828456/; classtype:trojan-activity;sid:83691556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.166.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828455/; classtype:trojan-activity;sid:83691555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828454/; classtype:trojan-activity;sid:83691554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828453/; classtype:trojan-activity;sid:83691553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.208.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828452/; classtype:trojan-activity;sid:83691552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"87.255.200.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828451/; classtype:trojan-activity;sid:83691551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.167.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828450/; classtype:trojan-activity;sid:83691550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.55.250.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828449/; classtype:trojan-activity;sid:83691549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.148.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828448/; classtype:trojan-activity;sid:83691548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.192.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828447/; classtype:trojan-activity;sid:83691547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828446/; classtype:trojan-activity;sid:83691546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.81.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828445/; classtype:trojan-activity;sid:83691545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"siqz.anesthetics.biomedzglobal.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828444/; classtype:trojan-activity;sid:83691544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.2.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828443/; classtype:trojan-activity;sid:83691543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.210.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828442/; classtype:trojan-activity;sid:83691542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.11.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828441/; classtype:trojan-activity;sid:83691541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.38.194.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828440/; classtype:trojan-activity;sid:83691540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.81.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828439/; classtype:trojan-activity;sid:83691539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.173.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828438/; classtype:trojan-activity;sid:83691538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.116.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828437/; classtype:trojan-activity;sid:83691537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.148.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828436/; classtype:trojan-activity;sid:83691536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.158.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828435/; classtype:trojan-activity;sid:83691535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.199.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828434/; classtype:trojan-activity;sid:83691534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828433/; classtype:trojan-activity;sid:83691533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.93.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828432/; classtype:trojan-activity;sid:83691532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.16.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828431/; classtype:trojan-activity;sid:83691531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.6.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828430/; classtype:trojan-activity;sid:83691530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828429/; classtype:trojan-activity;sid:83691529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828428/; classtype:trojan-activity;sid:83691528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.194.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828427/; classtype:trojan-activity;sid:83691527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.193.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828426/; classtype:trojan-activity;sid:83691526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.59.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828425/; classtype:trojan-activity;sid:83691525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.116.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828424/; classtype:trojan-activity;sid:83691524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828423/; classtype:trojan-activity;sid:83691523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.70.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828422/; classtype:trojan-activity;sid:83691522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.219.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828421/; classtype:trojan-activity;sid:83691521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.7.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828420/; classtype:trojan-activity;sid:83691520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828419/; classtype:trojan-activity;sid:83691519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.156.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828418/; classtype:trojan-activity;sid:83691518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.186.60.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828417/; classtype:trojan-activity;sid:83691517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.30.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828416/; classtype:trojan-activity;sid:83691516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.56.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828415/; classtype:trojan-activity;sid:83691515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.193.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828413/; classtype:trojan-activity;sid:83691513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828414/; classtype:trojan-activity;sid:83691514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.76.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828412/; classtype:trojan-activity;sid:83691512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.11.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828411/; classtype:trojan-activity;sid:83691511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.3.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828408/; classtype:trojan-activity;sid:83691508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.154.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828409/; classtype:trojan-activity;sid:83691509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.80.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828410/; classtype:trojan-activity;sid:83691510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.16.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828407/; classtype:trojan-activity;sid:83691507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828406/; classtype:trojan-activity;sid:83691506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.6.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828405/; classtype:trojan-activity;sid:83691505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.186.60.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828404/; classtype:trojan-activity;sid:83691504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.71.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828403/; classtype:trojan-activity;sid:83691503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.104.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828402/; classtype:trojan-activity;sid:83691502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828401/; classtype:trojan-activity;sid:83691501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.165.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828400/; classtype:trojan-activity;sid:83691500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.148.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828399/; classtype:trojan-activity;sid:83691499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828398/; classtype:trojan-activity;sid:83691498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.56.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828397/; classtype:trojan-activity;sid:83691497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.27.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828396/; classtype:trojan-activity;sid:83691496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.118.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828395/; classtype:trojan-activity;sid:83691495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.134.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828394/; classtype:trojan-activity;sid:83691494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828393/; classtype:trojan-activity;sid:83691493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.55.153.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828391/; classtype:trojan-activity;sid:83691491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.233.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828392/; classtype:trojan-activity;sid:83691492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.30.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828390/; classtype:trojan-activity;sid:83691490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.82.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828389/; classtype:trojan-activity;sid:83691489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828388/; classtype:trojan-activity;sid:83691488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.130.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828387/; classtype:trojan-activity;sid:83691487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.159.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828386/; classtype:trojan-activity;sid:83691486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.235.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828385/; classtype:trojan-activity;sid:83691485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.108.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828384/; classtype:trojan-activity;sid:83691484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.25.76.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828383/; classtype:trojan-activity;sid:83691483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828381/; classtype:trojan-activity;sid:83691481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828382/; classtype:trojan-activity;sid:83691482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"85.239.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828380/; classtype:trojan-activity;sid:83691480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828378/; classtype:trojan-activity;sid:83691478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.99.201.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828379/; classtype:trojan-activity;sid:83691479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.130.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828377/; classtype:trojan-activity;sid:83691477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.118.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828376/; classtype:trojan-activity;sid:83691476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.250.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828375/; classtype:trojan-activity;sid:83691475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.130.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828374/; classtype:trojan-activity;sid:83691474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.133.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828373/; classtype:trojan-activity;sid:83691473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.216.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828372/; classtype:trojan-activity;sid:83691472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.233.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828371/; classtype:trojan-activity;sid:83691471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.108.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828370/; classtype:trojan-activity;sid:83691470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.55.153.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828369/; classtype:trojan-activity;sid:83691469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.72.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828368/; classtype:trojan-activity;sid:83691468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.216.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828367/; classtype:trojan-activity;sid:83691467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.233.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828366/; classtype:trojan-activity;sid:83691466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/download/73b124c6-6b9e-4b9b-9e44-1310165d8566/fact-naturgyid2104254spainnopago2204202422412.zip"; depth:99; endswith; nocase; http.host; content:"cld.pt"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828365/; classtype:trojan-activity;sid:83691465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.133.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828364/; classtype:trojan-activity;sid:83691464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.170.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828363/; classtype:trojan-activity;sid:83691463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.130.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828362/; classtype:trojan-activity;sid:83691462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.83.184.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828361/; classtype:trojan-activity;sid:83691461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.11.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828360/; classtype:trojan-activity;sid:83691460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.214.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828359/; classtype:trojan-activity;sid:83691459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.162.73.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828358/; classtype:trojan-activity;sid:83691458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828357/; classtype:trojan-activity;sid:83691457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.121.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828356/; classtype:trojan-activity;sid:83691456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.216.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828355/; classtype:trojan-activity;sid:83691455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.72.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828354/; classtype:trojan-activity;sid:83691454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.6.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828353/; classtype:trojan-activity;sid:83691453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828352/; classtype:trojan-activity;sid:83691452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828350/; classtype:trojan-activity;sid:83691450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"91.92.254.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828351/; classtype:trojan-activity;sid:83691451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828349/; classtype:trojan-activity;sid:83691449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.75.220.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828348/; classtype:trojan-activity;sid:83691448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.162.73.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828347/; classtype:trojan-activity;sid:83691447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.199.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828346/; classtype:trojan-activity;sid:83691446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.arm"; depth:10; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828344/; classtype:trojan-activity;sid:83691444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.arm7"; depth:11; endswith; nocase; http.host; content:"45.131.111.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828345/; classtype:trojan-activity;sid:83691445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.11.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828343/; classtype:trojan-activity;sid:83691443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.216.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828342/; classtype:trojan-activity;sid:83691442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.15.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828340/; classtype:trojan-activity;sid:83691440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.128.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828341/; classtype:trojan-activity;sid:83691441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.73.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828339/; classtype:trojan-activity;sid:83691439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.125.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828338/; classtype:trojan-activity;sid:83691438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.224.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828336/; classtype:trojan-activity;sid:83691436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.121.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828337/; classtype:trojan-activity;sid:83691437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.75.220.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828335/; classtype:trojan-activity;sid:83691435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828334/; classtype:trojan-activity;sid:83691434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828333/; classtype:trojan-activity;sid:83691433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.6.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828332/; classtype:trojan-activity;sid:83691432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.146.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828330/; classtype:trojan-activity;sid:83691430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.182.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828331/; classtype:trojan-activity;sid:83691431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-files/shared/"; depth:47; endswith; nocase; http.host; content:"bigwing.algoitsolutions.co.uk"; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828329/; classtype:trojan-activity;sid:83691429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.145.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828328/; classtype:trojan-activity;sid:83691428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828327/; classtype:trojan-activity;sid:83691427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-files/shared/"; depth:47; endswith; nocase; http.host; content:"rjjewelpk.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828324/; classtype:trojan-activity;sid:83691424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"antvietnam.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828325/; classtype:trojan-activity;sid:83691425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-files/shared/"; depth:47; endswith; nocase; http.host; content:"metrobasket.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828326/; classtype:trojan-activity;sid:83691426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-files/shared/"; depth:47; endswith; nocase; http.host; content:"2mo.com"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828318/; classtype:trojan-activity;sid:83691418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"stgmountainair.wpengine.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828319/; classtype:trojan-activity;sid:83691419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-files/shared/"; depth:47; endswith; nocase; http.host; content:"eco-villas.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828320/; classtype:trojan-activity;sid:83691420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.172.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828321/; classtype:trojan-activity;sid:83691421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-files/shared/"; depth:47; endswith; nocase; http.host; content:"www.pujamosporti.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828322/; classtype:trojan-activity;sid:83691422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/share-private-files/shared/"; depth:47; endswith; nocase; http.host; content:"saveutilitybills.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828323/; classtype:trojan-activity;sid:83691423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"newsmedia247.site"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828315/; classtype:trojan-activity;sid:83691415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"bissecci.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828316/; classtype:trojan-activity;sid:83691416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"phs124168.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828317/; classtype:trojan-activity;sid:83691417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.82.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828314/; classtype:trojan-activity;sid:83691414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.195.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828313/; classtype:trojan-activity;sid:83691413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/security_check/"; depth:16; endswith; nocase; http.host; content:"arrivingback.org"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828312/; classtype:trojan-activity;sid:83691412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/case-419310.appspot.com/o/9m3mvfpdi3%2fdocument_c13_80d969115-51q17428f2747-7346p3.js|3f|alt=media|7c|26|7c|token=19f6f5c2-0710-4f94-9d8a-32cfd54ae657"; depth:156; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828311/; classtype:trojan-activity;sid:83691411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.117.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828310/; classtype:trojan-activity;sid:83691410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neo.msi"; depth:8; endswith; nocase; http.host; content:"146.19.106.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828309/; classtype:trojan-activity;sid:83691409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.137.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828308/; classtype:trojan-activity;sid:83691408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.12.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828307/; classtype:trojan-activity;sid:83691407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828306/; classtype:trojan-activity;sid:83691406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.177.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828305/; classtype:trojan-activity;sid:83691405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.145.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828304/; classtype:trojan-activity;sid:83691404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.53.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828303/; classtype:trojan-activity;sid:83691403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.185.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828302/; classtype:trojan-activity;sid:83691402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.170.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828301/; classtype:trojan-activity;sid:83691401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.88.251.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828300/; classtype:trojan-activity;sid:83691400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.93.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828299/; classtype:trojan-activity;sid:83691399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.ppc"; depth:11; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828292/; classtype:trojan-activity;sid:83691392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.sh4"; depth:11; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828293/; classtype:trojan-activity;sid:83691393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.mips"; depth:12; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828294/; classtype:trojan-activity;sid:83691394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.arm4"; depth:12; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828295/; classtype:trojan-activity;sid:83691395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.mpsl"; depth:12; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828296/; classtype:trojan-activity;sid:83691396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.arm6"; depth:12; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828297/; classtype:trojan-activity;sid:83691397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.x32"; depth:11; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828298/; classtype:trojan-activity;sid:83691398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.i586"; depth:12; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828291/; classtype:trojan-activity;sid:83691391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.x86"; depth:11; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828290/; classtype:trojan-activity;sid:83691390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.m68k"; depth:12; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828289/; classtype:trojan-activity;sid:83691389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.163.228.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828288/; classtype:trojan-activity;sid:83691388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.241.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828287/; classtype:trojan-activity;sid:83691387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.172.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828286/; classtype:trojan-activity;sid:83691386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.53.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828285/; classtype:trojan-activity;sid:83691385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.128.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828284/; classtype:trojan-activity;sid:83691384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.115.172.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828283/; classtype:trojan-activity;sid:83691383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.188.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828282/; classtype:trojan-activity;sid:83691382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828281/; classtype:trojan-activity;sid:83691381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.187.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828280/; classtype:trojan-activity;sid:83691380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.117.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828279/; classtype:trojan-activity;sid:83691379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.137.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828278/; classtype:trojan-activity;sid:83691378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828277/; classtype:trojan-activity;sid:83691377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828276/; classtype:trojan-activity;sid:83691376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.141.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828275/; classtype:trojan-activity;sid:83691375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.170.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828274/; classtype:trojan-activity;sid:83691374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.241.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828273/; classtype:trojan-activity;sid:83691373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.88.251.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828272/; classtype:trojan-activity;sid:83691372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.35.123.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828271/; classtype:trojan-activity;sid:83691371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.1.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828269/; classtype:trojan-activity;sid:83691369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.166.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828270/; classtype:trojan-activity;sid:83691370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.37.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828268/; classtype:trojan-activity;sid:83691368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.9.200"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828267/; classtype:trojan-activity;sid:83691367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.228.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828265/; classtype:trojan-activity;sid:83691365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.57.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828266/; classtype:trojan-activity;sid:83691366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.56.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828264/; classtype:trojan-activity;sid:83691364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.102.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828263/; classtype:trojan-activity;sid:83691363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.33.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828262/; classtype:trojan-activity;sid:83691362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.20.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828261/; classtype:trojan-activity;sid:83691361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.117.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828260/; classtype:trojan-activity;sid:83691360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.123.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828259/; classtype:trojan-activity;sid:83691359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.215.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828258/; classtype:trojan-activity;sid:83691358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828257/; classtype:trojan-activity;sid:83691357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.27.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828256/; classtype:trojan-activity;sid:83691356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.158.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828254/; classtype:trojan-activity;sid:83691354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.26.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828255/; classtype:trojan-activity;sid:83691355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.37.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828253/; classtype:trojan-activity;sid:83691353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.185.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828252/; classtype:trojan-activity;sid:83691352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.85.126.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828251/; classtype:trojan-activity;sid:83691351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828250/; classtype:trojan-activity;sid:83691350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.74.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828248/; classtype:trojan-activity;sid:83691348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.61.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828249/; classtype:trojan-activity;sid:83691349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828247/; classtype:trojan-activity;sid:83691347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828246/; classtype:trojan-activity;sid:83691346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828245/; classtype:trojan-activity;sid:83691345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828244/; classtype:trojan-activity;sid:83691344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.123.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828243/; classtype:trojan-activity;sid:83691343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backdoor.exe"; depth:13; endswith; nocase; http.host; content:"129.154.46.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828242/; classtype:trojan-activity;sid:83691342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"109.172.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828241/; classtype:trojan-activity;sid:83691341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828239/; classtype:trojan-activity;sid:83691339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"109.172.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828240/; classtype:trojan-activity;sid:83691340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.172.128.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828232/; classtype:trojan-activity;sid:83691332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"109.172.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828233/; classtype:trojan-activity;sid:83691333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828234/; classtype:trojan-activity;sid:83691334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.172.128.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828235/; classtype:trojan-activity;sid:83691335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/nss3.dll"; depth:26; endswith; nocase; http.host; content:"109.172.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828236/; classtype:trojan-activity;sid:83691336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828237/; classtype:trojan-activity;sid:83691337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"109.172.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828238/; classtype:trojan-activity;sid:83691338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"109.172.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828228/; classtype:trojan-activity;sid:83691328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"109.172.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828229/; classtype:trojan-activity;sid:83691329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828230/; classtype:trojan-activity;sid:83691330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828231/; classtype:trojan-activity;sid:83691331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yftql16.bin"; depth:12; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828227/; classtype:trojan-activity;sid:83691327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file%20explorer.exe"; depth:20; endswith; nocase; http.host; content:"129.154.46.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828226/; classtype:trojan-activity;sid:83691326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sutup-chrome.13.26.x64.zip"; depth:27; endswith; nocase; http.host; content:"appx0426.oss-ap-southeast-1.aliyuncs.com"; depth:40; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828224/; classtype:trojan-activity;sid:83691324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/enginechromium.msi"; depth:24; endswith; nocase; http.host; content:"www.arovision.com.co"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828223/; classtype:trojan-activity;sid:83691323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.exe"; depth:12; endswith; nocase; http.host; content:"129.154.46.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828222/; classtype:trojan-activity;sid:83691322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828221/; classtype:trojan-activity;sid:83691321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"adsl-37.37.6.37.tellas.gr"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828219/; classtype:trojan-activity;sid:83691319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dezx/oblqlsgpaa72.bin"; depth:22; endswith; nocase; http.host; content:"pronethellas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828220/; classtype:trojan-activity;sid:83691320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqyt33.sh"; depth:10; endswith; nocase; http.host; content:"188882.000webhostapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828218/; classtype:trojan-activity;sid:83691318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1sisufljtsst_w48ix2vwvcg8ow1r24hb|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828217/; classtype:trojan-activity;sid:83691317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.240.47.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828216/; classtype:trojan-activity;sid:83691316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828214/; classtype:trojan-activity;sid:83691314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.83.184.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828213/; classtype:trojan-activity;sid:83691313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.158.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828212/; classtype:trojan-activity;sid:83691312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.143.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828211/; classtype:trojan-activity;sid:83691311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.26.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828209/; classtype:trojan-activity;sid:83691309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828210/; classtype:trojan-activity;sid:83691310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.185.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828208/; classtype:trojan-activity;sid:83691308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828207/; classtype:trojan-activity;sid:83691307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"14.153.217.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828206/; classtype:trojan-activity;sid:83691306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.192.116.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828205/; classtype:trojan-activity;sid:83691305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669018195|3f|hash=qmdsbgwp6orfk1jwgv4gczwx9ajjxlein73a7gkdtfk|7c|26|7c|dl=feiri9iynwpqjp4zwxpigsd21odmerg0nza1f3wta30|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828204/; classtype:trojan-activity;sid:83691304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.45.132.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828203/; classtype:trojan-activity;sid:83691303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.214.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828202/; classtype:trojan-activity;sid:83691302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.140.44.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828201/; classtype:trojan-activity;sid:83691301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.150.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828200/; classtype:trojan-activity;sid:83691300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.92.253.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828198/; classtype:trojan-activity;sid:83691298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.132.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828199/; classtype:trojan-activity;sid:83691299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828197/; classtype:trojan-activity;sid:83691297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.142.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828196/; classtype:trojan-activity;sid:83691296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.238.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828195/; classtype:trojan-activity;sid:83691295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.7.206.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828194/; classtype:trojan-activity;sid:83691294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.53.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828193/; classtype:trojan-activity;sid:83691293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.83.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828192/; classtype:trojan-activity;sid:83691292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.92.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828191/; classtype:trojan-activity;sid:83691291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.15.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828190/; classtype:trojan-activity;sid:83691290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.240.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828189/; classtype:trojan-activity;sid:83691289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.222.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828188/; classtype:trojan-activity;sid:83691288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.3.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828187/; classtype:trojan-activity;sid:83691287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.18.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828186/; classtype:trojan-activity;sid:83691286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828185/; classtype:trojan-activity;sid:83691285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.193.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828184/; classtype:trojan-activity;sid:83691284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.168.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828183/; classtype:trojan-activity;sid:83691283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.74.16.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828182/; classtype:trojan-activity;sid:83691282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.87.160"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828181/; classtype:trojan-activity;sid:83691281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828180/; classtype:trojan-activity;sid:83691280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.3.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828179/; classtype:trojan-activity;sid:83691279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.82.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828178/; classtype:trojan-activity;sid:83691278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.154.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828176/; classtype:trojan-activity;sid:83691276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.222.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828177/; classtype:trojan-activity;sid:83691277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.206.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828175/; classtype:trojan-activity;sid:83691275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.240.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828174/; classtype:trojan-activity;sid:83691274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828173/; classtype:trojan-activity;sid:83691273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.116.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828172/; classtype:trojan-activity;sid:83691272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668993776|3f|hash=9tmhexqqbnpzh6xmaquar1tdozqd8yjjf9liirb4xnz|7c|26|7c|dl=nw3qv9qgl5izfhzfhr6ibvrpzvbspgyzgisudxywe0o|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828171/; classtype:trojan-activity;sid:83691271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.154.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828170/; classtype:trojan-activity;sid:83691270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.35.51.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828169/; classtype:trojan-activity;sid:83691269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.35.51.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828168/; classtype:trojan-activity;sid:83691268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.5.97"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828167/; classtype:trojan-activity;sid:83691267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.84.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828166/; classtype:trojan-activity;sid:83691266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.177.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828165/; classtype:trojan-activity;sid:83691265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.243.22.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828163/; classtype:trojan-activity;sid:83691263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.134.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828164/; classtype:trojan-activity;sid:83691264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bukc"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828162/; classtype:trojan-activity;sid:83691262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.183.168.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828161/; classtype:trojan-activity;sid:83691261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.188.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828160/; classtype:trojan-activity;sid:83691260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.146.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828159/; classtype:trojan-activity;sid:83691259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.35.51.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828158/; classtype:trojan-activity;sid:83691258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.178.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828157/; classtype:trojan-activity;sid:83691257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.173.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828156/; classtype:trojan-activity;sid:83691256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828154/; classtype:trojan-activity;sid:83691254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"185.172.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828155/; classtype:trojan-activity;sid:83691255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828153/; classtype:trojan-activity;sid:83691253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.178.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828152/; classtype:trojan-activity;sid:83691252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828151/; classtype:trojan-activity;sid:83691251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.8.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828150/; classtype:trojan-activity;sid:83691250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.143.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828149/; classtype:trojan-activity;sid:83691249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.31.189.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828148/; classtype:trojan-activity;sid:83691248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.183.168.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828147/; classtype:trojan-activity;sid:83691247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.188.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828146/; classtype:trojan-activity;sid:83691246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.131.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828145/; classtype:trojan-activity;sid:83691245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.127.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828144/; classtype:trojan-activity;sid:83691244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.62.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828143/; classtype:trojan-activity;sid:83691243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.54.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828142/; classtype:trojan-activity;sid:83691242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.166.82.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828141/; classtype:trojan-activity;sid:83691241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.97.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828140/; classtype:trojan-activity;sid:83691240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828139/; classtype:trojan-activity;sid:83691239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828138/; classtype:trojan-activity;sid:83691238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.178.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828137/; classtype:trojan-activity;sid:83691237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.141.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828136/; classtype:trojan-activity;sid:83691236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.191.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828135/; classtype:trojan-activity;sid:83691235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.248.174.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828134/; classtype:trojan-activity;sid:83691234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.198.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828133/; classtype:trojan-activity;sid:83691233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.228.74.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828132/; classtype:trojan-activity;sid:83691232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.39.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828131/; classtype:trojan-activity;sid:83691231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.54.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828129/; classtype:trojan-activity;sid:83691229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.230.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828130/; classtype:trojan-activity;sid:83691230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828128/; classtype:trojan-activity;sid:83691228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.54.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828126/; classtype:trojan-activity;sid:83691226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.253.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828127/; classtype:trojan-activity;sid:83691227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.141.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828125/; classtype:trojan-activity;sid:83691225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.47.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828124/; classtype:trojan-activity;sid:83691224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.127.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828123/; classtype:trojan-activity;sid:83691223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.183.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828121/; classtype:trojan-activity;sid:83691221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.158.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828122/; classtype:trojan-activity;sid:83691222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.163.228.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828120/; classtype:trojan-activity;sid:83691220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imtoken-intl-v2.apk"; depth:20; endswith; nocase; http.host; content:"206.2.129.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828119/; classtype:trojan-activity;sid:83691219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.224.12.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828118/; classtype:trojan-activity;sid:83691218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.47.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828117/; classtype:trojan-activity;sid:83691217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828116/; classtype:trojan-activity;sid:83691216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668993798|3f|hash=mszz2aw2pqimpboio6noe8ruxtowggkmrkxbbcjpp9g|7c|26|7c|dl=xrdffkmsyggubsjniwuvfjlpyulgzuzrzzsacbvglnl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828115/; classtype:trojan-activity;sid:83691215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.216.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828114/; classtype:trojan-activity;sid:83691214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.187.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828113/; classtype:trojan-activity;sid:83691213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.230.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828112/; classtype:trojan-activity;sid:83691212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.216.91.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828111/; classtype:trojan-activity;sid:83691211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.253.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828110/; classtype:trojan-activity;sid:83691210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.54.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828109/; classtype:trojan-activity;sid:83691209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.102.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828108/; classtype:trojan-activity;sid:83691208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828106/; classtype:trojan-activity;sid:83691206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.224.12.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828107/; classtype:trojan-activity;sid:83691207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.69.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828105/; classtype:trojan-activity;sid:83691205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.237.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828104/; classtype:trojan-activity;sid:83691204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.8.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828103/; classtype:trojan-activity;sid:83691203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.61.93.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828102/; classtype:trojan-activity;sid:83691202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.125.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828101/; classtype:trojan-activity;sid:83691201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.37.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828100/; classtype:trojan-activity;sid:83691200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828099/; classtype:trojan-activity;sid:83691199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.60.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828098/; classtype:trojan-activity;sid:83691198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.37.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828097/; classtype:trojan-activity;sid:83691197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.216.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828095/; classtype:trojan-activity;sid:83691195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.40.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828096/; classtype:trojan-activity;sid:83691196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828092/; classtype:trojan-activity;sid:83691192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.28.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828093/; classtype:trojan-activity;sid:83691193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.51.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828094/; classtype:trojan-activity;sid:83691194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/imtoken-intl-v2.apk"; depth:24; endswith; nocase; http.host; content:"154.23.240.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828091/; classtype:trojan-activity;sid:83691191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/imtoken-v2.apk"; depth:24; endswith; nocase; http.host; content:"38.47.232.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828090/; classtype:trojan-activity;sid:83691190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/imtoken-v2.apk"; depth:24; endswith; nocase; http.host; content:"38.47.232.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828089/; classtype:trojan-activity;sid:83691189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.42.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828088/; classtype:trojan-activity;sid:83691188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.59.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828087/; classtype:trojan-activity;sid:83691187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"157.211.107.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828086/; classtype:trojan-activity;sid:83691186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.107.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828085/; classtype:trojan-activity;sid:83691185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.47.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828084/; classtype:trojan-activity;sid:83691184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828082/; classtype:trojan-activity;sid:83691182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828083/; classtype:trojan-activity;sid:83691183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/imtoken-v2.apk"; depth:24; endswith; nocase; http.host; content:"107.148.56.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828080/; classtype:trojan-activity;sid:83691180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/imtoken.apk"; depth:21; endswith; nocase; http.host; content:"167.179.94.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828081/; classtype:trojan-activity;sid:83691181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/imtoken-v2.apk"; depth:25; endswith; nocase; http.host; content:"aws-v2-cdn.token.im"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828079/; classtype:trojan-activity;sid:83691179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/imtoken-v2.apk"; depth:24; endswith; nocase; http.host; content:"38.47.232.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828078/; classtype:trojan-activity;sid:83691178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.170.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828077/; classtype:trojan-activity;sid:83691177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.182.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828069/; classtype:trojan-activity;sid:83691169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.51.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828068/; classtype:trojan-activity;sid:83691168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm6"; depth:15; endswith; nocase; http.host; content:"srothanhlong.vn"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828067/; classtype:trojan-activity;sid:83691167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm7"; depth:15; endswith; nocase; http.host; content:"srothanhlong.vn"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828066/; classtype:trojan-activity;sid:83691166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.28.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828065/; classtype:trojan-activity;sid:83691165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.178.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828064/; classtype:trojan-activity;sid:83691164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.105.182.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828063/; classtype:trojan-activity;sid:83691163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidtest"; depth:9; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828058/; classtype:trojan-activity;sid:83691158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828059/; classtype:trojan-activity;sid:83691159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828060/; classtype:trojan-activity;sid:83691160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828061/; classtype:trojan-activity;sid:83691161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828062/; classtype:trojan-activity;sid:83691162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828057/; classtype:trojan-activity;sid:83691157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828056/; classtype:trojan-activity;sid:83691156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828055/; classtype:trojan-activity;sid:83691155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828054/; classtype:trojan-activity;sid:83691154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828053/; classtype:trojan-activity;sid:83691153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perppc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828052/; classtype:trojan-activity;sid:83691152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828051/; classtype:trojan-activity;sid:83691151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828048/; classtype:trojan-activity;sid:83691148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828049/; classtype:trojan-activity;sid:83691149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828050/; classtype:trojan-activity;sid:83691150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perspc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828047/; classtype:trojan-activity;sid:83691147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828046/; classtype:trojan-activity;sid:83691146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828045/; classtype:trojan-activity;sid:83691145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828043/; classtype:trojan-activity;sid:83691143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828044/; classtype:trojan-activity;sid:83691144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828040/; classtype:trojan-activity;sid:83691140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828041/; classtype:trojan-activity;sid:83691141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828042/; classtype:trojan-activity;sid:83691142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"159.100.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828037/; classtype:trojan-activity;sid:83691137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mipsel"; depth:13; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828038/; classtype:trojan-activity;sid:83691138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mips"; depth:11; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828039/; classtype:trojan-activity;sid:83691139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828015/; classtype:trojan-activity;sid:83691115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm68k"; depth:6; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828016/; classtype:trojan-activity;sid:83691116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perm68k"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828017/; classtype:trojan-activity;sid:83691117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828018/; classtype:trojan-activity;sid:83691118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828019/; classtype:trojan-activity;sid:83691119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/permips"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828020/; classtype:trojan-activity;sid:83691120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828021/; classtype:trojan-activity;sid:83691121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/permpsl"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828022/; classtype:trojan-activity;sid:83691122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828023/; classtype:trojan-activity;sid:83691123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828024/; classtype:trojan-activity;sid:83691124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828025/; classtype:trojan-activity;sid:83691125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828026/; classtype:trojan-activity;sid:83691126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828027/; classtype:trojan-activity;sid:83691127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828028/; classtype:trojan-activity;sid:83691128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828029/; classtype:trojan-activity;sid:83691129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828030/; classtype:trojan-activity;sid:83691130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipst"; depth:6; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828031/; classtype:trojan-activity;sid:83691131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828032/; classtype:trojan-activity;sid:83691132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828033/; classtype:trojan-activity;sid:83691133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828034/; classtype:trojan-activity;sid:83691134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828035/; classtype:trojan-activity;sid:83691135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828036/; classtype:trojan-activity;sid:83691136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i686"; depth:11; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828014/; classtype:trojan-activity;sid:83691114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sh4"; depth:10; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828013/; classtype:trojan-activity;sid:83691113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"180.178.32.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828012/; classtype:trojan-activity;sid:83691112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828011/; classtype:trojan-activity;sid:83691111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm6"; depth:15; endswith; nocase; http.host; content:"103.163.214.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828010/; classtype:trojan-activity;sid:83691110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm7"; depth:15; endswith; nocase; http.host; content:"103.163.214.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828009/; classtype:trojan-activity;sid:83691109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.x86"; depth:10; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828008/; classtype:trojan-activity;sid:83691108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828005/; classtype:trojan-activity;sid:83691105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828006/; classtype:trojan-activity;sid:83691106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828007/; classtype:trojan-activity;sid:83691107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv6l"; depth:13; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828003/; classtype:trojan-activity;sid:83691103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"159.100.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828004/; classtype:trojan-activity;sid:83691104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827999/; classtype:trojan-activity;sid:83691099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"23.224.227.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828000/; classtype:trojan-activity;sid:83691100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"159.100.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828001/; classtype:trojan-activity;sid:83691101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv5"; depth:12; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828002/; classtype:trojan-activity;sid:83691102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827997/; classtype:trojan-activity;sid:83691097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"159.100.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827998/; classtype:trojan-activity;sid:83691098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"159.100.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827992/; classtype:trojan-activity;sid:83691092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"159.100.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827993/; classtype:trojan-activity;sid:83691093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"159.100.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827994/; classtype:trojan-activity;sid:83691094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sparc"; depth:12; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827995/; classtype:trojan-activity;sid:83691095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827996/; classtype:trojan-activity;sid:83691096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_32"; depth:12; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827988/; classtype:trojan-activity;sid:83691088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.ppc"; depth:10; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827989/; classtype:trojan-activity;sid:83691089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827990/; classtype:trojan-activity;sid:83691090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827991/; classtype:trojan-activity;sid:83691091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827985/; classtype:trojan-activity;sid:83691085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827986/; classtype:trojan-activity;sid:83691086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827987/; classtype:trojan-activity;sid:83691087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i586"; depth:11; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827981/; classtype:trojan-activity;sid:83691081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827982/; classtype:trojan-activity;sid:83691082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv4"; depth:12; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827983/; classtype:trojan-activity;sid:83691083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.m68k"; depth:11; endswith; nocase; http.host; content:"94.156.79.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827984/; classtype:trojan-activity;sid:83691084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"216.146.26.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827979/; classtype:trojan-activity;sid:83691079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"94.156.79.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827980/; classtype:trojan-activity;sid:83691080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827976/; classtype:trojan-activity;sid:83691076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827977/; classtype:trojan-activity;sid:83691077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"93.123.85.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827978/; classtype:trojan-activity;sid:83691078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.59.186.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827975/; classtype:trojan-activity;sid:83691075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.170.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827974/; classtype:trojan-activity;sid:83691074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827973/; classtype:trojan-activity;sid:83691073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827972/; classtype:trojan-activity;sid:83691072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.145.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827971/; classtype:trojan-activity;sid:83691071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.137.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827970/; classtype:trojan-activity;sid:83691070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v2.apk"; depth:7; endswith; nocase; http.host; content:"116.213.43.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827969/; classtype:trojan-activity;sid:83691069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.182.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827968/; classtype:trojan-activity;sid:83691068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.54.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827967/; classtype:trojan-activity;sid:83691067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feixiaohao_latest.apk"; depth:22; endswith; nocase; http.host; content:"20.214.163.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827966/; classtype:trojan-activity;sid:83691066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tokenpocket-pro.apk"; depth:20; endswith; nocase; http.host; content:"142.171.227.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827965/; classtype:trojan-activity;sid:83691065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tokenpocket-pro.apk"; depth:20; endswith; nocase; http.host; content:"74.48.140.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827964/; classtype:trojan-activity;sid:83691064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beewallet_1.0.4.apk"; depth:20; endswith; nocase; http.host; content:"142.171.227.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827963/; classtype:trojan-activity;sid:83691063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827962/; classtype:trojan-activity;sid:83691062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.13.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827961/; classtype:trojan-activity;sid:83691061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/tokenpocket-pro.apk"; depth:30; endswith; nocase; http.host; content:"tokenpocket.la"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827960/; classtype:trojan-activity;sid:83691060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.72.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827958/; classtype:trojan-activity;sid:83691058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.105.182.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827959/; classtype:trojan-activity;sid:83691059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/bitpie.apk"; depth:21; endswith; nocase; http.host; content:"bitpie.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827957/; classtype:trojan-activity;sid:83691057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/imtoken.apk"; depth:21; endswith; nocase; http.host; content:"imtokeon.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827956/; classtype:trojan-activity;sid:83691056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827955/; classtype:trojan-activity;sid:83691055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/us/app/imtoken2/id1384798940"; depth:29; endswith; nocase; http.host; content:"itunes.apple.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827954/; classtype:trojan-activity;sid:83691054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.123.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827952/; classtype:trojan-activity;sid:83691052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827953/; classtype:trojan-activity;sid:83691053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/apps/details|3f|id=im.token.app"; depth:38; endswith; nocase; http.host; content:"play.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827951/; classtype:trojan-activity;sid:83691051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.99.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827950/; classtype:trojan-activity;sid:83691050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.128.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827949/; classtype:trojan-activity;sid:83691049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827948/; classtype:trojan-activity;sid:83691048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/download.php|3f|c=1000"; depth:28; endswith; nocase; http.host; content:"dkgxxh1czdosr.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827947/; classtype:trojan-activity;sid:83691047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827946/; classtype:trojan-activity;sid:83691046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.128.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827945/; classtype:trojan-activity;sid:83691045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.222.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827944/; classtype:trojan-activity;sid:83691044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.255.74.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827943/; classtype:trojan-activity;sid:83691043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.144.229.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827942/; classtype:trojan-activity;sid:83691042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827941/; classtype:trojan-activity;sid:83691041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827940/; classtype:trojan-activity;sid:83691040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.183.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827939/; classtype:trojan-activity;sid:83691039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827938/; classtype:trojan-activity;sid:83691038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827937/; classtype:trojan-activity;sid:83691037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.29.29.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827936/; classtype:trojan-activity;sid:83691036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.15.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827933/; classtype:trojan-activity;sid:83691033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.145.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827934/; classtype:trojan-activity;sid:83691034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.37.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827935/; classtype:trojan-activity;sid:83691035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.254.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827931/; classtype:trojan-activity;sid:83691031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.28.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827932/; classtype:trojan-activity;sid:83691032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.13.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827930/; classtype:trojan-activity;sid:83691030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.159.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827929/; classtype:trojan-activity;sid:83691029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.221.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827928/; classtype:trojan-activity;sid:83691028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827927/; classtype:trojan-activity;sid:83691027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.46.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827926/; classtype:trojan-activity;sid:83691026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.54.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827925/; classtype:trojan-activity;sid:83691025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.12.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827924/; classtype:trojan-activity;sid:83691024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827923/; classtype:trojan-activity;sid:83691023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827922/; classtype:trojan-activity;sid:83691022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.169.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827921/; classtype:trojan-activity;sid:83691021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.185.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827920/; classtype:trojan-activity;sid:83691020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.99.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827919/; classtype:trojan-activity;sid:83691019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.172.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827918/; classtype:trojan-activity;sid:83691018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.128.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827917/; classtype:trojan-activity;sid:83691017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.46.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827916/; classtype:trojan-activity;sid:83691016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827915/; classtype:trojan-activity;sid:83691015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.221.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827914/; classtype:trojan-activity;sid:83691014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.182.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827913/; classtype:trojan-activity;sid:83691013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.74.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827912/; classtype:trojan-activity;sid:83691012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.99.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827911/; classtype:trojan-activity;sid:83691011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827910/; classtype:trojan-activity;sid:83691010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.196.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827909/; classtype:trojan-activity;sid:83691009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_669007153|3f|hash=jdxdpboexprzdf3cmywkfosnuz6zqlusmp7ko5wdqix|7c|26|7c|dl=zsjpjeuvseni1ybruyexsxubldwglqrigdlxeqn7tno|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827908/; classtype:trojan-activity;sid:83691008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v3tutorial.mp4"; depth:15; endswith; nocase; http.host; content:"91.92.249.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827905/; classtype:trojan-activity;sid:83691005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/playkit.mp4"; depth:12; endswith; nocase; http.host; content:"91.92.249.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827906/; classtype:trojan-activity;sid:83691006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teaser.mp4"; depth:11; endswith; nocase; http.host; content:"91.92.249.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827907/; classtype:trojan-activity;sid:83691007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827904/; classtype:trojan-activity;sid:83691004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.109.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827903/; classtype:trojan-activity;sid:83691003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.191.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827902/; classtype:trojan-activity;sid:83691002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/apps/details|3f|id=com.bitpie"; depth:36; endswith; nocase; http.host; content:"play.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827900/; classtype:trojan-activity;sid:83691000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/apps/details|3f|id=vip.mytokenpocket"; depth:43; endswith; nocase; http.host; content:"play.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827901/; classtype:trojan-activity;sid:83691001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/apps/details|3f|id=vip.mybitpiewallet"; depth:44; endswith; nocase; http.host; content:"play.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827898/; classtype:trojan-activity;sid:83690998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webstore/detail/tokenpocket/mfgccjchihfkkindfppnaooecgfneiii"; depth:61; endswith; nocase; http.host; content:"chrome.google.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827899/; classtype:trojan-activity;sid:83690999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.23.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827897/; classtype:trojan-activity;sid:83690997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.99.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827896/; classtype:trojan-activity;sid:83690996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.61.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827895/; classtype:trojan-activity;sid:83690995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.172.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827894/; classtype:trojan-activity;sid:83690994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.99.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827893/; classtype:trojan-activity;sid:83690993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.229.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827892/; classtype:trojan-activity;sid:83690992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exodus.exe"; depth:11; endswith; nocase; http.host; content:"91.92.255.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827891/; classtype:trojan-activity;sid:83690991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.77.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827890/; classtype:trojan-activity;sid:83690990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827889/; classtype:trojan-activity;sid:83690989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827888/; classtype:trojan-activity;sid:83690988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.31.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827887/; classtype:trojan-activity;sid:83690987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.64.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827886/; classtype:trojan-activity;sid:83690986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"164.92.176.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827885/; classtype:trojan-activity;sid:83690985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"164.92.176.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827884/; classtype:trojan-activity;sid:83690984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.45.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827883/; classtype:trojan-activity;sid:83690983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.172.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827882/; classtype:trojan-activity;sid:83690982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/fkqcdjc473843.apk"; depth:23; endswith; nocase; http.host; content:"lh.yjjxz.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827881/; classtype:trojan-activity;sid:83690981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.83.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827880/; classtype:trojan-activity;sid:83690980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.93.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827879/; classtype:trojan-activity;sid:83690979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827878/; classtype:trojan-activity;sid:83690978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.140.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827876/; classtype:trojan-activity;sid:83690976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.77.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827877/; classtype:trojan-activity;sid:83690977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.55.135.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827875/; classtype:trojan-activity;sid:83690975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.185.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827874/; classtype:trojan-activity;sid:83690974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.169.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827873/; classtype:trojan-activity;sid:83690973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.212.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827872/; classtype:trojan-activity;sid:83690972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.126.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827871/; classtype:trojan-activity;sid:83690971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.48.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827870/; classtype:trojan-activity;sid:83690970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.39.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827869/; classtype:trojan-activity;sid:83690969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.83.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827868/; classtype:trojan-activity;sid:83690968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.snoopy"; depth:15; endswith; nocase; http.host; content:"38.180.156.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827867/; classtype:trojan-activity;sid:83690967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snoopy.sh"; depth:10; endswith; nocase; http.host; content:"38.180.156.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827866/; classtype:trojan-activity;sid:83690966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.54.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827865/; classtype:trojan-activity;sid:83690965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.229.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827864/; classtype:trojan-activity;sid:83690964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.171.253.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827863/; classtype:trojan-activity;sid:83690963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.106.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827862/; classtype:trojan-activity;sid:83690962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.183.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827861/; classtype:trojan-activity;sid:83690961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.106.91.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827860/; classtype:trojan-activity;sid:83690960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.212.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827859/; classtype:trojan-activity;sid:83690959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827858/; classtype:trojan-activity;sid:83690958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.25.76.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827857/; classtype:trojan-activity;sid:83690957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.9.218"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827856/; classtype:trojan-activity;sid:83690956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.7.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827855/; classtype:trojan-activity;sid:83690955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.30.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827854/; classtype:trojan-activity;sid:83690954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"20.2.148.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827853/; classtype:trojan-activity;sid:83690953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.39.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827852/; classtype:trojan-activity;sid:83690952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.41.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827851/; classtype:trojan-activity;sid:83690951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qc"; depth:3; endswith; nocase; http.host; content:"107.189.5.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827850/; classtype:trojan-activity;sid:83690950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.225.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827849/; classtype:trojan-activity;sid:83690949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jk/sshd"; depth:8; endswith; nocase; http.host; content:"107.189.5.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827848/; classtype:trojan-activity;sid:83690948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.41.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827847/; classtype:trojan-activity;sid:83690947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.7.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827846/; classtype:trojan-activity;sid:83690946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.157.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827845/; classtype:trojan-activity;sid:83690945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.206.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827844/; classtype:trojan-activity;sid:83690944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827843/; classtype:trojan-activity;sid:83690943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827841/; classtype:trojan-activity;sid:83690941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.113.31.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827842/; classtype:trojan-activity;sid:83690942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.225.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827840/; classtype:trojan-activity;sid:83690940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.55.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827839/; classtype:trojan-activity;sid:83690939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827800/; classtype:trojan-activity;sid:83690900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827801/; classtype:trojan-activity;sid:83690901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827802/; classtype:trojan-activity;sid:83690902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.sh"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827803/; classtype:trojan-activity;sid:83690903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827804/; classtype:trojan-activity;sid:83690904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827805/; classtype:trojan-activity;sid:83690905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827806/; classtype:trojan-activity;sid:83690906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827807/; classtype:trojan-activity;sid:83690907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827808/; classtype:trojan-activity;sid:83690908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827809/; classtype:trojan-activity;sid:83690909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827810/; classtype:trojan-activity;sid:83690910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827811/; classtype:trojan-activity;sid:83690911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827812/; classtype:trojan-activity;sid:83690912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827813/; classtype:trojan-activity;sid:83690913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827814/; classtype:trojan-activity;sid:83690914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827815/; classtype:trojan-activity;sid:83690915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827816/; classtype:trojan-activity;sid:83690916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827817/; classtype:trojan-activity;sid:83690917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827818/; classtype:trojan-activity;sid:83690918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827819/; classtype:trojan-activity;sid:83690919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827820/; classtype:trojan-activity;sid:83690920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827821/; classtype:trojan-activity;sid:83690921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827822/; classtype:trojan-activity;sid:83690922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827823/; classtype:trojan-activity;sid:83690923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827824/; classtype:trojan-activity;sid:83690924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827825/; classtype:trojan-activity;sid:83690925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827826/; classtype:trojan-activity;sid:83690926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827827/; classtype:trojan-activity;sid:83690927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827828/; classtype:trojan-activity;sid:83690928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827829/; classtype:trojan-activity;sid:83690929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827830/; classtype:trojan-activity;sid:83690930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827831/; classtype:trojan-activity;sid:83690931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827832/; classtype:trojan-activity;sid:83690932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827833/; classtype:trojan-activity;sid:83690933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827834/; classtype:trojan-activity;sid:83690934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827835/; classtype:trojan-activity;sid:83690935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827836/; classtype:trojan-activity;sid:83690936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827837/; classtype:trojan-activity;sid:83690937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827838/; classtype:trojan-activity;sid:83690938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.26.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827799/; classtype:trojan-activity;sid:83690899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.86.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827798/; classtype:trojan-activity;sid:83690898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827797/; classtype:trojan-activity;sid:83690897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.204.149.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827795/; classtype:trojan-activity;sid:83690895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.25.68.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827796/; classtype:trojan-activity;sid:83690896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.110.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827792/; classtype:trojan-activity;sid:83690892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.119.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827793/; classtype:trojan-activity;sid:83690893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.199.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827794/; classtype:trojan-activity;sid:83690894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.98.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827791/; classtype:trojan-activity;sid:83690891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.116.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827790/; classtype:trojan-activity;sid:83690890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827789/; classtype:trojan-activity;sid:83690889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.83.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827788/; classtype:trojan-activity;sid:83690888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.96.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827787/; classtype:trojan-activity;sid:83690887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.83.173.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827786/; classtype:trojan-activity;sid:83690886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.exe"; depth:6; endswith; nocase; http.host; content:"94.156.128.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827785/; classtype:trojan-activity;sid:83690885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.157.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827784/; classtype:trojan-activity;sid:83690884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.175.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827783/; classtype:trojan-activity;sid:83690883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.3.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827782/; classtype:trojan-activity;sid:83690882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.68.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827781/; classtype:trojan-activity;sid:83690881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.190.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827780/; classtype:trojan-activity;sid:83690880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.157.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827779/; classtype:trojan-activity;sid:83690879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.86.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827778/; classtype:trojan-activity;sid:83690878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.123.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827777/; classtype:trojan-activity;sid:83690877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827776/; classtype:trojan-activity;sid:83690876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.126.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827775/; classtype:trojan-activity;sid:83690875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.201.0.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827774/; classtype:trojan-activity;sid:83690874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.18.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827773/; classtype:trojan-activity;sid:83690873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.175.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827772/; classtype:trojan-activity;sid:83690872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.18.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827771/; classtype:trojan-activity;sid:83690871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827769/; classtype:trojan-activity;sid:83690869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827770/; classtype:trojan-activity;sid:83690870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827767/; classtype:trojan-activity;sid:83690867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827768/; classtype:trojan-activity;sid:83690868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827765/; classtype:trojan-activity;sid:83690865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol"; depth:4; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827766/; classtype:trojan-activity;sid:83690866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7.sh"; depth:5; endswith; nocase; http.host; content:"67.217.59.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827764/; classtype:trojan-activity;sid:83690864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668998749|3f|hash=jpzrjrp4xjuuq6pm7wjrjlcc9a5fxja4fun0y7zvgw8|7c|26|7c|dl=xwjfciff01zfmz3tzu5a8wlf6n11nelyx3wpqzubojw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827763/; classtype:trojan-activity;sid:83690863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827762/; classtype:trojan-activity;sid:83690862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.121.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827761/; classtype:trojan-activity;sid:83690861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.190.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827760/; classtype:trojan-activity;sid:83690860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.18.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827759/; classtype:trojan-activity;sid:83690859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"216.73.94.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827758/; classtype:trojan-activity;sid:83690858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.157.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827757/; classtype:trojan-activity;sid:83690857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.18.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827756/; classtype:trojan-activity;sid:83690856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827755/; classtype:trojan-activity;sid:83690855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.29.198.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827754/; classtype:trojan-activity;sid:83690854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.111.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827753/; classtype:trojan-activity;sid:83690853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827752/; classtype:trojan-activity;sid:83690852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.82.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827751/; classtype:trojan-activity;sid:83690851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.73.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827750/; classtype:trojan-activity;sid:83690850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.106.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827749/; classtype:trojan-activity;sid:83690849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827748/; classtype:trojan-activity;sid:83690848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827747/; classtype:trojan-activity;sid:83690847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.168.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827746/; classtype:trojan-activity;sid:83690846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827744/; classtype:trojan-activity;sid:83690844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.46.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827745/; classtype:trojan-activity;sid:83690845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.125.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827743/; classtype:trojan-activity;sid:83690843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827741/; classtype:trojan-activity;sid:83690841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.48.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827742/; classtype:trojan-activity;sid:83690842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827740/; classtype:trojan-activity;sid:83690840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.150.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827738/; classtype:trojan-activity;sid:83690838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827739/; classtype:trojan-activity;sid:83690839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.87.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827737/; classtype:trojan-activity;sid:83690837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.187"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827736/; classtype:trojan-activity;sid:83690836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.176.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827735/; classtype:trojan-activity;sid:83690835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827734/; classtype:trojan-activity;sid:83690834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.168.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827733/; classtype:trojan-activity;sid:83690833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.114.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827732/; classtype:trojan-activity;sid:83690832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.161.73.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827731/; classtype:trojan-activity;sid:83690831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.48.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827730/; classtype:trojan-activity;sid:83690830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.158.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827729/; classtype:trojan-activity;sid:83690829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.158.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827728/; classtype:trojan-activity;sid:83690828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.96.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827727/; classtype:trojan-activity;sid:83690827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.241.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827726/; classtype:trojan-activity;sid:83690826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.253.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827725/; classtype:trojan-activity;sid:83690825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.116.237.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827724/; classtype:trojan-activity;sid:83690824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.83.184.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827723/; classtype:trojan-activity;sid:83690823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.12.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827722/; classtype:trojan-activity;sid:83690822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.87.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827721/; classtype:trojan-activity;sid:83690821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.161.73.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827720/; classtype:trojan-activity;sid:83690820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.93.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827719/; classtype:trojan-activity;sid:83690819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dt.txt"; depth:7; endswith; nocase; http.host; content:"41.216.188.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827717/; classtype:trojan-activity;sid:83690817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.jpg"; depth:6; endswith; nocase; http.host; content:"41.216.188.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827718/; classtype:trojan-activity;sid:83690818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slasl.txt"; depth:10; endswith; nocase; http.host; content:"85.209.133.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827716/; classtype:trojan-activity;sid:83690816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgaltypqicmixdhx.txt"; depth:21; endswith; nocase; http.host; content:"104.243.38.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827714/; classtype:trojan-activity;sid:83690814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whqwpyhkpfairrmb.jpg"; depth:21; endswith; nocase; http.host; content:"104.243.38.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827715/; classtype:trojan-activity;sid:83690815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bar.jpg"; depth:8; endswith; nocase; http.host; content:"85.209.133.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827713/; classtype:trojan-activity;sid:83690813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827712/; classtype:trojan-activity;sid:83690812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.25.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827711/; classtype:trojan-activity;sid:83690811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.176.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827710/; classtype:trojan-activity;sid:83690810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h.jpg"; depth:6; endswith; nocase; http.host; content:"193.26.115.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827709/; classtype:trojan-activity;sid:83690809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t87.txt"; depth:8; endswith; nocase; http.host; content:"193.26.115.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827708/; classtype:trojan-activity;sid:83690808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blo.txt"; depth:8; endswith; nocase; http.host; content:"193.26.115.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827707/; classtype:trojan-activity;sid:83690807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.jpg"; depth:8; endswith; nocase; http.host; content:"193.26.115.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827705/; classtype:trojan-activity;sid:83690805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ock.txt"; depth:8; endswith; nocase; http.host; content:"193.26.115.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827706/; classtype:trojan-activity;sid:83690806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.210.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827704/; classtype:trojan-activity;sid:83690804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.33.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827703/; classtype:trojan-activity;sid:83690803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.17.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827702/; classtype:trojan-activity;sid:83690802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.47.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827700/; classtype:trojan-activity;sid:83690800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.25.76.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827701/; classtype:trojan-activity;sid:83690801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.179.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827699/; classtype:trojan-activity;sid:83690799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.12.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827698/; classtype:trojan-activity;sid:83690798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827697/; classtype:trojan-activity;sid:83690797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827696/; classtype:trojan-activity;sid:83690796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.202.77.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827695/; classtype:trojan-activity;sid:83690795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.93.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827693/; classtype:trojan-activity;sid:83690793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827694/; classtype:trojan-activity;sid:83690794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.87.160"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827692/; classtype:trojan-activity;sid:83690792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k2/unconscientiousness.jpb"; depth:27; endswith; nocase; http.host; content:"nitio.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827691/; classtype:trojan-activity;sid:83690791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827688/; classtype:trojan-activity;sid:83690788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827689/; classtype:trojan-activity;sid:83690789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k1/fdoimu226.bin"; depth:17; endswith; nocase; http.host; content:"nitio.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827690/; classtype:trojan-activity;sid:83690790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827686/; classtype:trojan-activity;sid:83690786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.25.76.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827685/; classtype:trojan-activity;sid:83690785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.176.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827684/; classtype:trojan-activity;sid:83690784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.214.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827683/; classtype:trojan-activity;sid:83690783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.52.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827681/; classtype:trojan-activity;sid:83690781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.210.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827682/; classtype:trojan-activity;sid:83690782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827680/; classtype:trojan-activity;sid:83690780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.239.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827679/; classtype:trojan-activity;sid:83690779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.158.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827678/; classtype:trojan-activity;sid:83690778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.147.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827677/; classtype:trojan-activity;sid:83690777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.47.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827676/; classtype:trojan-activity;sid:83690776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.17.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827675/; classtype:trojan-activity;sid:83690775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.179.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827674/; classtype:trojan-activity;sid:83690774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm"; depth:12; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827673/; classtype:trojan-activity;sid:83690773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.sh4"; depth:12; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827672/; classtype:trojan-activity;sid:83690772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//softbot.arm7"; depth:14; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827666/; classtype:trojan-activity;sid:83690766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//softbot.arm6"; depth:14; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827667/; classtype:trojan-activity;sid:83690767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//softbot.mips"; depth:14; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827668/; classtype:trojan-activity;sid:83690768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//softbot.x86"; depth:13; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827669/; classtype:trojan-activity;sid:83690769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//softbot.arm5"; depth:14; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827670/; classtype:trojan-activity;sid:83690770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//softbot.mpsl"; depth:14; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827671/; classtype:trojan-activity;sid:83690771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.210.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827665/; classtype:trojan-activity;sid:83690765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827664/; classtype:trojan-activity;sid:83690764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668991652|3f|hash=c8ujqgg4wj90td0szysdxob79ydyvd27cgqn4vikfwg|7c|26|7c|dl=oh9fctztik0mv1xdmorla3bzkjlch5if5euzcuqaz7l|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827663/; classtype:trojan-activity;sid:83690763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668993960|3f|hash=z9lhrslmzuv1xjuhy4zqtzdarrwzqtc4a9awzl2tz3h|7c|26|7c|dl=3urmyip5qksf8z8w5ffo4nmwnjcuxsbiz8mtd9wpsct|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827662/; classtype:trojan-activity;sid:83690762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.136.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827660/; classtype:trojan-activity;sid:83690760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.138.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827661/; classtype:trojan-activity;sid:83690761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668994275|3f|hash=js2sfrhovuanz24hemspgkyfj51ggkuzg7faz24rnzk|7c|26|7c|dl=tzc6tefgtatqytcbonykgucerynmvxpm9pczn029d20|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827659/; classtype:trojan-activity;sid:83690759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.9.67.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827658/; classtype:trojan-activity;sid:83690758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827652/; classtype:trojan-activity;sid:83690752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827653/; classtype:trojan-activity;sid:83690753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827654/; classtype:trojan-activity;sid:83690754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827655/; classtype:trojan-activity;sid:83690755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827656/; classtype:trojan-activity;sid:83690756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827657/; classtype:trojan-activity;sid:83690757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827648/; classtype:trojan-activity;sid:83690748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827649/; classtype:trojan-activity;sid:83690749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827650/; classtype:trojan-activity;sid:83690750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827651/; classtype:trojan-activity;sid:83690751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827643/; classtype:trojan-activity;sid:83690743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827644/; classtype:trojan-activity;sid:83690744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827645/; classtype:trojan-activity;sid:83690745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827646/; classtype:trojan-activity;sid:83690746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827647/; classtype:trojan-activity;sid:83690747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.163.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827642/; classtype:trojan-activity;sid:83690742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827633/; classtype:trojan-activity;sid:83690733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827634/; classtype:trojan-activity;sid:83690734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827635/; classtype:trojan-activity;sid:83690735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827636/; classtype:trojan-activity;sid:83690736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827637/; classtype:trojan-activity;sid:83690737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827638/; classtype:trojan-activity;sid:83690738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827639/; classtype:trojan-activity;sid:83690739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827640/; classtype:trojan-activity;sid:83690740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827641/; classtype:trojan-activity;sid:83690741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.221.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827632/; classtype:trojan-activity;sid:83690732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.147.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827631/; classtype:trojan-activity;sid:83690731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827629/; classtype:trojan-activity;sid:83690729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827630/; classtype:trojan-activity;sid:83690730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.204.237.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827627/; classtype:trojan-activity;sid:83690727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.172.115.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827628/; classtype:trojan-activity;sid:83690728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827626/; classtype:trojan-activity;sid:83690726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.251.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827625/; classtype:trojan-activity;sid:83690725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.240.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827624/; classtype:trojan-activity;sid:83690724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.17.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827623/; classtype:trojan-activity;sid:83690723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.173.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827622/; classtype:trojan-activity;sid:83690722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.163.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827621/; classtype:trojan-activity;sid:83690721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827620/; classtype:trojan-activity;sid:83690720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.167.37.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827619/; classtype:trojan-activity;sid:83690719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827618/; classtype:trojan-activity;sid:83690718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.98.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827617/; classtype:trojan-activity;sid:83690717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.24.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827616/; classtype:trojan-activity;sid:83690716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.8.61"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827615/; classtype:trojan-activity;sid:83690715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.184.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827614/; classtype:trojan-activity;sid:83690714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827613/; classtype:trojan-activity;sid:83690713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827612/; classtype:trojan-activity;sid:83690712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827611/; classtype:trojan-activity;sid:83690711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827610/; classtype:trojan-activity;sid:83690710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.59.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827609/; classtype:trojan-activity;sid:83690709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827608/; classtype:trojan-activity;sid:83690708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.30.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827607/; classtype:trojan-activity;sid:83690707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.204.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827606/; classtype:trojan-activity;sid:83690706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.173.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827605/; classtype:trojan-activity;sid:83690705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827604/; classtype:trojan-activity;sid:83690704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.30.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827603/; classtype:trojan-activity;sid:83690703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.215.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827602/; classtype:trojan-activity;sid:83690702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.254.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827601/; classtype:trojan-activity;sid:83690701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827600/; classtype:trojan-activity;sid:83690700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.198.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827599/; classtype:trojan-activity;sid:83690699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827598/; classtype:trojan-activity;sid:83690698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827597/; classtype:trojan-activity;sid:83690697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.160.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827596/; classtype:trojan-activity;sid:83690696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.23.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827594/; classtype:trojan-activity;sid:83690694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.24.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827595/; classtype:trojan-activity;sid:83690695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827593/; classtype:trojan-activity;sid:83690693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.242.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827592/; classtype:trojan-activity;sid:83690692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.0.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827591/; classtype:trojan-activity;sid:83690691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.237.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827590/; classtype:trojan-activity;sid:83690690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.164.141.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827589/; classtype:trojan-activity;sid:83690689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827588/; classtype:trojan-activity;sid:83690688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.36.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827587/; classtype:trojan-activity;sid:83690687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.204.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827586/; classtype:trojan-activity;sid:83690686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827585/; classtype:trojan-activity;sid:83690685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.181.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827584/; classtype:trojan-activity;sid:83690684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.15.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827583/; classtype:trojan-activity;sid:83690683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.108.240.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827582/; classtype:trojan-activity;sid:83690682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.160.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827581/; classtype:trojan-activity;sid:83690681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827580/; classtype:trojan-activity;sid:83690680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.23.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827579/; classtype:trojan-activity;sid:83690679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.36.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827578/; classtype:trojan-activity;sid:83690678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.92.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827577/; classtype:trojan-activity;sid:83690677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.87.105.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827576/; classtype:trojan-activity;sid:83690676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.36.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827574/; classtype:trojan-activity;sid:83690674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.138.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827575/; classtype:trojan-activity;sid:83690675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.9.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827573/; classtype:trojan-activity;sid:83690673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl.n"; depth:7; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827572/; classtype:trojan-activity;sid:83690672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.26.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827571/; classtype:trojan-activity;sid:83690671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827570/; classtype:trojan-activity;sid:83690670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.78.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827569/; classtype:trojan-activity;sid:83690669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.237.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827568/; classtype:trojan-activity;sid:83690668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.154.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827567/; classtype:trojan-activity;sid:83690667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/woodmart/fonts/rtx.exe"; depth:41; endswith; nocase; http.host; content:"salamatbartar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827566/; classtype:trojan-activity;sid:83690666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827565/; classtype:trojan-activity;sid:83690665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827564/; classtype:trojan-activity;sid:83690664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyohg9odyvknmq9zlh"; depth:19; endswith; nocase; http.host; content:"jeuxviddeo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827563/; classtype:trojan-activity;sid:83690663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.56.88.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827562/; classtype:trojan-activity;sid:83690662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.199.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827561/; classtype:trojan-activity;sid:83690661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827560/; classtype:trojan-activity;sid:83690660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.143.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827559/; classtype:trojan-activity;sid:83690659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.127.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827558/; classtype:trojan-activity;sid:83690658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.78.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827557/; classtype:trojan-activity;sid:83690657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827556/; classtype:trojan-activity;sid:83690656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827555/; classtype:trojan-activity;sid:83690655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.117.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827554/; classtype:trojan-activity;sid:83690654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827553/; classtype:trojan-activity;sid:83690653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.54.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827552/; classtype:trojan-activity;sid:83690652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.45.247.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827551/; classtype:trojan-activity;sid:83690651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.254.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827550/; classtype:trojan-activity;sid:83690650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.177.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827549/; classtype:trojan-activity;sid:83690649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.75.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827548/; classtype:trojan-activity;sid:83690648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827547/; classtype:trojan-activity;sid:83690647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.228.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827545/; classtype:trojan-activity;sid:83690645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.1.234"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827546/; classtype:trojan-activity;sid:83690646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.150.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827544/; classtype:trojan-activity;sid:83690644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.156.79.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827543/; classtype:trojan-activity;sid:83690643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.254.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827542/; classtype:trojan-activity;sid:83690642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.48.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827541/; classtype:trojan-activity;sid:83690641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.127.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827540/; classtype:trojan-activity;sid:83690640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.117.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827539/; classtype:trojan-activity;sid:83690639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827538/; classtype:trojan-activity;sid:83690638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.83.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827535/; classtype:trojan-activity;sid:83690635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.161.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827536/; classtype:trojan-activity;sid:83690636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.19.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827537/; classtype:trojan-activity;sid:83690637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.128.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827534/; classtype:trojan-activity;sid:83690634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.224.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827533/; classtype:trojan-activity;sid:83690633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"90.117.181.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827532/; classtype:trojan-activity;sid:83690632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827531/; classtype:trojan-activity;sid:83690631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827530/; classtype:trojan-activity;sid:83690630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.222.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827529/; classtype:trojan-activity;sid:83690629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827528/; classtype:trojan-activity;sid:83690628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827527/; classtype:trojan-activity;sid:83690627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.177.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827526/; classtype:trojan-activity;sid:83690626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.102.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827525/; classtype:trojan-activity;sid:83690625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.179.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827523/; classtype:trojan-activity;sid:83690623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.150.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827524/; classtype:trojan-activity;sid:83690624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.146.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827522/; classtype:trojan-activity;sid:83690622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827521/; classtype:trojan-activity;sid:83690621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827519/; classtype:trojan-activity;sid:83690619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.240.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827520/; classtype:trojan-activity;sid:83690620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827518/; classtype:trojan-activity;sid:83690618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.23.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827517/; classtype:trojan-activity;sid:83690617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.217.229.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827516/; classtype:trojan-activity;sid:83690616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.224.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827515/; classtype:trojan-activity;sid:83690615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.151.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827514/; classtype:trojan-activity;sid:83690614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.15.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827513/; classtype:trojan-activity;sid:83690613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827512/; classtype:trojan-activity;sid:83690612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827511/; classtype:trojan-activity;sid:83690611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.72.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827508/; classtype:trojan-activity;sid:83690608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.163.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827509/; classtype:trojan-activity;sid:83690609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.150.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827510/; classtype:trojan-activity;sid:83690610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827507/; classtype:trojan-activity;sid:83690607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.179.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827506/; classtype:trojan-activity;sid:83690606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.119.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827505/; classtype:trojan-activity;sid:83690605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.110.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827504/; classtype:trojan-activity;sid:83690604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.41.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827503/; classtype:trojan-activity;sid:83690603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.198.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827502/; classtype:trojan-activity;sid:83690602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.40.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827501/; classtype:trojan-activity;sid:83690601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.54.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827500/; classtype:trojan-activity;sid:83690600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.70.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827499/; classtype:trojan-activity;sid:83690599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.206.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827498/; classtype:trojan-activity;sid:83690598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827497/; classtype:trojan-activity;sid:83690597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.160.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827496/; classtype:trojan-activity;sid:83690596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.14.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827495/; classtype:trojan-activity;sid:83690595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.119.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827494/; classtype:trojan-activity;sid:83690594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.207.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827493/; classtype:trojan-activity;sid:83690593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.15.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827492/; classtype:trojan-activity;sid:83690592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.209.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827491/; classtype:trojan-activity;sid:83690591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.66.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827490/; classtype:trojan-activity;sid:83690590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827489/; classtype:trojan-activity;sid:83690589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.201.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827488/; classtype:trojan-activity;sid:83690588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.14.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827487/; classtype:trojan-activity;sid:83690587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827486/; classtype:trojan-activity;sid:83690586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827485/; classtype:trojan-activity;sid:83690585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.149.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827484/; classtype:trojan-activity;sid:83690584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.228.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827482/; classtype:trojan-activity;sid:83690582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.11.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827483/; classtype:trojan-activity;sid:83690583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.198.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827481/; classtype:trojan-activity;sid:83690581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.70.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827480/; classtype:trojan-activity;sid:83690580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.223.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827479/; classtype:trojan-activity;sid:83690579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/m68k"; depth:9; endswith; nocase; http.host; content:"91.92.254.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827478/; classtype:trojan-activity;sid:83690578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/x86"; depth:8; endswith; nocase; http.host; content:"91.92.254.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827471/; classtype:trojan-activity;sid:83690571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/mips"; depth:9; endswith; nocase; http.host; content:"91.92.254.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827472/; classtype:trojan-activity;sid:83690572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm7"; depth:9; endswith; nocase; http.host; content:"91.92.254.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827473/; classtype:trojan-activity;sid:83690573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/sh4"; depth:8; endswith; nocase; http.host; content:"91.92.254.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827474/; classtype:trojan-activity;sid:83690574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm"; depth:8; endswith; nocase; http.host; content:"91.92.254.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827475/; classtype:trojan-activity;sid:83690575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm6"; depth:9; endswith; nocase; http.host; content:"91.92.254.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827476/; classtype:trojan-activity;sid:83690576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/ppc"; depth:8; endswith; nocase; http.host; content:"91.92.254.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827477/; classtype:trojan-activity;sid:83690577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.54.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827470/; classtype:trojan-activity;sid:83690570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.152.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827469/; classtype:trojan-activity;sid:83690569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.125.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827468/; classtype:trojan-activity;sid:83690568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.116.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827467/; classtype:trojan-activity;sid:83690567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.41.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827466/; classtype:trojan-activity;sid:83690566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.117.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827465/; classtype:trojan-activity;sid:83690565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.71.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827464/; classtype:trojan-activity;sid:83690564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.201.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827463/; classtype:trojan-activity;sid:83690563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"152.246.231.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827461/; classtype:trojan-activity;sid:83690561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827462/; classtype:trojan-activity;sid:83690562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.189.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827460/; classtype:trojan-activity;sid:83690560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.195.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827459/; classtype:trojan-activity;sid:83690559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.98.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827457/; classtype:trojan-activity;sid:83690557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.132.104.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827458/; classtype:trojan-activity;sid:83690558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.69.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827456/; classtype:trojan-activity;sid:83690556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.27.37.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827455/; classtype:trojan-activity;sid:83690555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.36.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827454/; classtype:trojan-activity;sid:83690554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.228.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827452/; classtype:trojan-activity;sid:83690552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.11.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827453/; classtype:trojan-activity;sid:83690553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"152.246.231.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827451/; classtype:trojan-activity;sid:83690551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827450/; classtype:trojan-activity;sid:83690550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.117.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827449/; classtype:trojan-activity;sid:83690549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827448/; classtype:trojan-activity;sid:83690548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827447/; classtype:trojan-activity;sid:83690547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.77.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827446/; classtype:trojan-activity;sid:83690546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.61.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827445/; classtype:trojan-activity;sid:83690545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.71.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827444/; classtype:trojan-activity;sid:83690544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827443/; classtype:trojan-activity;sid:83690543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.223.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827442/; classtype:trojan-activity;sid:83690542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.209.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827441/; classtype:trojan-activity;sid:83690541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827440/; classtype:trojan-activity;sid:83690540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.36.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827439/; classtype:trojan-activity;sid:83690539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.27.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827438/; classtype:trojan-activity;sid:83690538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.129.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827437/; classtype:trojan-activity;sid:83690537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827436/; classtype:trojan-activity;sid:83690536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.90.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827435/; classtype:trojan-activity;sid:83690535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.250.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827434/; classtype:trojan-activity;sid:83690534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.144.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827433/; classtype:trojan-activity;sid:83690533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.240.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827432/; classtype:trojan-activity;sid:83690532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827431/; classtype:trojan-activity;sid:83690531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.3.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827430/; classtype:trojan-activity;sid:83690530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827429/; classtype:trojan-activity;sid:83690529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.253.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827428/; classtype:trojan-activity;sid:83690528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827427/; classtype:trojan-activity;sid:83690527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.129.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827426/; classtype:trojan-activity;sid:83690526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.150.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827425/; classtype:trojan-activity;sid:83690525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.61.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827424/; classtype:trojan-activity;sid:83690524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.117.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827422/; classtype:trojan-activity;sid:83690522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.29.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827423/; classtype:trojan-activity;sid:83690523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.161.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827420/; classtype:trojan-activity;sid:83690520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.117.32.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827421/; classtype:trojan-activity;sid:83690521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.18.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827419/; classtype:trojan-activity;sid:83690519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.177.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827418/; classtype:trojan-activity;sid:83690518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.3.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827417/; classtype:trojan-activity;sid:83690517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.240.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827416/; classtype:trojan-activity;sid:83690516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.152.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827415/; classtype:trojan-activity;sid:83690515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.198.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827414/; classtype:trojan-activity;sid:83690514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.144.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827413/; classtype:trojan-activity;sid:83690513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.183.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827412/; classtype:trojan-activity;sid:83690512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.67.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827411/; classtype:trojan-activity;sid:83690511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.150.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827410/; classtype:trojan-activity;sid:83690510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.247.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827409/; classtype:trojan-activity;sid:83690509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827408/; classtype:trojan-activity;sid:83690508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.149.142.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827407/; classtype:trojan-activity;sid:83690507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.29.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827406/; classtype:trojan-activity;sid:83690506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.177.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827405/; classtype:trojan-activity;sid:83690505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.84.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827404/; classtype:trojan-activity;sid:83690504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.226.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827403/; classtype:trojan-activity;sid:83690503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.140.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827402/; classtype:trojan-activity;sid:83690502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.146.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827400/; classtype:trojan-activity;sid:83690500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.134.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827401/; classtype:trojan-activity;sid:83690501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.152.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827398/; classtype:trojan-activity;sid:83690498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.213.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827399/; classtype:trojan-activity;sid:83690499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.183.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827397/; classtype:trojan-activity;sid:83690497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.205.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827396/; classtype:trojan-activity;sid:83690496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.31.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827395/; classtype:trojan-activity;sid:83690495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.149.142.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827394/; classtype:trojan-activity;sid:83690494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.125.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827393/; classtype:trojan-activity;sid:83690493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.10.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827391/; classtype:trojan-activity;sid:83690491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.48.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827392/; classtype:trojan-activity;sid:83690492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.251.12.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827390/; classtype:trojan-activity;sid:83690490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.31.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827389/; classtype:trojan-activity;sid:83690489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.235.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827388/; classtype:trojan-activity;sid:83690488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"77.221.156.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827387/; classtype:trojan-activity;sid:83690487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827384/; classtype:trojan-activity;sid:83690484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mips"; depth:10; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827385/; classtype:trojan-activity;sid:83690485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86_64"; depth:12; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827386/; classtype:trojan-activity;sid:83690486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mpsl"; depth:10; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827382/; classtype:trojan-activity;sid:83690482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86"; depth:9; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827383/; classtype:trojan-activity;sid:83690483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-m68k"; depth:10; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827380/; classtype:trojan-activity;sid:83690480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm6"; depth:10; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827381/; classtype:trojan-activity;sid:83690481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm"; depth:9; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827379/; classtype:trojan-activity;sid:83690479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-sh4"; depth:9; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827377/; classtype:trojan-activity;sid:83690477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm5"; depth:10; endswith; nocase; http.host; content:"14.225.218.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827378/; classtype:trojan-activity;sid:83690478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm5"; depth:13; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827375/; classtype:trojan-activity;sid:83690475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.x86"; depth:12; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827376/; classtype:trojan-activity;sid:83690476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm6"; depth:13; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827372/; classtype:trojan-activity;sid:83690472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm7"; depth:13; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827373/; classtype:trojan-activity;sid:83690473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.mips"; depth:13; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827374/; classtype:trojan-activity;sid:83690474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.244.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827371/; classtype:trojan-activity;sid:83690471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.149.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827370/; classtype:trojan-activity;sid:83690470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.195.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827369/; classtype:trojan-activity;sid:83690469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.146.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827368/; classtype:trojan-activity;sid:83690468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.117.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827367/; classtype:trojan-activity;sid:83690467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.3.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827366/; classtype:trojan-activity;sid:83690466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.15.143.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827365/; classtype:trojan-activity;sid:83690465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827364/; classtype:trojan-activity;sid:83690464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.46.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827363/; classtype:trojan-activity;sid:83690463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no_killer/mpsl"; depth:15; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827362/; classtype:trojan-activity;sid:83690462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.146.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827361/; classtype:trojan-activity;sid:83690461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827360/; classtype:trojan-activity;sid:83690460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.251.12.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827358/; classtype:trojan-activity;sid:83690458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.203.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827359/; classtype:trojan-activity;sid:83690459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.236.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827357/; classtype:trojan-activity;sid:83690457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.177.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827356/; classtype:trojan-activity;sid:83690456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.145.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827355/; classtype:trojan-activity;sid:83690455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.107.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827354/; classtype:trojan-activity;sid:83690454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.10.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827353/; classtype:trojan-activity;sid:83690453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.67.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827352/; classtype:trojan-activity;sid:83690452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.203.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827351/; classtype:trojan-activity;sid:83690451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.163.21.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827350/; classtype:trojan-activity;sid:83690450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.147.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827349/; classtype:trojan-activity;sid:83690449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.235.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827348/; classtype:trojan-activity;sid:83690448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.153.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827347/; classtype:trojan-activity;sid:83690447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.177.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827346/; classtype:trojan-activity;sid:83690446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.45.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827345/; classtype:trojan-activity;sid:83690445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.224.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827344/; classtype:trojan-activity;sid:83690444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.73.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827342/; classtype:trojan-activity;sid:83690442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.217.51.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827343/; classtype:trojan-activity;sid:83690443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.236.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827341/; classtype:trojan-activity;sid:83690441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.86.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827340/; classtype:trojan-activity;sid:83690440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.222.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827339/; classtype:trojan-activity;sid:83690439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.190.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827338/; classtype:trojan-activity;sid:83690438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.102.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827337/; classtype:trojan-activity;sid:83690437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.90.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827336/; classtype:trojan-activity;sid:83690436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.104.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827335/; classtype:trojan-activity;sid:83690435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827334/; classtype:trojan-activity;sid:83690434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.151.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827333/; classtype:trojan-activity;sid:83690433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827332/; classtype:trojan-activity;sid:83690432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.21.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827331/; classtype:trojan-activity;sid:83690431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.32.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827330/; classtype:trojan-activity;sid:83690430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.102.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827329/; classtype:trojan-activity;sid:83690429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827328/; classtype:trojan-activity;sid:83690428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.76.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827327/; classtype:trojan-activity;sid:83690427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.27.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827326/; classtype:trojan-activity;sid:83690426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.198.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827325/; classtype:trojan-activity;sid:83690425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.73.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827324/; classtype:trojan-activity;sid:83690424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.171.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827323/; classtype:trojan-activity;sid:83690423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.105.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827322/; classtype:trojan-activity;sid:83690422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.78.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827321/; classtype:trojan-activity;sid:83690421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.9.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827320/; classtype:trojan-activity;sid:83690420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.3.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827319/; classtype:trojan-activity;sid:83690419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827318/; classtype:trojan-activity;sid:83690418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.94.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827317/; classtype:trojan-activity;sid:83690417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.229.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827316/; classtype:trojan-activity;sid:83690416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.174.238.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827315/; classtype:trojan-activity;sid:83690415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827314/; classtype:trojan-activity;sid:83690414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.101.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827313/; classtype:trojan-activity;sid:83690413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827312/; classtype:trojan-activity;sid:83690412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.83.173.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827311/; classtype:trojan-activity;sid:83690411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.170.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827310/; classtype:trojan-activity;sid:83690410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.220.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827309/; classtype:trojan-activity;sid:83690409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.206.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827308/; classtype:trojan-activity;sid:83690408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.9.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827307/; classtype:trojan-activity;sid:83690407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.35.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827306/; classtype:trojan-activity;sid:83690406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.174.238.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827305/; classtype:trojan-activity;sid:83690405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.94.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827304/; classtype:trojan-activity;sid:83690404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.16.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827303/; classtype:trojan-activity;sid:83690403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.197.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827302/; classtype:trojan-activity;sid:83690402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.87.143.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827300/; classtype:trojan-activity;sid:83690400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.34.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827301/; classtype:trojan-activity;sid:83690401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827299/; classtype:trojan-activity;sid:83690399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.221.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827297/; classtype:trojan-activity;sid:83690397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.74.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827298/; classtype:trojan-activity;sid:83690398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.70.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827296/; classtype:trojan-activity;sid:83690396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827295/; classtype:trojan-activity;sid:83690395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.213.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827294/; classtype:trojan-activity;sid:83690394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.83.173.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827293/; classtype:trojan-activity;sid:83690393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.48.196.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827292/; classtype:trojan-activity;sid:83690392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827291/; classtype:trojan-activity;sid:83690391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827290/; classtype:trojan-activity;sid:83690390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.145.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827289/; classtype:trojan-activity;sid:83690389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.108.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827287/; classtype:trojan-activity;sid:83690387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.114.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827288/; classtype:trojan-activity;sid:83690388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.27.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827286/; classtype:trojan-activity;sid:83690386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.37.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827285/; classtype:trojan-activity;sid:83690385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.117.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827284/; classtype:trojan-activity;sid:83690384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827283/; classtype:trojan-activity;sid:83690383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"156.247.1.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827282/; classtype:trojan-activity;sid:83690382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.128.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827281/; classtype:trojan-activity;sid:83690381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.7.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827280/; classtype:trojan-activity;sid:83690380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.196.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827279/; classtype:trojan-activity;sid:83690379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.126.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827278/; classtype:trojan-activity;sid:83690378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827277/; classtype:trojan-activity;sid:83690377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.16.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827276/; classtype:trojan-activity;sid:83690376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827275/; classtype:trojan-activity;sid:83690375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.108.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827273/; classtype:trojan-activity;sid:83690373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.145.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827274/; classtype:trojan-activity;sid:83690374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.114.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827272/; classtype:trojan-activity;sid:83690372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"2.58.95.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827271/; classtype:trojan-activity;sid:83690371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.37.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827270/; classtype:trojan-activity;sid:83690370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.133.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827269/; classtype:trojan-activity;sid:83690369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.7.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827268/; classtype:trojan-activity;sid:83690368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827267/; classtype:trojan-activity;sid:83690367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.89.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827266/; classtype:trojan-activity;sid:83690366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.164.229.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827263/; classtype:trojan-activity;sid:83690363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.229.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827264/; classtype:trojan-activity;sid:83690364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.188.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827265/; classtype:trojan-activity;sid:83690365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827262/; classtype:trojan-activity;sid:83690362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.245.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827261/; classtype:trojan-activity;sid:83690361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.198.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827260/; classtype:trojan-activity;sid:83690360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.52.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827259/; classtype:trojan-activity;sid:83690359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.250"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827258/; classtype:trojan-activity;sid:83690358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.55.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827257/; classtype:trojan-activity;sid:83690357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827256/; classtype:trojan-activity;sid:83690356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.158.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827255/; classtype:trojan-activity;sid:83690355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.229.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827254/; classtype:trojan-activity;sid:83690354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.200.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827253/; classtype:trojan-activity;sid:83690353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827252/; classtype:trojan-activity;sid:83690352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.220.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827251/; classtype:trojan-activity;sid:83690351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.198.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827250/; classtype:trojan-activity;sid:83690350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827249/; classtype:trojan-activity;sid:83690349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827248/; classtype:trojan-activity;sid:83690348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.233.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827247/; classtype:trojan-activity;sid:83690347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.19.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827246/; classtype:trojan-activity;sid:83690346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.250"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827245/; classtype:trojan-activity;sid:83690345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827244/; classtype:trojan-activity;sid:83690344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827243/; classtype:trojan-activity;sid:83690343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827242/; classtype:trojan-activity;sid:83690342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.225.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827241/; classtype:trojan-activity;sid:83690341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827240/; classtype:trojan-activity;sid:83690340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827239/; classtype:trojan-activity;sid:83690339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.105.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827238/; classtype:trojan-activity;sid:83690338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.177.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827237/; classtype:trojan-activity;sid:83690337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.186.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827235/; classtype:trojan-activity;sid:83690335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.164.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827236/; classtype:trojan-activity;sid:83690336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.203.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827234/; classtype:trojan-activity;sid:83690334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.219.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827233/; classtype:trojan-activity;sid:83690333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.92.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827232/; classtype:trojan-activity;sid:83690332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"icul.anesthetics.biomedzglobal.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827231/; classtype:trojan-activity;sid:83690331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/case-419310.appspot.com/o/imrozi8xra%2fdocument_h90_16m957712-08k63479r1055-7228h4.js|3f|alt=media|7c|26|7c|token=6ae5a405-6e42-4d61-91cd-5fa0b3522a4b"; depth:156; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827230/; classtype:trojan-activity;sid:83690330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.78.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827229/; classtype:trojan-activity;sid:83690329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.240.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827228/; classtype:trojan-activity;sid:83690328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.118.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827227/; classtype:trojan-activity;sid:83690327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.83.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827226/; classtype:trojan-activity;sid:83690326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.228.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827225/; classtype:trojan-activity;sid:83690325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.177.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827224/; classtype:trojan-activity;sid:83690324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.142.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827223/; classtype:trojan-activity;sid:83690323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.112.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827222/; classtype:trojan-activity;sid:83690322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.98.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827221/; classtype:trojan-activity;sid:83690321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.132.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827220/; classtype:trojan-activity;sid:83690320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.203.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827219/; classtype:trojan-activity;sid:83690319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.92.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827217/; classtype:trojan-activity;sid:83690317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.164.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827218/; classtype:trojan-activity;sid:83690318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.189.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827216/; classtype:trojan-activity;sid:83690316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.91.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827215/; classtype:trojan-activity;sid:83690315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827214/; classtype:trojan-activity;sid:83690314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.228.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827213/; classtype:trojan-activity;sid:83690313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.240.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827212/; classtype:trojan-activity;sid:83690312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.212.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827211/; classtype:trojan-activity;sid:83690311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.193.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827210/; classtype:trojan-activity;sid:83690310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.112.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827208/; classtype:trojan-activity;sid:83690308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.34.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827209/; classtype:trojan-activity;sid:83690309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.83.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827207/; classtype:trojan-activity;sid:83690307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.89.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827206/; classtype:trojan-activity;sid:83690306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827205/; classtype:trojan-activity;sid:83690305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"taifateule.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827202/; classtype:trojan-activity;sid:83690302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chocolate/wp-content/plugins/user-private-files/shared/"; depth:56; endswith; nocase; http.host; content:"milkganache.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827203/; classtype:trojan-activity;sid:83690303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"yahyacarpet.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827204/; classtype:trojan-activity;sid:83690304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/networkconnect/wp-content/plugins/user-private-files/shared/"; depth:61; endswith; nocase; http.host; content:"iswpcreator.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827200/; classtype:trojan-activity;sid:83690300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tangerang/wp-content/plugins/user-private-files/shared/"; depth:56; endswith; nocase; http.host; content:"tutycholid.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827201/; classtype:trojan-activity;sid:83690301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indigo/wp-content/plugins/user-private-files/shared/"; depth:53; endswith; nocase; http.host; content:"konsaltakuatorial.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827192/; classtype:trojan-activity;sid:83690292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"divifar.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827193/; classtype:trojan-activity;sid:83690293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"audio.daiphucminh.vn"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827194/; classtype:trojan-activity;sid:83690294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"antvietnam.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827195/; classtype:trojan-activity;sid:83690295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"newsmedia247.site"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827196/; classtype:trojan-activity;sid:83690296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"phs124168.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827197/; classtype:trojan-activity;sid:83690297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"i.thietke.in"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827198/; classtype:trojan-activity;sid:83690298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/wp-content/plugins/user-private-files/shared/"; depth:51; endswith; nocase; http.host; content:"direitopositivado.com.br"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827199/; classtype:trojan-activity;sid:83690299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"pgdm.my"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827189/; classtype:trojan-activity;sid:83690289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"phatthanhnghia.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827190/; classtype:trojan-activity;sid:83690290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"seraphyaromatherapy.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827191/; classtype:trojan-activity;sid:83690291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"quotesparade.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827183/; classtype:trojan-activity;sid:83690283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.159.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827184/; classtype:trojan-activity;sid:83690284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"devaccrocs.allianceconsultants.net"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827185/; classtype:trojan-activity;sid:83690285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/wp-content/plugins/user-private-files/shared/"; depth:49; endswith; nocase; http.host; content:"vegasnights.co.za"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827186/; classtype:trojan-activity;sid:83690286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"manbaulhudaasia.aliyy.my"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827187/; classtype:trojan-activity;sid:83690287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"cbg.divineunveil.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827188/; classtype:trojan-activity;sid:83690288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"ugandainarabic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827175/; classtype:trojan-activity;sid:83690275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"www.pansy-dz.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827176/; classtype:trojan-activity;sid:83690276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"reyadtours.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827177/; classtype:trojan-activity;sid:83690277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"ideanet.co.in"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827178/; classtype:trojan-activity;sid:83690278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"thayhoicoffee.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827179/; classtype:trojan-activity;sid:83690279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"ideosphere.in"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827180/; classtype:trojan-activity;sid:83690280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/projects/visioncrystal/wp-content/plugins/user-private-files/shared/"; depth:69; endswith; nocase; http.host; content:"www.websitedesigningindia.biz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827181/; classtype:trojan-activity;sid:83690281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"upr.lk"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827182/; classtype:trojan-activity;sid:83690282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epicure-traiteur/wp-content/plugins/user-private-files/shared/"; depth:63; endswith; nocase; http.host; content:"vitrine.izaragency.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827172/; classtype:trojan-activity;sid:83690272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/model-2/wp-content/plugins/user-private-files/shared/"; depth:54; endswith; nocase; http.host; content:"vitrine.izaragency.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827173/; classtype:trojan-activity;sid:83690273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/user-private-files/shared/"; depth:46; endswith; nocase; http.host; content:"bissecci.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827174/; classtype:trojan-activity;sid:83690274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.86.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827171/; classtype:trojan-activity;sid:83690271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.65.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827170/; classtype:trojan-activity;sid:83690270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.67.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827168/; classtype:trojan-activity;sid:83690268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.93.136.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827169/; classtype:trojan-activity;sid:83690269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827167/; classtype:trojan-activity;sid:83690267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.142.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827166/; classtype:trojan-activity;sid:83690266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad.msi"; depth:7; endswith; nocase; http.host; content:"45.95.11.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827165/; classtype:trojan-activity;sid:83690265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/security_check/"; depth:16; endswith; nocase; http.host; content:"nlqbgkl5.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827164/; classtype:trojan-activity;sid:83690264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.11.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827163/; classtype:trojan-activity;sid:83690263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827162/; classtype:trojan-activity;sid:83690262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.132.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827161/; classtype:trojan-activity;sid:83690261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.135.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827160/; classtype:trojan-activity;sid:83690260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.73.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827159/; classtype:trojan-activity;sid:83690259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.208.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827157/; classtype:trojan-activity;sid:83690257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.185.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827158/; classtype:trojan-activity;sid:83690258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.150.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827155/; classtype:trojan-activity;sid:83690255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.32.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827156/; classtype:trojan-activity;sid:83690256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.183.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827154/; classtype:trojan-activity;sid:83690254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.168.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827153/; classtype:trojan-activity;sid:83690253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827152/; classtype:trojan-activity;sid:83690252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.86.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827150/; classtype:trojan-activity;sid:83690250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.99.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827151/; classtype:trojan-activity;sid:83690251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.34.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827149/; classtype:trojan-activity;sid:83690249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.150.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827148/; classtype:trojan-activity;sid:83690248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.135.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827147/; classtype:trojan-activity;sid:83690247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.155.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827146/; classtype:trojan-activity;sid:83690246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827145/; classtype:trojan-activity;sid:83690245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.218.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827144/; classtype:trojan-activity;sid:83690244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827143/; classtype:trojan-activity;sid:83690243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.82.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827142/; classtype:trojan-activity;sid:83690242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.190.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827141/; classtype:trojan-activity;sid:83690241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.122.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827140/; classtype:trojan-activity;sid:83690240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.248.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827139/; classtype:trojan-activity;sid:83690239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.150.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827138/; classtype:trojan-activity;sid:83690238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"svif-venezuela.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827137/; classtype:trojan-activity;sid:83690237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"94.131.101.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827135/; classtype:trojan-activity;sid:83690235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"svif-venezuela.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827136/; classtype:trojan-activity;sid:83690236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.37.238.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827134/; classtype:trojan-activity;sid:83690234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.171.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827133/; classtype:trojan-activity;sid:83690233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.152.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827132/; classtype:trojan-activity;sid:83690232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.61.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827131/; classtype:trojan-activity;sid:83690231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.190.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827130/; classtype:trojan-activity;sid:83690230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.234.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827129/; classtype:trojan-activity;sid:83690229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.211.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827128/; classtype:trojan-activity;sid:83690228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.205.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827127/; classtype:trojan-activity;sid:83690227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.158.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827126/; classtype:trojan-activity;sid:83690226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.122.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827125/; classtype:trojan-activity;sid:83690225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.81.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827124/; classtype:trojan-activity;sid:83690224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.37.238.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827123/; classtype:trojan-activity;sid:83690223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.157.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827122/; classtype:trojan-activity;sid:83690222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.189.245.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827121/; classtype:trojan-activity;sid:83690221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.149.139.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827120/; classtype:trojan-activity;sid:83690220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.152.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827119/; classtype:trojan-activity;sid:83690219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.255.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827118/; classtype:trojan-activity;sid:83690218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668967566|3f|hash=gawr6dbgifhqjuujyeixv2ic99fxyzhotvvlkoeqvvg|7c|26|7c|dl=wz118yc9hyoz9ykrpg5agfszsqq61jftztdzqwqcmdw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827117/; classtype:trojan-activity;sid:83690217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.104.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827116/; classtype:trojan-activity;sid:83690216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.32.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827115/; classtype:trojan-activity;sid:83690215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.61.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827114/; classtype:trojan-activity;sid:83690214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xtnhsvjqtxvh"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827113/; classtype:trojan-activity;sid:83690213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.223.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827110/; classtype:trojan-activity;sid:83690210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.92.82.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827111/; classtype:trojan-activity;sid:83690211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.130.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827112/; classtype:trojan-activity;sid:83690212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.157.83.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827109/; classtype:trojan-activity;sid:83690209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.31.180.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827108/; classtype:trojan-activity;sid:83690208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.189.245.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827107/; classtype:trojan-activity;sid:83690207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.189.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827106/; classtype:trojan-activity;sid:83690206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827105/; classtype:trojan-activity;sid:83690205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.157.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827104/; classtype:trojan-activity;sid:83690204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.75.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827103/; classtype:trojan-activity;sid:83690203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.65.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827102/; classtype:trojan-activity;sid:83690202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.121.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827099/; classtype:trojan-activity;sid:83690199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.193.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827100/; classtype:trojan-activity;sid:83690200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.230.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827101/; classtype:trojan-activity;sid:83690201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.38.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827098/; classtype:trojan-activity;sid:83690198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.198.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827097/; classtype:trojan-activity;sid:83690197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.33.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827096/; classtype:trojan-activity;sid:83690196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.130.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827095/; classtype:trojan-activity;sid:83690195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.52.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827094/; classtype:trojan-activity;sid:83690194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.mpsl"; depth:13; endswith; nocase; http.host; content:"45.142.182.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827093/; classtype:trojan-activity;sid:83690193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.189.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827092/; classtype:trojan-activity;sid:83690192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.27.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827091/; classtype:trojan-activity;sid:83690191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.110.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827090/; classtype:trojan-activity;sid:83690190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827089/; classtype:trojan-activity;sid:83690189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.172.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827087/; classtype:trojan-activity;sid:83690187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.38.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827088/; classtype:trojan-activity;sid:83690188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.123.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827086/; classtype:trojan-activity;sid:83690186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.90.88.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827085/; classtype:trojan-activity;sid:83690185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.212.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827084/; classtype:trojan-activity;sid:83690184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.8.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827083/; classtype:trojan-activity;sid:83690183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.84.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827082/; classtype:trojan-activity;sid:83690182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827081/; classtype:trojan-activity;sid:83690181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.103.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827080/; classtype:trojan-activity;sid:83690180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.56.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827079/; classtype:trojan-activity;sid:83690179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.137.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827078/; classtype:trojan-activity;sid:83690178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.36.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827077/; classtype:trojan-activity;sid:83690177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827074/; classtype:trojan-activity;sid:83690174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.172.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827075/; classtype:trojan-activity;sid:83690175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827076/; classtype:trojan-activity;sid:83690176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.71.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827073/; classtype:trojan-activity;sid:83690173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.134.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827071/; classtype:trojan-activity;sid:83690171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.46.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827072/; classtype:trojan-activity;sid:83690172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.49.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827070/; classtype:trojan-activity;sid:83690170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.84.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827069/; classtype:trojan-activity;sid:83690169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.123.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827068/; classtype:trojan-activity;sid:83690168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.17.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827067/; classtype:trojan-activity;sid:83690167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.155.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827066/; classtype:trojan-activity;sid:83690166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.56.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827065/; classtype:trojan-activity;sid:83690165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gavno/nikto.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827064/; classtype:trojan-activity;sid:83690164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827063/; classtype:trojan-activity;sid:83690163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.90.88.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827062/; classtype:trojan-activity;sid:83690162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.137.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827061/; classtype:trojan-activity;sid:83690161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.8.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827060/; classtype:trojan-activity;sid:83690160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.56.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827059/; classtype:trojan-activity;sid:83690159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.96.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827058/; classtype:trojan-activity;sid:83690158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.216.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827057/; classtype:trojan-activity;sid:83690157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.11.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827056/; classtype:trojan-activity;sid:83690156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.49.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827055/; classtype:trojan-activity;sid:83690155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.187.64.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827054/; classtype:trojan-activity;sid:83690154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.218.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827053/; classtype:trojan-activity;sid:83690153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.247.160.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827052/; classtype:trojan-activity;sid:83690152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.58.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827051/; classtype:trojan-activity;sid:83690151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.76.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827050/; classtype:trojan-activity;sid:83690150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.78.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827049/; classtype:trojan-activity;sid:83690149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.75.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827048/; classtype:trojan-activity;sid:83690148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827047/; classtype:trojan-activity;sid:83690147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.191.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827046/; classtype:trojan-activity;sid:83690146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.6.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827045/; classtype:trojan-activity;sid:83690145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.85.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827044/; classtype:trojan-activity;sid:83690144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.32.198.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827043/; classtype:trojan-activity;sid:83690143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827042/; classtype:trojan-activity;sid:83690142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.113.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827041/; classtype:trojan-activity;sid:83690141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.109.73.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827040/; classtype:trojan-activity;sid:83690140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.10.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827039/; classtype:trojan-activity;sid:83690139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.84.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827038/; classtype:trojan-activity;sid:83690138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.47.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827036/; classtype:trojan-activity;sid:83690136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.147.18.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827037/; classtype:trojan-activity;sid:83690137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827034/; classtype:trojan-activity;sid:83690134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.232.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827035/; classtype:trojan-activity;sid:83690135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.192.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827033/; classtype:trojan-activity;sid:83690133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.172.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827032/; classtype:trojan-activity;sid:83690132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.247.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827031/; classtype:trojan-activity;sid:83690131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.216.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827030/; classtype:trojan-activity;sid:83690130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.143.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827029/; classtype:trojan-activity;sid:83690129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.4.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827028/; classtype:trojan-activity;sid:83690128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.126.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827027/; classtype:trojan-activity;sid:83690127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.57.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827026/; classtype:trojan-activity;sid:83690126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.186.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827025/; classtype:trojan-activity;sid:83690125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.78.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827024/; classtype:trojan-activity;sid:83690124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.255.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827023/; classtype:trojan-activity;sid:83690123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.233.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827022/; classtype:trojan-activity;sid:83690122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.11.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827021/; classtype:trojan-activity;sid:83690121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.11.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827020/; classtype:trojan-activity;sid:83690120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668971870|3f|hash=jqvzooj71utv7xazppp7quv9ro4s8bspxv7ilhgxi1t|7c|26|7c|dl=km1tydwgfxjarz3op78hjystbbvkjy03z57rjcfcyoz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827019/; classtype:trojan-activity;sid:83690119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.189.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827018/; classtype:trojan-activity;sid:83690118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.172.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827017/; classtype:trojan-activity;sid:83690117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.247.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827016/; classtype:trojan-activity;sid:83690116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.224.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827015/; classtype:trojan-activity;sid:83690115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.255.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827014/; classtype:trojan-activity;sid:83690114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827013/; classtype:trojan-activity;sid:83690113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827012/; classtype:trojan-activity;sid:83690112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.98.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827011/; classtype:trojan-activity;sid:83690111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.251.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827010/; classtype:trojan-activity;sid:83690110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.179.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827009/; classtype:trojan-activity;sid:83690109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.209.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827008/; classtype:trojan-activity;sid:83690108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827007/; classtype:trojan-activity;sid:83690107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.202.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827006/; classtype:trojan-activity;sid:83690106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.34.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827005/; classtype:trojan-activity;sid:83690105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.10.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827004/; classtype:trojan-activity;sid:83690104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.4.102.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827003/; classtype:trojan-activity;sid:83690103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827002/; classtype:trojan-activity;sid:83690102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827001/; classtype:trojan-activity;sid:83690101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.121.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827000/; classtype:trojan-activity;sid:83690100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.181.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826999/; classtype:trojan-activity;sid:83690099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.92.82.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826998/; classtype:trojan-activity;sid:83690098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.221.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826997/; classtype:trojan-activity;sid:83690097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826996/; classtype:trojan-activity;sid:83690096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.63.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826995/; classtype:trojan-activity;sid:83690095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.56.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826994/; classtype:trojan-activity;sid:83690094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.161.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826993/; classtype:trojan-activity;sid:83690093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.41.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826992/; classtype:trojan-activity;sid:83690092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.179.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826991/; classtype:trojan-activity;sid:83690091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826990/; classtype:trojan-activity;sid:83690090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826988/; classtype:trojan-activity;sid:83690088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.246.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826989/; classtype:trojan-activity;sid:83690089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.58.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826987/; classtype:trojan-activity;sid:83690087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.149.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826986/; classtype:trojan-activity;sid:83690086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.238.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826985/; classtype:trojan-activity;sid:83690085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.238.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826984/; classtype:trojan-activity;sid:83690084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.161.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826983/; classtype:trojan-activity;sid:83690083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.121.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826982/; classtype:trojan-activity;sid:83690082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.63.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826981/; classtype:trojan-activity;sid:83690081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.92.82.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826980/; classtype:trojan-activity;sid:83690080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.52.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826979/; classtype:trojan-activity;sid:83690079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.81.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826978/; classtype:trojan-activity;sid:83690078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826977/; classtype:trojan-activity;sid:83690077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826976/; classtype:trojan-activity;sid:83690076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.10.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826975/; classtype:trojan-activity;sid:83690075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm7"; depth:15; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826972/; classtype:trojan-activity;sid:83690072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.x86_64"; depth:17; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826973/; classtype:trojan-activity;sid:83690073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.mips"; depth:15; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826974/; classtype:trojan-activity;sid:83690074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.mpsl"; depth:15; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826967/; classtype:trojan-activity;sid:83690067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.ppc"; depth:14; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826968/; classtype:trojan-activity;sid:83690068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.m68k"; depth:15; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826969/; classtype:trojan-activity;sid:83690069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.sh4"; depth:14; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826970/; classtype:trojan-activity;sid:83690070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm5"; depth:15; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826971/; classtype:trojan-activity;sid:83690071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm"; depth:14; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826965/; classtype:trojan-activity;sid:83690065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm6"; depth:15; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826966/; classtype:trojan-activity;sid:83690066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/advancedipscanner.msix"; depth:29; endswith; nocase; http.host; content:"138.124.180.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826964/; classtype:trojan-activity;sid:83690064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/advancedipscanner.msix"; depth:29; endswith; nocase; http.host; content:"cdn43.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826963/; classtype:trojan-activity;sid:83690063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826961/; classtype:trojan-activity;sid:83690061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.202.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826962/; classtype:trojan-activity;sid:83690062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/nwxqjh2y65y3zt35dymns/crack_installer_v5.8.zip|3f|rlkey=uv25ardxrjdbfusuzeccellen|7c|26|7c|dl=1"; depth:103; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826960/; classtype:trojan-activity;sid:83690060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/advancedipscanner.msix"; depth:29; endswith; nocase; http.host; content:"138.124.180.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826959/; classtype:trojan-activity;sid:83690059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/netsupport43.zip"; depth:23; endswith; nocase; http.host; content:"138.124.180.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826956/; classtype:trojan-activity;sid:83690056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.rar"; depth:10; endswith; nocase; http.host; content:"vaezmod.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826957/; classtype:trojan-activity;sid:83690057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/netsupport43.zip"; depth:23; endswith; nocase; http.host; content:"cdn43.space"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826958/; classtype:trojan-activity;sid:83690058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/netsupport43.zip"; depth:23; endswith; nocase; http.host; content:"138.124.180.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826955/; classtype:trojan-activity;sid:83690055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.x86"; depth:14; endswith; nocase; http.host; content:"91.92.240.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826954/; classtype:trojan-activity;sid:83690054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbztwxtoizdmwg3z7zzza6co7kz2zzhm5zkzl3gckzh4zy8zejz1lze4znrzzfzg8zyrz0zzkfzuzepz44zjpbb0zdcv8pslwbvf6iirafpps0shnosh7/foruncher_1.4.0.6.zip"; depth:140; endswith; nocase; http.host; content:"p-lux1.pcloud.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826952/; classtype:trojan-activity;sid:83690052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.m68k"; depth:11; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826953/; classtype:trojan-activity;sid:83690053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iv.sh"; depth:6; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826951/; classtype:trojan-activity;sid:83690051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.51.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826950/; classtype:trojan-activity;sid:83690050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.246.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826949/; classtype:trojan-activity;sid:83690049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.136.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826948/; classtype:trojan-activity;sid:83690048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.41.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826947/; classtype:trojan-activity;sid:83690047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.68.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826946/; classtype:trojan-activity;sid:83690046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.89.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826945/; classtype:trojan-activity;sid:83690045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.155.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826944/; classtype:trojan-activity;sid:83690044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.81.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826943/; classtype:trojan-activity;sid:83690043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826942/; classtype:trojan-activity;sid:83690042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.47.192.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826941/; classtype:trojan-activity;sid:83690041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.37.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826940/; classtype:trojan-activity;sid:83690040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.55.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826939/; classtype:trojan-activity;sid:83690039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.53.172.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826938/; classtype:trojan-activity;sid:83690038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-amd64"; depth:11; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826937/; classtype:trojan-activity;sid:83690037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.51.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826936/; classtype:trojan-activity;sid:83690036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826935/; classtype:trojan-activity;sid:83690035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826932/; classtype:trojan-activity;sid:83690032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tf.sh"; depth:6; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826933/; classtype:trojan-activity;sid:83690033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lh.sh"; depth:6; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826934/; classtype:trojan-activity;sid:83690034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826929/; classtype:trojan-activity;sid:83690029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826930/; classtype:trojan-activity;sid:83690030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826931/; classtype:trojan-activity;sid:83690031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.227.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826928/; classtype:trojan-activity;sid:83690028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668963670|3f|hash=vyo83cyjarz9zpkgn3k5itb7zotsnjnnday7bgh4oyc|7c|26|7c|dl=ndifu6fs1h4zfuwzizkwh7txspbzr7dtwmnhnzmlmuz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826927/; classtype:trojan-activity;sid:83690027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.79.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826926/; classtype:trojan-activity;sid:83690026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libsystem.so"; depth:13; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826925/; classtype:trojan-activity;sid:83690025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex.sh"; depth:6; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826923/; classtype:trojan-activity;sid:83690023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing"; depth:8; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826924/; classtype:trojan-activity;sid:83690024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing_aarch64"; depth:16; endswith; nocase; http.host; content:"195.123.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826922/; classtype:trojan-activity;sid:83690022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.221.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826920/; classtype:trojan-activity;sid:83690020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.225.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826921/; classtype:trojan-activity;sid:83690021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.237.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826919/; classtype:trojan-activity;sid:83690019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826918/; classtype:trojan-activity;sid:83690018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.136.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826917/; classtype:trojan-activity;sid:83690017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.251.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826915/; classtype:trojan-activity;sid:83690015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826916/; classtype:trojan-activity;sid:83690016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826914/; classtype:trojan-activity;sid:83690014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.197.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826913/; classtype:trojan-activity;sid:83690013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.227.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826912/; classtype:trojan-activity;sid:83690012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.182.182.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826910/; classtype:trojan-activity;sid:83690010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826911/; classtype:trojan-activity;sid:83690011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.212.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826909/; classtype:trojan-activity;sid:83690009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.164.229.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826908/; classtype:trojan-activity;sid:83690008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826907/; classtype:trojan-activity;sid:83690007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.197.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826906/; classtype:trojan-activity;sid:83690006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.89.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826905/; classtype:trojan-activity;sid:83690005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826904/; classtype:trojan-activity;sid:83690004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826903/; classtype:trojan-activity;sid:83690003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826902/; classtype:trojan-activity;sid:83690002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.177.105.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826901/; classtype:trojan-activity;sid:83690001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.253.118.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826900/; classtype:trojan-activity;sid:83690000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.75.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826899/; classtype:trojan-activity;sid:83689999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.32.172.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826898/; classtype:trojan-activity;sid:83689998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826897/; classtype:trojan-activity;sid:83689997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826896/; classtype:trojan-activity;sid:83689996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826894/; classtype:trojan-activity;sid:83689994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826895/; classtype:trojan-activity;sid:83689995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826893/; classtype:trojan-activity;sid:83689993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.2.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826892/; classtype:trojan-activity;sid:83689992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.237.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826891/; classtype:trojan-activity;sid:83689991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.251.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826889/; classtype:trojan-activity;sid:83689989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.222.237.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826890/; classtype:trojan-activity;sid:83689990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826888/; classtype:trojan-activity;sid:83689988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.43.111.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826887/; classtype:trojan-activity;sid:83689987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.82.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826886/; classtype:trojan-activity;sid:83689986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/f7c4dqk3"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826885/; classtype:trojan-activity;sid:83689985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.116.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826884/; classtype:trojan-activity;sid:83689984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.79.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826883/; classtype:trojan-activity;sid:83689983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826882/; classtype:trojan-activity;sid:83689982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.182.182.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826881/; classtype:trojan-activity;sid:83689981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x83tekpwqurv"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826880/; classtype:trojan-activity;sid:83689980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826879/; classtype:trojan-activity;sid:83689979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826878/; classtype:trojan-activity;sid:83689978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.252.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826877/; classtype:trojan-activity;sid:83689977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.225.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826876/; classtype:trojan-activity;sid:83689976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.82.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826875/; classtype:trojan-activity;sid:83689975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826874/; classtype:trojan-activity;sid:83689974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.66.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826873/; classtype:trojan-activity;sid:83689973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826872/; classtype:trojan-activity;sid:83689972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.43.111.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826871/; classtype:trojan-activity;sid:83689971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.116.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826870/; classtype:trojan-activity;sid:83689970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668920073|3f|hash=z7lx18povcrdxrs7btnvzrlnszx4xcaqves7r9ew87o|7c|26|7c|dl=2w0xo8mbsxiz7rn3jjzstlnhdjysrv1gf7hp70wugzg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826869/; classtype:trojan-activity;sid:83689969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.79.188.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826868/; classtype:trojan-activity;sid:83689968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.40.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826867/; classtype:trojan-activity;sid:83689967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.48.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826865/; classtype:trojan-activity;sid:83689965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.36.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826866/; classtype:trojan-activity;sid:83689966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.147.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826864/; classtype:trojan-activity;sid:83689964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826863/; classtype:trojan-activity;sid:83689963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.180.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826862/; classtype:trojan-activity;sid:83689962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.42.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826861/; classtype:trojan-activity;sid:83689961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.105.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826860/; classtype:trojan-activity;sid:83689960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.225.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826859/; classtype:trojan-activity;sid:83689959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.12.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826858/; classtype:trojan-activity;sid:83689958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.6.76"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826857/; classtype:trojan-activity;sid:83689957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826856/; classtype:trojan-activity;sid:83689956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826843/; classtype:trojan-activity;sid:83689943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826844/; classtype:trojan-activity;sid:83689944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826845/; classtype:trojan-activity;sid:83689945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826846/; classtype:trojan-activity;sid:83689946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826847/; classtype:trojan-activity;sid:83689947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826848/; classtype:trojan-activity;sid:83689948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826849/; classtype:trojan-activity;sid:83689949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826850/; classtype:trojan-activity;sid:83689950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826851/; classtype:trojan-activity;sid:83689951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826852/; classtype:trojan-activity;sid:83689952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826853/; classtype:trojan-activity;sid:83689953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826854/; classtype:trojan-activity;sid:83689954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826855/; classtype:trojan-activity;sid:83689955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"114.134.189.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826842/; classtype:trojan-activity;sid:83689942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"23.224.227.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826838/; classtype:trojan-activity;sid:83689938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"23.224.227.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826839/; classtype:trojan-activity;sid:83689939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"23.224.227.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826840/; classtype:trojan-activity;sid:83689940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"23.224.227.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826841/; classtype:trojan-activity;sid:83689941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826837/; classtype:trojan-activity;sid:83689937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826836/; classtype:trojan-activity;sid:83689936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826834/; classtype:trojan-activity;sid:83689934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826835/; classtype:trojan-activity;sid:83689935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826833/; classtype:trojan-activity;sid:83689933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826830/; classtype:trojan-activity;sid:83689930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826831/; classtype:trojan-activity;sid:83689931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826832/; classtype:trojan-activity;sid:83689932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826828/; classtype:trojan-activity;sid:83689928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"94.156.8.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826829/; classtype:trojan-activity;sid:83689929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ssh4"; depth:6; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826827/; classtype:trojan-activity;sid:83689927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826825/; classtype:trojan-activity;sid:83689925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826826/; classtype:trojan-activity;sid:83689926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826822/; classtype:trojan-activity;sid:83689922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826823/; classtype:trojan-activity;sid:83689923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826824/; classtype:trojan-activity;sid:83689924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826817/; classtype:trojan-activity;sid:83689917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826818/; classtype:trojan-activity;sid:83689918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826819/; classtype:trojan-activity;sid:83689919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826820/; classtype:trojan-activity;sid:83689920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826821/; classtype:trojan-activity;sid:83689921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826816/; classtype:trojan-activity;sid:83689916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826815/; classtype:trojan-activity;sid:83689915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826811/; classtype:trojan-activity;sid:83689911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826812/; classtype:trojan-activity;sid:83689912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826813/; classtype:trojan-activity;sid:83689913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826814/; classtype:trojan-activity;sid:83689914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826809/; classtype:trojan-activity;sid:83689909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"bot.qngxgw.eu.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826810/; classtype:trojan-activity;sid:83689910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826803/; classtype:trojan-activity;sid:83689903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826804/; classtype:trojan-activity;sid:83689904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826805/; classtype:trojan-activity;sid:83689905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826806/; classtype:trojan-activity;sid:83689906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826807/; classtype:trojan-activity;sid:83689907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"89.185.30.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826808/; classtype:trojan-activity;sid:83689908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.48.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826802/; classtype:trojan-activity;sid:83689902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.227.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826801/; classtype:trojan-activity;sid:83689901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.243.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826800/; classtype:trojan-activity;sid:83689900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.46.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826798/; classtype:trojan-activity;sid:83689898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.10.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826799/; classtype:trojan-activity;sid:83689899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.mips"; depth:11; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826797/; classtype:trojan-activity;sid:83689897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.36.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826796/; classtype:trojan-activity;sid:83689896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.228.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826795/; classtype:trojan-activity;sid:83689895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"iaue.anesthetics.biomedzglobal.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826793/; classtype:trojan-activity;sid:83689893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"bxs.anesthetics.biomedzglobal.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826794/; classtype:trojan-activity;sid:83689894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.123.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826792/; classtype:trojan-activity;sid:83689892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.mpsl"; depth:11; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826791/; classtype:trojan-activity;sid:83689891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.x86"; depth:10; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826789/; classtype:trojan-activity;sid:83689889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.133.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826790/; classtype:trojan-activity;sid:83689890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.sh4"; depth:10; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826782/; classtype:trojan-activity;sid:83689882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.arm7"; depth:11; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826783/; classtype:trojan-activity;sid:83689883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.ppc"; depth:10; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826784/; classtype:trojan-activity;sid:83689884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.arm6"; depth:11; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826785/; classtype:trojan-activity;sid:83689885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.arm"; depth:10; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826786/; classtype:trojan-activity;sid:83689886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.arm5"; depth:11; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826787/; classtype:trojan-activity;sid:83689887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.mips"; depth:11; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826788/; classtype:trojan-activity;sid:83689888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.test.arc"; depth:10; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826781/; classtype:trojan-activity;sid:83689881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826776/; classtype:trojan-activity;sid:83689876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826777/; classtype:trojan-activity;sid:83689877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826778/; classtype:trojan-activity;sid:83689878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826779/; classtype:trojan-activity;sid:83689879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826780/; classtype:trojan-activity;sid:83689880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826775/; classtype:trojan-activity;sid:83689875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.191.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826767/; classtype:trojan-activity;sid:83689867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826768/; classtype:trojan-activity;sid:83689868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826769/; classtype:trojan-activity;sid:83689869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826770/; classtype:trojan-activity;sid:83689870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826771/; classtype:trojan-activity;sid:83689871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826772/; classtype:trojan-activity;sid:83689872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.22.238.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826773/; classtype:trojan-activity;sid:83689873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826774/; classtype:trojan-activity;sid:83689874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826764/; classtype:trojan-activity;sid:83689864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826765/; classtype:trojan-activity;sid:83689865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826766/; classtype:trojan-activity;sid:83689866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.198.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826763/; classtype:trojan-activity;sid:83689863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.191.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826762/; classtype:trojan-activity;sid:83689862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.12.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826761/; classtype:trojan-activity;sid:83689861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.72.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826760/; classtype:trojan-activity;sid:83689860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.72.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826759/; classtype:trojan-activity;sid:83689859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.92.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826758/; classtype:trojan-activity;sid:83689858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668970097|3f|hash=pgjlcumcdrplgyv4zjeyioi64dzahbljb7h3r1s4ixw|7c|26|7c|dl=3vwyibbuzxf5evxnrwcgbiu7rvkznddcr6v8zzejlap|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826757/; classtype:trojan-activity;sid:83689857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.193.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826756/; classtype:trojan-activity;sid:83689856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.167.37.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826755/; classtype:trojan-activity;sid:83689855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.125.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826754/; classtype:trojan-activity;sid:83689854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.144.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826753/; classtype:trojan-activity;sid:83689853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.123.71.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826752/; classtype:trojan-activity;sid:83689852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.53.172.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826751/; classtype:trojan-activity;sid:83689851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826747/; classtype:trojan-activity;sid:83689847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826748/; classtype:trojan-activity;sid:83689848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826749/; classtype:trojan-activity;sid:83689849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826750/; classtype:trojan-activity;sid:83689850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826746/; classtype:trojan-activity;sid:83689846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826743/; classtype:trojan-activity;sid:83689843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826744/; classtype:trojan-activity;sid:83689844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826745/; classtype:trojan-activity;sid:83689845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826739/; classtype:trojan-activity;sid:83689839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826740/; classtype:trojan-activity;sid:83689840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826741/; classtype:trojan-activity;sid:83689841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"45.88.90.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826742/; classtype:trojan-activity;sid:83689842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.22.238.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826738/; classtype:trojan-activity;sid:83689838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.45.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826736/; classtype:trojan-activity;sid:83689836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.72.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826737/; classtype:trojan-activity;sid:83689837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.92.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826735/; classtype:trojan-activity;sid:83689835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.154.172.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826733/; classtype:trojan-activity;sid:83689833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.85.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826734/; classtype:trojan-activity;sid:83689834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.22.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826732/; classtype:trojan-activity;sid:83689832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.2.161.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826731/; classtype:trojan-activity;sid:83689831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.35.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826730/; classtype:trojan-activity;sid:83689830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.26.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826728/; classtype:trojan-activity;sid:83689828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.22.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826729/; classtype:trojan-activity;sid:83689829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.249.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826727/; classtype:trojan-activity;sid:83689827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.233.161.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826726/; classtype:trojan-activity;sid:83689826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.97.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826725/; classtype:trojan-activity;sid:83689825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.24.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826724/; classtype:trojan-activity;sid:83689824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.158.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826723/; classtype:trojan-activity;sid:83689823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.121.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826722/; classtype:trojan-activity;sid:83689822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.45.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826721/; classtype:trojan-activity;sid:83689821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826720/; classtype:trojan-activity;sid:83689820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.22.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826719/; classtype:trojan-activity;sid:83689819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"lvh.anesthetics.biomedzglobal.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826718/; classtype:trojan-activity;sid:83689818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.236.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826717/; classtype:trojan-activity;sid:83689817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.78.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826716/; classtype:trojan-activity;sid:83689816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.105.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826715/; classtype:trojan-activity;sid:83689815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.233.161.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826714/; classtype:trojan-activity;sid:83689814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.246.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826713/; classtype:trojan-activity;sid:83689813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826712/; classtype:trojan-activity;sid:83689812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.24.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826711/; classtype:trojan-activity;sid:83689811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.101.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826710/; classtype:trojan-activity;sid:83689810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.121.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826709/; classtype:trojan-activity;sid:83689809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826708/; classtype:trojan-activity;sid:83689808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.209.208.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826707/; classtype:trojan-activity;sid:83689807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"91.92.243.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826706/; classtype:trojan-activity;sid:83689806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.46.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826705/; classtype:trojan-activity;sid:83689805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.236.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826704/; classtype:trojan-activity;sid:83689804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826703/; classtype:trojan-activity;sid:83689803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.24.36.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826702/; classtype:trojan-activity;sid:83689802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.70.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826701/; classtype:trojan-activity;sid:83689801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.171.253.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826700/; classtype:trojan-activity;sid:83689800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.78.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826699/; classtype:trojan-activity;sid:83689799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.255.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826698/; classtype:trojan-activity;sid:83689798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.196.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826697/; classtype:trojan-activity;sid:83689797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.101.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826696/; classtype:trojan-activity;sid:83689796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.94.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826695/; classtype:trojan-activity;sid:83689795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.124.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826694/; classtype:trojan-activity;sid:83689794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.17.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826693/; classtype:trojan-activity;sid:83689793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.34.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826692/; classtype:trojan-activity;sid:83689792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.246.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826691/; classtype:trojan-activity;sid:83689791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.15.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826690/; classtype:trojan-activity;sid:83689790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"194.15.113.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826689/; classtype:trojan-activity;sid:83689789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.124.41.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826688/; classtype:trojan-activity;sid:83689788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.117.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826687/; classtype:trojan-activity;sid:83689787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86"; depth:9; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826681/; classtype:trojan-activity;sid:83689781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm7"; depth:10; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826682/; classtype:trojan-activity;sid:83689782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826683/; classtype:trojan-activity;sid:83689783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mips"; depth:10; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826684/; classtype:trojan-activity;sid:83689784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mips"; depth:10; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826685/; classtype:trojan-activity;sid:83689785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86_64"; depth:12; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826686/; classtype:trojan-activity;sid:83689786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm7"; depth:10; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826679/; classtype:trojan-activity;sid:83689779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm"; depth:9; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826680/; classtype:trojan-activity;sid:83689780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826672/; classtype:trojan-activity;sid:83689772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm5"; depth:10; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826673/; classtype:trojan-activity;sid:83689773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mpsl"; depth:10; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826674/; classtype:trojan-activity;sid:83689774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm6"; depth:10; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826675/; classtype:trojan-activity;sid:83689775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86_64"; depth:12; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826676/; classtype:trojan-activity;sid:83689776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-m68k"; depth:10; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826677/; classtype:trojan-activity;sid:83689777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-sh4"; depth:9; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826678/; classtype:trojan-activity;sid:83689778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826671/; classtype:trojan-activity;sid:83689771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-spc"; depth:9; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826670/; classtype:trojan-activity;sid:83689770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm"; depth:9; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826666/; classtype:trojan-activity;sid:83689766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826667/; classtype:trojan-activity;sid:83689767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-ppc"; depth:9; endswith; nocase; http.host; content:"domain-botnet.servehttp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826668/; classtype:trojan-activity;sid:83689768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826669/; classtype:trojan-activity;sid:83689769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-m68k"; depth:10; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826661/; classtype:trojan-activity;sid:83689761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm6"; depth:10; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826662/; classtype:trojan-activity;sid:83689762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86"; depth:9; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826663/; classtype:trojan-activity;sid:83689763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mpsl"; depth:10; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826664/; classtype:trojan-activity;sid:83689764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-sh4"; depth:9; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826665/; classtype:trojan-activity;sid:83689765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826659/; classtype:trojan-activity;sid:83689759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm5"; depth:10; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826660/; classtype:trojan-activity;sid:83689760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-ppc"; depth:9; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826657/; classtype:trojan-activity;sid:83689757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-spc"; depth:9; endswith; nocase; http.host; content:"51.79.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826658/; classtype:trojan-activity;sid:83689758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.46.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826656/; classtype:trojan-activity;sid:83689756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.199.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826655/; classtype:trojan-activity;sid:83689755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.251.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826653/; classtype:trojan-activity;sid:83689753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.165.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826654/; classtype:trojan-activity;sid:83689754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.235.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826652/; classtype:trojan-activity;sid:83689752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.6.139"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826651/; classtype:trojan-activity;sid:83689751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.199.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826650/; classtype:trojan-activity;sid:83689750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.43.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826649/; classtype:trojan-activity;sid:83689749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"72.132.11.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826647/; classtype:trojan-activity;sid:83689747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.39.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826648/; classtype:trojan-activity;sid:83689748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.218.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826645/; classtype:trojan-activity;sid:83689745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.100.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826646/; classtype:trojan-activity;sid:83689746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.86.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826644/; classtype:trojan-activity;sid:83689744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.103.103.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826643/; classtype:trojan-activity;sid:83689743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.140.173.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826642/; classtype:trojan-activity;sid:83689742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826639/; classtype:trojan-activity;sid:83689739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826640/; classtype:trojan-activity;sid:83689740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826641/; classtype:trojan-activity;sid:83689741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826634/; classtype:trojan-activity;sid:83689734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826635/; classtype:trojan-activity;sid:83689735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826636/; classtype:trojan-activity;sid:83689736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826637/; classtype:trojan-activity;sid:83689737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826638/; classtype:trojan-activity;sid:83689738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826631/; classtype:trojan-activity;sid:83689731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826632/; classtype:trojan-activity;sid:83689732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826633/; classtype:trojan-activity;sid:83689733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826629/; classtype:trojan-activity;sid:83689729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"103.97.132.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826630/; classtype:trojan-activity;sid:83689730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.24.36.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826628/; classtype:trojan-activity;sid:83689728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.170.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826627/; classtype:trojan-activity;sid:83689727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.230.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826626/; classtype:trojan-activity;sid:83689726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.199.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826625/; classtype:trojan-activity;sid:83689725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.251.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826624/; classtype:trojan-activity;sid:83689724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.179.199.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826622/; classtype:trojan-activity;sid:83689722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.61.144.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826623/; classtype:trojan-activity;sid:83689723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.119.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826621/; classtype:trojan-activity;sid:83689721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.211.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826620/; classtype:trojan-activity;sid:83689720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.15.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826619/; classtype:trojan-activity;sid:83689719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.117.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826618/; classtype:trojan-activity;sid:83689718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.123.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826617/; classtype:trojan-activity;sid:83689717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.123.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826616/; classtype:trojan-activity;sid:83689716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.41.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826615/; classtype:trojan-activity;sid:83689715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.41.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826614/; classtype:trojan-activity;sid:83689714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.71.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826613/; classtype:trojan-activity;sid:83689713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.190.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826611/; classtype:trojan-activity;sid:83689711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.97.163.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826612/; classtype:trojan-activity;sid:83689712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.205.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826609/; classtype:trojan-activity;sid:83689709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.202.22.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826610/; classtype:trojan-activity;sid:83689710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826608/; classtype:trojan-activity;sid:83689708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mpsl"; depth:10; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826607/; classtype:trojan-activity;sid:83689707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86_64"; depth:12; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826601/; classtype:trojan-activity;sid:83689701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm7"; depth:10; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826602/; classtype:trojan-activity;sid:83689702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mips"; depth:10; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826603/; classtype:trojan-activity;sid:83689703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm6"; depth:10; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826604/; classtype:trojan-activity;sid:83689704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.ppc"; depth:9; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826605/; classtype:trojan-activity;sid:83689705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.212.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826606/; classtype:trojan-activity;sid:83689706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm"; depth:9; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826595/; classtype:trojan-activity;sid:83689695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.spc"; depth:9; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826596/; classtype:trojan-activity;sid:83689696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.sh4"; depth:9; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826597/; classtype:trojan-activity;sid:83689697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm5"; depth:10; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826598/; classtype:trojan-activity;sid:83689698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86"; depth:9; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826599/; classtype:trojan-activity;sid:83689699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.m68k"; depth:10; endswith; nocase; http.host; content:"14.225.219.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826600/; classtype:trojan-activity;sid:83689700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.128.106.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826594/; classtype:trojan-activity;sid:83689694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.87.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826593/; classtype:trojan-activity;sid:83689693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826592/; classtype:trojan-activity;sid:83689692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.184.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826591/; classtype:trojan-activity;sid:83689691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826590/; classtype:trojan-activity;sid:83689690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.245.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826589/; classtype:trojan-activity;sid:83689689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.23.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826588/; classtype:trojan-activity;sid:83689688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.36.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826587/; classtype:trojan-activity;sid:83689687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.41.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826586/; classtype:trojan-activity;sid:83689686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.22.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826585/; classtype:trojan-activity;sid:83689685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.220.150.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826584/; classtype:trojan-activity;sid:83689684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826583/; classtype:trojan-activity;sid:83689683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"82.209.166.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826582/; classtype:trojan-activity;sid:83689682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826581/; classtype:trojan-activity;sid:83689681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.40.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826580/; classtype:trojan-activity;sid:83689680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.128.106.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826579/; classtype:trojan-activity;sid:83689679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.78.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826578/; classtype:trojan-activity;sid:83689678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826577/; classtype:trojan-activity;sid:83689677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.143.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826576/; classtype:trojan-activity;sid:83689676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826575/; classtype:trojan-activity;sid:83689675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.170.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826574/; classtype:trojan-activity;sid:83689674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.40.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826572/; classtype:trojan-activity;sid:83689672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.75.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826573/; classtype:trojan-activity;sid:83689673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.171.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826571/; classtype:trojan-activity;sid:83689671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.123.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826570/; classtype:trojan-activity;sid:83689670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.40.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826569/; classtype:trojan-activity;sid:83689669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.188.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826568/; classtype:trojan-activity;sid:83689668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.21.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826567/; classtype:trojan-activity;sid:83689667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.99.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826566/; classtype:trojan-activity;sid:83689666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.181.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826565/; classtype:trojan-activity;sid:83689665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.52.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826564/; classtype:trojan-activity;sid:83689664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.92.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826563/; classtype:trojan-activity;sid:83689663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.133.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826562/; classtype:trojan-activity;sid:83689662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.110.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826561/; classtype:trojan-activity;sid:83689661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.85.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826560/; classtype:trojan-activity;sid:83689660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.205.217.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826559/; classtype:trojan-activity;sid:83689659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.149.236.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826558/; classtype:trojan-activity;sid:83689658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826557/; classtype:trojan-activity;sid:83689657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.253.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826556/; classtype:trojan-activity;sid:83689656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.21.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826555/; classtype:trojan-activity;sid:83689655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.101.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826554/; classtype:trojan-activity;sid:83689654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.52.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826553/; classtype:trojan-activity;sid:83689653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.157.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826552/; classtype:trojan-activity;sid:83689652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.59.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826551/; classtype:trojan-activity;sid:83689651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.79.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826550/; classtype:trojan-activity;sid:83689650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.92.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826549/; classtype:trojan-activity;sid:83689649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.214.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826548/; classtype:trojan-activity;sid:83689648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.252.49.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826547/; classtype:trojan-activity;sid:83689647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.33.249.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826546/; classtype:trojan-activity;sid:83689646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.209.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826545/; classtype:trojan-activity;sid:83689645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.17.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826543/; classtype:trojan-activity;sid:83689643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.61.181.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826544/; classtype:trojan-activity;sid:83689644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.69.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826542/; classtype:trojan-activity;sid:83689642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.99.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826541/; classtype:trojan-activity;sid:83689641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.157.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826540/; classtype:trojan-activity;sid:83689640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826539/; classtype:trojan-activity;sid:83689639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.112.25.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826538/; classtype:trojan-activity;sid:83689638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.67.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826537/; classtype:trojan-activity;sid:83689637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826529/; classtype:trojan-activity;sid:83689629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826530/; classtype:trojan-activity;sid:83689630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826531/; classtype:trojan-activity;sid:83689631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826532/; classtype:trojan-activity;sid:83689632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826533/; classtype:trojan-activity;sid:83689633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826534/; classtype:trojan-activity;sid:83689634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826535/; classtype:trojan-activity;sid:83689635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826536/; classtype:trojan-activity;sid:83689636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826525/; classtype:trojan-activity;sid:83689625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826526/; classtype:trojan-activity;sid:83689626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826527/; classtype:trojan-activity;sid:83689627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826528/; classtype:trojan-activity;sid:83689628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826521/; classtype:trojan-activity;sid:83689621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826522/; classtype:trojan-activity;sid:83689622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826523/; classtype:trojan-activity;sid:83689623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"nocrynetworking.duckdns.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826524/; classtype:trojan-activity;sid:83689624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826516/; classtype:trojan-activity;sid:83689616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826517/; classtype:trojan-activity;sid:83689617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826518/; classtype:trojan-activity;sid:83689618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826519/; classtype:trojan-activity;sid:83689619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826520/; classtype:trojan-activity;sid:83689620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826514/; classtype:trojan-activity;sid:83689614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"209.14.69.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826515/; classtype:trojan-activity;sid:83689615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826513/; classtype:trojan-activity;sid:83689613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826512/; classtype:trojan-activity;sid:83689612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.74.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826511/; classtype:trojan-activity;sid:83689611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.223.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826510/; classtype:trojan-activity;sid:83689610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.38.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826509/; classtype:trojan-activity;sid:83689609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826508/; classtype:trojan-activity;sid:83689608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.79.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826507/; classtype:trojan-activity;sid:83689607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826506/; classtype:trojan-activity;sid:83689606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.165.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826505/; classtype:trojan-activity;sid:83689605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.154.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826498/; classtype:trojan-activity;sid:83689598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.m68k"; depth:16; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826499/; classtype:trojan-activity;sid:83689599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826500/; classtype:trojan-activity;sid:83689600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.arm6"; depth:16; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826501/; classtype:trojan-activity;sid:83689601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.arm7"; depth:8; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826502/; classtype:trojan-activity;sid:83689602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.arm6"; depth:8; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826503/; classtype:trojan-activity;sid:83689603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.arm7"; depth:16; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826504/; classtype:trojan-activity;sid:83689604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.ppc"; depth:7; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826486/; classtype:trojan-activity;sid:83689586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.mpsl"; depth:16; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826487/; classtype:trojan-activity;sid:83689587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.mips"; depth:8; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826488/; classtype:trojan-activity;sid:83689588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g.sh"; depth:5; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826489/; classtype:trojan-activity;sid:83689589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.x86"; depth:7; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826490/; classtype:trojan-activity;sid:83689590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.arm5"; depth:16; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826491/; classtype:trojan-activity;sid:83689591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.arm5"; depth:8; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826492/; classtype:trojan-activity;sid:83689592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.ppc"; depth:15; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826493/; classtype:trojan-activity;sid:83689593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.arm"; depth:7; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826494/; classtype:trojan-activity;sid:83689594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.arm"; depth:15; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826495/; classtype:trojan-activity;sid:83689595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.mips"; depth:16; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826496/; classtype:trojan-activity;sid:83689596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.i686"; depth:16; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826497/; classtype:trojan-activity;sid:83689597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.x86_64"; depth:10; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826481/; classtype:trojan-activity;sid:83689581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.sh4"; depth:7; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826482/; classtype:trojan-activity;sid:83689582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.mpsl"; depth:8; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826483/; classtype:trojan-activity;sid:83689583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fyx.sh"; depth:7; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826484/; classtype:trojan-activity;sid:83689584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ninja.x86"; depth:15; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826485/; classtype:trojan-activity;sid:83689585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.spc"; depth:7; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826478/; classtype:trojan-activity;sid:83689578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.m68k"; depth:8; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826479/; classtype:trojan-activity;sid:83689579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj.arc"; depth:7; endswith; nocase; http.host; content:"143.198.199.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826480/; classtype:trojan-activity;sid:83689580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826477/; classtype:trojan-activity;sid:83689577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.86.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826476/; classtype:trojan-activity;sid:83689576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.132.186.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826474/; classtype:trojan-activity;sid:83689574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826475/; classtype:trojan-activity;sid:83689575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.240.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826473/; classtype:trojan-activity;sid:83689573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.69.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826472/; classtype:trojan-activity;sid:83689572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.223.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826471/; classtype:trojan-activity;sid:83689571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.148.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826469/; classtype:trojan-activity;sid:83689569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.113.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826470/; classtype:trojan-activity;sid:83689570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.48.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826468/; classtype:trojan-activity;sid:83689568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.198.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826467/; classtype:trojan-activity;sid:83689567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.38.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826466/; classtype:trojan-activity;sid:83689566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826465/; classtype:trojan-activity;sid:83689565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.216.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826464/; classtype:trojan-activity;sid:83689564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.123.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826461/; classtype:trojan-activity;sid:83689561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.105.182.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826462/; classtype:trojan-activity;sid:83689562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.36.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826463/; classtype:trojan-activity;sid:83689563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.68.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826460/; classtype:trojan-activity;sid:83689560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826459/; classtype:trojan-activity;sid:83689559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.154.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826458/; classtype:trojan-activity;sid:83689558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.20.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826457/; classtype:trojan-activity;sid:83689557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826456/; classtype:trojan-activity;sid:83689556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826455/; classtype:trojan-activity;sid:83689555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.113.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826454/; classtype:trojan-activity;sid:83689554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.80.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826453/; classtype:trojan-activity;sid:83689553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.254.245.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826452/; classtype:trojan-activity;sid:83689552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.198.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826451/; classtype:trojan-activity;sid:83689551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.254.245.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826450/; classtype:trojan-activity;sid:83689550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/het.jpg"; depth:8; endswith; nocase; http.host; content:"154.12.231.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826447/; classtype:trojan-activity;sid:83689547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/het.jpg"; depth:8; endswith; nocase; http.host; content:"154.12.231.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826448/; classtype:trojan-activity;sid:83689548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.txt"; depth:6; endswith; nocase; http.host; content:"154.12.231.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826449/; classtype:trojan-activity;sid:83689549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.txt"; depth:6; endswith; nocase; http.host; content:"154.12.231.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826442/; classtype:trojan-activity;sid:83689542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hetlerr.txt"; depth:12; endswith; nocase; http.host; content:"154.12.231.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826443/; classtype:trojan-activity;sid:83689543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hetlerr.txt"; depth:12; endswith; nocase; http.host; content:"154.12.231.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826444/; classtype:trojan-activity;sid:83689544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/name.hta"; depth:9; endswith; nocase; http.host; content:"154.12.231.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826445/; classtype:trojan-activity;sid:83689545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/name.hta"; depth:9; endswith; nocase; http.host; content:"154.12.231.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826446/; classtype:trojan-activity;sid:83689546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.175.91.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826441/; classtype:trojan-activity;sid:83689541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.75.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826439/; classtype:trojan-activity;sid:83689539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.38.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826440/; classtype:trojan-activity;sid:83689540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/chroom.msi"; depth:16; endswith; nocase; http.host; content:"157.254.223.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826438/; classtype:trojan-activity;sid:83689538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826437/; classtype:trojan-activity;sid:83689537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/docs.txt"; depth:14; endswith; nocase; http.host; content:"157.254.223.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826435/; classtype:trojan-activity;sid:83689535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lop.jpg"; depth:8; endswith; nocase; http.host; content:"157.254.223.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826436/; classtype:trojan-activity;sid:83689536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/docs.txt"; depth:13; endswith; nocase; http.host; content:"157.254.223.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826433/; classtype:trojan-activity;sid:83689533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/job.txt"; depth:8; endswith; nocase; http.host; content:"157.254.223.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826434/; classtype:trojan-activity;sid:83689534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.jpg"; depth:8; endswith; nocase; http.host; content:"5ra.webredirect.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826431/; classtype:trojan-activity;sid:83689531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2137057835559046828510194350082365603546794285847027153416703231275563534556797725108888957726321226.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826432/; classtype:trojan-activity;sid:83689532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7647824289908231517207290670446594803137398043655066048531114401136813447444679107869361499907853696.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826420/; classtype:trojan-activity;sid:83689520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1889095363610255072177694555853761752011855856102991250183956001570579160750671115199604000378077387.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826421/; classtype:trojan-activity;sid:83689521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7622356415141926713395800056619299945065033534712221611316312910923323586697862666215358667620734369.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826422/; classtype:trojan-activity;sid:83689522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0677824852965995651445836789921555746621265195640228224927557426684192970728067645353963371554848463.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826423/; classtype:trojan-activity;sid:83689523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.txt"; depth:6; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826424/; classtype:trojan-activity;sid:83689524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2536572464339624233120338080274331861580016248613894085310336412126521386102604154068745315329150386.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826425/; classtype:trojan-activity;sid:83689525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6363744648099551360755403828276372270999494045805445694520933638222145906337281691187198972368436989.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826426/; classtype:trojan-activity;sid:83689526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8784586110397902985941355617867303511293264285571986137137984864580271489863480483432781044803314858.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826427/; classtype:trojan-activity;sid:83689527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6597266843402901200258582771524313639894816564947000550550729775158669450509040529281647994021543748.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826428/; classtype:trojan-activity;sid:83689528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8192913746031376662908892739615716782193036299561825246162506013388295040333066043498227897389904968.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826429/; classtype:trojan-activity;sid:83689529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.jpg"; depth:8; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826430/; classtype:trojan-activity;sid:83689530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3163397736143442902929233217218044299299830719731982706619641018638200789029082734523951326614679069.txt"; depth:105; endswith; nocase; http.host; content:"149.102.147.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826419/; classtype:trojan-activity;sid:83689519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//g.jpg"; depth:7; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826418/; classtype:trojan-activity;sid:83689518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//qv.jpg"; depth:8; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826417/; classtype:trojan-activity;sid:83689517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//b.jpg"; depth:7; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826416/; classtype:trojan-activity;sid:83689516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//ty.jpg"; depth:8; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826415/; classtype:trojan-activity;sid:83689515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//f%20old.jpg"; depth:13; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826411/; classtype:trojan-activity;sid:83689511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//r.jpg"; depth:7; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826412/; classtype:trojan-activity;sid:83689512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//f%20old2.jpg"; depth:14; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826413/; classtype:trojan-activity;sid:83689513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//z.jpg"; depth:7; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826414/; classtype:trojan-activity;sid:83689514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//xx.txt"; depth:8; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826409/; classtype:trojan-activity;sid:83689509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//f.jpg"; depth:7; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826410/; classtype:trojan-activity;sid:83689510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5fft.txt"; depth:9; endswith; nocase; http.host; content:"109.199.101.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826407/; classtype:trojan-activity;sid:83689507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.jpg"; depth:6; endswith; nocase; http.host; content:"109.199.101.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826408/; classtype:trojan-activity;sid:83689508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sd.jpg"; depth:7; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826406/; classtype:trojan-activity;sid:83689506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cscf.txt"; depth:9; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826404/; classtype:trojan-activity;sid:83689504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/333z.txt"; depth:9; endswith; nocase; http.host; content:"104.243.32.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826405/; classtype:trojan-activity;sid:83689505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.75.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826403/; classtype:trojan-activity;sid:83689503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.117.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826402/; classtype:trojan-activity;sid:83689502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.208.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826401/; classtype:trojan-activity;sid:83689501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826400/; classtype:trojan-activity;sid:83689500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.38.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826399/; classtype:trojan-activity;sid:83689499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.170.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826398/; classtype:trojan-activity;sid:83689498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.175.91.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826397/; classtype:trojan-activity;sid:83689497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/th0.txt"; depth:8; endswith; nocase; http.host; content:"80.94.95.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826396/; classtype:trojan-activity;sid:83689496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caf.jpg"; depth:8; endswith; nocase; http.host; content:"80.94.95.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826395/; classtype:trojan-activity;sid:83689495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.221.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826394/; classtype:trojan-activity;sid:83689494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.17.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826393/; classtype:trojan-activity;sid:83689493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.18.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826392/; classtype:trojan-activity;sid:83689492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.117.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826391/; classtype:trojan-activity;sid:83689491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.104.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826390/; classtype:trojan-activity;sid:83689490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.18.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826389/; classtype:trojan-activity;sid:83689489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.131.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826388/; classtype:trojan-activity;sid:83689488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826387/; classtype:trojan-activity;sid:83689487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.212.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826386/; classtype:trojan-activity;sid:83689486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.106.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826385/; classtype:trojan-activity;sid:83689485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.47.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826384/; classtype:trojan-activity;sid:83689484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.116.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826383/; classtype:trojan-activity;sid:83689483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826382/; classtype:trojan-activity;sid:83689482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm6"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826373/; classtype:trojan-activity;sid:83689473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sspc"; depth:6; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826374/; classtype:trojan-activity;sid:83689474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86"; depth:6; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826375/; classtype:trojan-activity;sid:83689475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86_64"; depth:9; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826376/; classtype:trojan-activity;sid:83689476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826377/; classtype:trojan-activity;sid:83689477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm5"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826378/; classtype:trojan-activity;sid:83689478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826379/; classtype:trojan-activity;sid:83689479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sm68k"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826380/; classtype:trojan-activity;sid:83689480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smips"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826381/; classtype:trojan-activity;sid:83689481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.56.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826372/; classtype:trojan-activity;sid:83689472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826369/; classtype:trojan-activity;sid:83689469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826370/; classtype:trojan-activity;sid:83689470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826371/; classtype:trojan-activity;sid:83689471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826367/; classtype:trojan-activity;sid:83689467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826368/; classtype:trojan-activity;sid:83689468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.90.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826366/; classtype:trojan-activity;sid:83689466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"hfpuc.anesthetics.biomedzglobal.com"; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826365/; classtype:trojan-activity;sid:83689465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.106.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826364/; classtype:trojan-activity;sid:83689464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.211.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826363/; classtype:trojan-activity;sid:83689463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.34.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826362/; classtype:trojan-activity;sid:83689462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826361/; classtype:trojan-activity;sid:83689461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826360/; classtype:trojan-activity;sid:83689460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.197.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826359/; classtype:trojan-activity;sid:83689459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.228.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826357/; classtype:trojan-activity;sid:83689457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redtail.arm8"; depth:13; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826358/; classtype:trojan-activity;sid:83689458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redtail.x86.64"; depth:15; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826356/; classtype:trojan-activity;sid:83689456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826355/; classtype:trojan-activity;sid:83689455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.180.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826354/; classtype:trojan-activity;sid:83689454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.18.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826353/; classtype:trojan-activity;sid:83689453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.243.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826352/; classtype:trojan-activity;sid:83689452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.49.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826351/; classtype:trojan-activity;sid:83689451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.90.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826350/; classtype:trojan-activity;sid:83689450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.68.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826349/; classtype:trojan-activity;sid:83689449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.228.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826348/; classtype:trojan-activity;sid:83689448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.80.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826347/; classtype:trojan-activity;sid:83689447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.26.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826346/; classtype:trojan-activity;sid:83689446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.214.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826345/; classtype:trojan-activity;sid:83689445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826344/; classtype:trojan-activity;sid:83689444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.94.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826343/; classtype:trojan-activity;sid:83689443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redtail.arm7"; depth:13; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826341/; classtype:trojan-activity;sid:83689441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redtail.i686"; depth:13; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826342/; classtype:trojan-activity;sid:83689442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.179.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826340/; classtype:trojan-activity;sid:83689440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.164.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826339/; classtype:trojan-activity;sid:83689439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.197.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826338/; classtype:trojan-activity;sid:83689438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.48.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826337/; classtype:trojan-activity;sid:83689437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.135.166.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826336/; classtype:trojan-activity;sid:83689436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.211.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826335/; classtype:trojan-activity;sid:83689435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.17.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826334/; classtype:trojan-activity;sid:83689434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.94.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826333/; classtype:trojan-activity;sid:83689433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.93.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826332/; classtype:trojan-activity;sid:83689432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.72.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826331/; classtype:trojan-activity;sid:83689431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.204.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826330/; classtype:trojan-activity;sid:83689430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.181.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826329/; classtype:trojan-activity;sid:83689429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.126.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826328/; classtype:trojan-activity;sid:83689428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.48.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826327/; classtype:trojan-activity;sid:83689427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/lqjfq7l6"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826326/; classtype:trojan-activity;sid:83689426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.179.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826325/; classtype:trojan-activity;sid:83689425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.16.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826324/; classtype:trojan-activity;sid:83689424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.217.91.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826323/; classtype:trojan-activity;sid:83689423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.26.113.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826322/; classtype:trojan-activity;sid:83689422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.73.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826321/; classtype:trojan-activity;sid:83689421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.250.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826320/; classtype:trojan-activity;sid:83689420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826319/; classtype:trojan-activity;sid:83689419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.255.200.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826318/; classtype:trojan-activity;sid:83689418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.154.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826317/; classtype:trojan-activity;sid:83689417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.16.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826316/; classtype:trojan-activity;sid:83689416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.46.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826315/; classtype:trojan-activity;sid:83689415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826313/; classtype:trojan-activity;sid:83689413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.73.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826314/; classtype:trojan-activity;sid:83689414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826312/; classtype:trojan-activity;sid:83689412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.108.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826311/; classtype:trojan-activity;sid:83689411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.242.106.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826310/; classtype:trojan-activity;sid:83689410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.231"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826309/; classtype:trojan-activity;sid:83689409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.154.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826308/; classtype:trojan-activity;sid:83689408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.65.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826307/; classtype:trojan-activity;sid:83689407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.255.200.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826306/; classtype:trojan-activity;sid:83689406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.139.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826305/; classtype:trojan-activity;sid:83689405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826304/; classtype:trojan-activity;sid:83689404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.197.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826303/; classtype:trojan-activity;sid:83689403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.20.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826302/; classtype:trojan-activity;sid:83689402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.108.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826301/; classtype:trojan-activity;sid:83689401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.100.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826300/; classtype:trojan-activity;sid:83689400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826299/; classtype:trojan-activity;sid:83689399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.47.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826297/; classtype:trojan-activity;sid:83689397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.205.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826298/; classtype:trojan-activity;sid:83689398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.11.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826296/; classtype:trojan-activity;sid:83689396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.212.229.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826294/; classtype:trojan-activity;sid:83689394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.231"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826295/; classtype:trojan-activity;sid:83689395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826293/; classtype:trojan-activity;sid:83689393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.151.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826292/; classtype:trojan-activity;sid:83689392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.255.74.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826291/; classtype:trojan-activity;sid:83689391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826290/; classtype:trojan-activity;sid:83689390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.148.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826289/; classtype:trojan-activity;sid:83689389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826288/; classtype:trojan-activity;sid:83689388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.12.145"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826287/; classtype:trojan-activity;sid:83689387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.39.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826286/; classtype:trojan-activity;sid:83689386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.20.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826285/; classtype:trojan-activity;sid:83689385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.174.238.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826284/; classtype:trojan-activity;sid:83689384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.22.243.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826282/; classtype:trojan-activity;sid:83689382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiktok.exe"; depth:11; endswith; nocase; http.host; content:"185.172.128.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826283/; classtype:trojan-activity;sid:83689383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.71.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826280/; classtype:trojan-activity;sid:83689380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.53.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826281/; classtype:trojan-activity;sid:83689381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.39.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826279/; classtype:trojan-activity;sid:83689379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.71.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826278/; classtype:trojan-activity;sid:83689378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.183.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826277/; classtype:trojan-activity;sid:83689377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.255.74.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826276/; classtype:trojan-activity;sid:83689376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826275/; classtype:trojan-activity;sid:83689375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826274/; classtype:trojan-activity;sid:83689374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.243.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826273/; classtype:trojan-activity;sid:83689373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.174.238.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826272/; classtype:trojan-activity;sid:83689372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826271/; classtype:trojan-activity;sid:83689371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.252.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826270/; classtype:trojan-activity;sid:83689370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.71.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826269/; classtype:trojan-activity;sid:83689369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826268/; classtype:trojan-activity;sid:83689368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826267/; classtype:trojan-activity;sid:83689367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.71.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826266/; classtype:trojan-activity;sid:83689366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.124.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826265/; classtype:trojan-activity;sid:83689365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.149.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826264/; classtype:trojan-activity;sid:83689364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826263/; classtype:trojan-activity;sid:83689363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.199.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826262/; classtype:trojan-activity;sid:83689362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.33.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826261/; classtype:trojan-activity;sid:83689361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.177.105.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826260/; classtype:trojan-activity;sid:83689360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.121.147.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826259/; classtype:trojan-activity;sid:83689359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.198.200.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826258/; classtype:trojan-activity;sid:83689358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"gehhc.anesthetics.biomedzglobal.com"; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826256/; classtype:trojan-activity;sid:83689356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"teypf.anesthetics.biomedzglobal.com"; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826257/; classtype:trojan-activity;sid:83689357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.193.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826255/; classtype:trojan-activity;sid:83689355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.88.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826254/; classtype:trojan-activity;sid:83689354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/version_2.exe"; depth:14; endswith; nocase; http.host; content:"103.113.70.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826253/; classtype:trojan-activity;sid:83689353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.77.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826252/; classtype:trojan-activity;sid:83689352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.201.90.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826251/; classtype:trojan-activity;sid:83689351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826250/; classtype:trojan-activity;sid:83689350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.177.105.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826249/; classtype:trojan-activity;sid:83689349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826248/; classtype:trojan-activity;sid:83689348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.99.107.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826247/; classtype:trojan-activity;sid:83689347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826246/; classtype:trojan-activity;sid:83689346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826245/; classtype:trojan-activity;sid:83689345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.124.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826244/; classtype:trojan-activity;sid:83689344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.199.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826243/; classtype:trojan-activity;sid:83689343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826242/; classtype:trojan-activity;sid:83689342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.61.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826241/; classtype:trojan-activity;sid:83689341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826240/; classtype:trojan-activity;sid:83689340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.247.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826239/; classtype:trojan-activity;sid:83689339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.88.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826238/; classtype:trojan-activity;sid:83689338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.96.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826237/; classtype:trojan-activity;sid:83689337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826236/; classtype:trojan-activity;sid:83689336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.36.20.43"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826235/; classtype:trojan-activity;sid:83689335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.169.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826234/; classtype:trojan-activity;sid:83689334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.135.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826233/; classtype:trojan-activity;sid:83689333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.42.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826232/; classtype:trojan-activity;sid:83689332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.155.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826231/; classtype:trojan-activity;sid:83689331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.101.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826230/; classtype:trojan-activity;sid:83689330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.146.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826229/; classtype:trojan-activity;sid:83689329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826228/; classtype:trojan-activity;sid:83689328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.49.167.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826227/; classtype:trojan-activity;sid:83689327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.156.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826226/; classtype:trojan-activity;sid:83689326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826225/; classtype:trojan-activity;sid:83689325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.96.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826223/; classtype:trojan-activity;sid:83689323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.1.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826224/; classtype:trojan-activity;sid:83689324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.188.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826222/; classtype:trojan-activity;sid:83689322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.181.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826221/; classtype:trojan-activity;sid:83689321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.135.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826220/; classtype:trojan-activity;sid:83689320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826219/; classtype:trojan-activity;sid:83689319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.146.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826218/; classtype:trojan-activity;sid:83689318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.178"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826217/; classtype:trojan-activity;sid:83689317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.112.166.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826216/; classtype:trojan-activity;sid:83689316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.0.160.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826215/; classtype:trojan-activity;sid:83689315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826214/; classtype:trojan-activity;sid:83689314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826213/; classtype:trojan-activity;sid:83689313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.21.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826211/; classtype:trojan-activity;sid:83689311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.182.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826212/; classtype:trojan-activity;sid:83689312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.169.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826210/; classtype:trojan-activity;sid:83689310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.190.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826209/; classtype:trojan-activity;sid:83689309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.42.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826208/; classtype:trojan-activity;sid:83689308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.195.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826207/; classtype:trojan-activity;sid:83689307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.51.179.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826206/; classtype:trojan-activity;sid:83689306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826205/; classtype:trojan-activity;sid:83689305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.68.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826204/; classtype:trojan-activity;sid:83689304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.169.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826203/; classtype:trojan-activity;sid:83689303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.206.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826201/; classtype:trojan-activity;sid:83689301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.91.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826202/; classtype:trojan-activity;sid:83689302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826200/; classtype:trojan-activity;sid:83689300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.196.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826199/; classtype:trojan-activity;sid:83689299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.188.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826198/; classtype:trojan-activity;sid:83689298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.14.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826196/; classtype:trojan-activity;sid:83689296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.148.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826197/; classtype:trojan-activity;sid:83689297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.21.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826195/; classtype:trojan-activity;sid:83689295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.196.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826193/; classtype:trojan-activity;sid:83689293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.103.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826194/; classtype:trojan-activity;sid:83689294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826192/; classtype:trojan-activity;sid:83689292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.142.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826191/; classtype:trojan-activity;sid:83689291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.61.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826190/; classtype:trojan-activity;sid:83689290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826189/; classtype:trojan-activity;sid:83689289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.163.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826188/; classtype:trojan-activity;sid:83689288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.109.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826187/; classtype:trojan-activity;sid:83689287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826186/; classtype:trojan-activity;sid:83689286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.206.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826185/; classtype:trojan-activity;sid:83689285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.51.179.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826184/; classtype:trojan-activity;sid:83689284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.68.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826183/; classtype:trojan-activity;sid:83689283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.163.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826182/; classtype:trojan-activity;sid:83689282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.209.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826181/; classtype:trojan-activity;sid:83689281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.119.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826180/; classtype:trojan-activity;sid:83689280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.15.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826178/; classtype:trojan-activity;sid:83689278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.41.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826179/; classtype:trojan-activity;sid:83689279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826177/; classtype:trojan-activity;sid:83689277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.148.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826176/; classtype:trojan-activity;sid:83689276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.152.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826175/; classtype:trojan-activity;sid:83689275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826174/; classtype:trojan-activity;sid:83689274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.52.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826173/; classtype:trojan-activity;sid:83689273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"76.81.220.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826172/; classtype:trojan-activity;sid:83689272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826171/; classtype:trojan-activity;sid:83689271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.124.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826170/; classtype:trojan-activity;sid:83689270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.14.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826169/; classtype:trojan-activity;sid:83689269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.80.198.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826168/; classtype:trojan-activity;sid:83689268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.109.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826167/; classtype:trojan-activity;sid:83689267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.80.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826166/; classtype:trojan-activity;sid:83689266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ppoil.anesthetics.biomedzglobal.com"; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826164/; classtype:trojan-activity;sid:83689264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"lbndf.anesthetics.biomedzglobal.com"; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826165/; classtype:trojan-activity;sid:83689265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.149.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826163/; classtype:trojan-activity;sid:83689263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.13.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826162/; classtype:trojan-activity;sid:83689262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826161/; classtype:trojan-activity;sid:83689261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.113.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826160/; classtype:trojan-activity;sid:83689260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826159/; classtype:trojan-activity;sid:83689259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.97.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826158/; classtype:trojan-activity;sid:83689258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826157/; classtype:trojan-activity;sid:83689257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.152.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826156/; classtype:trojan-activity;sid:83689256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.170.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826155/; classtype:trojan-activity;sid:83689255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.217.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826154/; classtype:trojan-activity;sid:83689254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.177.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826153/; classtype:trojan-activity;sid:83689253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.80.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826152/; classtype:trojan-activity;sid:83689252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826151/; classtype:trojan-activity;sid:83689251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826150/; classtype:trojan-activity;sid:83689250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.242.106.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826149/; classtype:trojan-activity;sid:83689249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.58.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826148/; classtype:trojan-activity;sid:83689248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826147/; classtype:trojan-activity;sid:83689247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.97.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826146/; classtype:trojan-activity;sid:83689246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.247.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826145/; classtype:trojan-activity;sid:83689245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.85.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826144/; classtype:trojan-activity;sid:83689244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.124.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826143/; classtype:trojan-activity;sid:83689243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.39.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826142/; classtype:trojan-activity;sid:83689242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.70.95.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826141/; classtype:trojan-activity;sid:83689241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.249.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826140/; classtype:trojan-activity;sid:83689240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826139/; classtype:trojan-activity;sid:83689239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.177.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826138/; classtype:trojan-activity;sid:83689238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.131.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826137/; classtype:trojan-activity;sid:83689237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.113.26.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826136/; classtype:trojan-activity;sid:83689236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"207.188.94.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826134/; classtype:trojan-activity;sid:83689234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.110.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826135/; classtype:trojan-activity;sid:83689235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.183.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826133/; classtype:trojan-activity;sid:83689233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.110.146.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826132/; classtype:trojan-activity;sid:83689232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.248.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826131/; classtype:trojan-activity;sid:83689231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.104.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826130/; classtype:trojan-activity;sid:83689230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.178.116.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826129/; classtype:trojan-activity;sid:83689229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.174.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826128/; classtype:trojan-activity;sid:83689228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826127/; classtype:trojan-activity;sid:83689227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.169.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826126/; classtype:trojan-activity;sid:83689226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826125/; classtype:trojan-activity;sid:83689225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.45.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826124/; classtype:trojan-activity;sid:83689224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.63.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826123/; classtype:trojan-activity;sid:83689223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.89.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826122/; classtype:trojan-activity;sid:83689222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.58.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826121/; classtype:trojan-activity;sid:83689221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.247.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826120/; classtype:trojan-activity;sid:83689220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826119/; classtype:trojan-activity;sid:83689219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.54.98.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826118/; classtype:trojan-activity;sid:83689218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.70.95.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826117/; classtype:trojan-activity;sid:83689217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.223.84.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826116/; classtype:trojan-activity;sid:83689216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826115/; classtype:trojan-activity;sid:83689215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826114/; classtype:trojan-activity;sid:83689214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.162.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826113/; classtype:trojan-activity;sid:83689213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.37.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826112/; classtype:trojan-activity;sid:83689212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.248.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826111/; classtype:trojan-activity;sid:83689211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826110/; classtype:trojan-activity;sid:83689210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.183.148.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826109/; classtype:trojan-activity;sid:83689209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.26.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826108/; classtype:trojan-activity;sid:83689208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.181.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826107/; classtype:trojan-activity;sid:83689207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.63.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826106/; classtype:trojan-activity;sid:83689206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.89.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826105/; classtype:trojan-activity;sid:83689205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826104/; classtype:trojan-activity;sid:83689204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.119.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826103/; classtype:trojan-activity;sid:83689203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.33.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826102/; classtype:trojan-activity;sid:83689202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.164.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826101/; classtype:trojan-activity;sid:83689201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.246.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826100/; classtype:trojan-activity;sid:83689200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.90.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826099/; classtype:trojan-activity;sid:83689199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.181.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826098/; classtype:trojan-activity;sid:83689198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.37.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826097/; classtype:trojan-activity;sid:83689197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.248.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826096/; classtype:trojan-activity;sid:83689196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.156.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826095/; classtype:trojan-activity;sid:83689195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.211.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826094/; classtype:trojan-activity;sid:83689194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826093/; classtype:trojan-activity;sid:83689193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.141.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826092/; classtype:trojan-activity;sid:83689192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"72.105.252.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826091/; classtype:trojan-activity;sid:83689191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.226.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826090/; classtype:trojan-activity;sid:83689190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.27.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826089/; classtype:trojan-activity;sid:83689189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826088/; classtype:trojan-activity;sid:83689188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.113.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826087/; classtype:trojan-activity;sid:83689187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.111.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826086/; classtype:trojan-activity;sid:83689186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.119.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826085/; classtype:trojan-activity;sid:83689185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.16.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826084/; classtype:trojan-activity;sid:83689184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.174.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826083/; classtype:trojan-activity;sid:83689183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826082/; classtype:trojan-activity;sid:83689182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"177.44.42.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826081/; classtype:trojan-activity;sid:83689181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.122.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826080/; classtype:trojan-activity;sid:83689180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.87.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826078/; classtype:trojan-activity;sid:83689178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.156.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826079/; classtype:trojan-activity;sid:83689179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.29.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826077/; classtype:trojan-activity;sid:83689177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.211.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826076/; classtype:trojan-activity;sid:83689176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.230.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826075/; classtype:trojan-activity;sid:83689175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.141.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826074/; classtype:trojan-activity;sid:83689174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.34.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826073/; classtype:trojan-activity;sid:83689173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.226.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826072/; classtype:trojan-activity;sid:83689172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.13.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826071/; classtype:trojan-activity;sid:83689171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.246.110.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826070/; classtype:trojan-activity;sid:83689170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.91.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826069/; classtype:trojan-activity;sid:83689169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826068/; classtype:trojan-activity;sid:83689168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.5.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826067/; classtype:trojan-activity;sid:83689167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.16.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826065/; classtype:trojan-activity;sid:83689165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.217.91.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826066/; classtype:trojan-activity;sid:83689166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.111.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826064/; classtype:trojan-activity;sid:83689164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.116.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826063/; classtype:trojan-activity;sid:83689163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826062/; classtype:trojan-activity;sid:83689162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826061/; classtype:trojan-activity;sid:83689161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.29.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826060/; classtype:trojan-activity;sid:83689160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.122.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826059/; classtype:trojan-activity;sid:83689159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.168.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826058/; classtype:trojan-activity;sid:83689158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.3.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826057/; classtype:trojan-activity;sid:83689157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.46.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826056/; classtype:trojan-activity;sid:83689156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.30.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826055/; classtype:trojan-activity;sid:83689155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.110.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826054/; classtype:trojan-activity;sid:83689154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826053/; classtype:trojan-activity;sid:83689153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.91.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826052/; classtype:trojan-activity;sid:83689152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.135.178.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826051/; classtype:trojan-activity;sid:83689151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.5.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826050/; classtype:trojan-activity;sid:83689150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.53.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826049/; classtype:trojan-activity;sid:83689149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.178.116.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826048/; classtype:trojan-activity;sid:83689148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826047/; classtype:trojan-activity;sid:83689147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.167.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826046/; classtype:trojan-activity;sid:83689146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826045/; classtype:trojan-activity;sid:83689145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.107.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826044/; classtype:trojan-activity;sid:83689144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.3.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826043/; classtype:trojan-activity;sid:83689143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.117.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826042/; classtype:trojan-activity;sid:83689142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.217.51.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826041/; classtype:trojan-activity;sid:83689141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826040/; classtype:trojan-activity;sid:83689140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.57.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826039/; classtype:trojan-activity;sid:83689139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.30.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826038/; classtype:trojan-activity;sid:83689138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.46.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826037/; classtype:trojan-activity;sid:83689137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826036/; classtype:trojan-activity;sid:83689136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.90.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826034/; classtype:trojan-activity;sid:83689134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.250.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826035/; classtype:trojan-activity;sid:83689135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.221.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826032/; classtype:trojan-activity;sid:83689132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.119.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826033/; classtype:trojan-activity;sid:83689133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.57.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826031/; classtype:trojan-activity;sid:83689131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.107.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826030/; classtype:trojan-activity;sid:83689130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.172.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826029/; classtype:trojan-activity;sid:83689129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.42.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826028/; classtype:trojan-activity;sid:83689128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.200.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826027/; classtype:trojan-activity;sid:83689127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"153.34.81.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826026/; classtype:trojan-activity;sid:83689126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.253.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826025/; classtype:trojan-activity;sid:83689125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.97.163.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826024/; classtype:trojan-activity;sid:83689124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.242.230.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826023/; classtype:trojan-activity;sid:83689123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.142.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826022/; classtype:trojan-activity;sid:83689122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.215.189.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826021/; classtype:trojan-activity;sid:83689121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.225.42.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826020/; classtype:trojan-activity;sid:83689120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.140.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826019/; classtype:trojan-activity;sid:83689119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826018/; classtype:trojan-activity;sid:83689118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.28.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826017/; classtype:trojan-activity;sid:83689117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.156.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826016/; classtype:trojan-activity;sid:83689116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.2.161.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826015/; classtype:trojan-activity;sid:83689115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.172.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826014/; classtype:trojan-activity;sid:83689114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826012/; classtype:trojan-activity;sid:83689112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826013/; classtype:trojan-activity;sid:83689113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.149.142.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826011/; classtype:trojan-activity;sid:83689111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.107.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826010/; classtype:trojan-activity;sid:83689110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826009/; classtype:trojan-activity;sid:83689109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.71.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826007/; classtype:trojan-activity;sid:83689107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.114.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826008/; classtype:trojan-activity;sid:83689108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.26.232.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826006/; classtype:trojan-activity;sid:83689106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.140.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826005/; classtype:trojan-activity;sid:83689105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.142.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826004/; classtype:trojan-activity;sid:83689104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826003/; classtype:trojan-activity;sid:83689103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.215.189.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826002/; classtype:trojan-activity;sid:83689102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.166.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826001/; classtype:trojan-activity;sid:83689101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826000/; classtype:trojan-activity;sid:83689100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825999/; classtype:trojan-activity;sid:83689099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825998/; classtype:trojan-activity;sid:83689098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.140.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825997/; classtype:trojan-activity;sid:83689097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825996/; classtype:trojan-activity;sid:83689096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825995/; classtype:trojan-activity;sid:83689095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825994/; classtype:trojan-activity;sid:83689094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.146.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825993/; classtype:trojan-activity;sid:83689093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.107.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825992/; classtype:trojan-activity;sid:83689092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.87.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825991/; classtype:trojan-activity;sid:83689091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.91.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825990/; classtype:trojan-activity;sid:83689090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825989/; classtype:trojan-activity;sid:83689089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.15.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825988/; classtype:trojan-activity;sid:83689088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.159.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825987/; classtype:trojan-activity;sid:83689087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.52.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825986/; classtype:trojan-activity;sid:83689086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.50.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825984/; classtype:trojan-activity;sid:83689084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.114.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825985/; classtype:trojan-activity;sid:83689085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.149.139.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825983/; classtype:trojan-activity;sid:83689083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825982/; classtype:trojan-activity;sid:83689082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.213.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825981/; classtype:trojan-activity;sid:83689081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.215.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825980/; classtype:trojan-activity;sid:83689080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825979/; classtype:trojan-activity;sid:83689079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825978/; classtype:trojan-activity;sid:83689078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825977/; classtype:trojan-activity;sid:83689077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1/build3.exe"; depth:19; endswith; nocase; http.host; content:"cajgtus.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825976/; classtype:trojan-activity;sid:83689076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=b24528e77689f9ac%21162|7c|26|7c|authkey=!apfh4vxvdjek1qc"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825975/; classtype:trojan-activity;sid:83689075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester.sh"; depth:10; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825974/; classtype:trojan-activity;sid:83689074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/images/smilies/wp.js"; depth:33; endswith; nocase; http.host; content:"postutopia.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825973/; classtype:trojan-activity;sid:83689073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.166.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825972/; classtype:trojan-activity;sid:83689072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.213.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825971/; classtype:trojan-activity;sid:83689071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.71.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825970/; classtype:trojan-activity;sid:83689070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825969/; classtype:trojan-activity;sid:83689069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.249.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825968/; classtype:trojan-activity;sid:83689068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.36.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825967/; classtype:trojan-activity;sid:83689067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.122.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825966/; classtype:trojan-activity;sid:83689066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.174.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825965/; classtype:trojan-activity;sid:83689065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825964/; classtype:trojan-activity;sid:83689064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.112.46.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825963/; classtype:trojan-activity;sid:83689063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.106.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825962/; classtype:trojan-activity;sid:83689062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825960/; classtype:trojan-activity;sid:83689060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.219.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825961/; classtype:trojan-activity;sid:83689061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.10.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825958/; classtype:trojan-activity;sid:83689058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.110.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825959/; classtype:trojan-activity;sid:83689059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.19.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825957/; classtype:trojan-activity;sid:83689057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.59.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825955/; classtype:trojan-activity;sid:83689055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.38.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825956/; classtype:trojan-activity;sid:83689056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.78.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825953/; classtype:trojan-activity;sid:83689053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.159.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825954/; classtype:trojan-activity;sid:83689054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.225.42.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825952/; classtype:trojan-activity;sid:83689052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.89.201.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825951/; classtype:trojan-activity;sid:83689051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.239.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825950/; classtype:trojan-activity;sid:83689050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825949/; classtype:trojan-activity;sid:83689049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.125.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825948/; classtype:trojan-activity;sid:83689048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.50.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825947/; classtype:trojan-activity;sid:83689047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.159.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825946/; classtype:trojan-activity;sid:83689046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.188.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825944/; classtype:trojan-activity;sid:83689044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.135.178.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825945/; classtype:trojan-activity;sid:83689045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.32.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825943/; classtype:trojan-activity;sid:83689043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825941/; classtype:trojan-activity;sid:83689041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.180.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825942/; classtype:trojan-activity;sid:83689042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.247.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825940/; classtype:trojan-activity;sid:83689040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.50.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825939/; classtype:trojan-activity;sid:83689039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.91.237.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825938/; classtype:trojan-activity;sid:83689038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.214.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825937/; classtype:trojan-activity;sid:83689037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825936/; classtype:trojan-activity;sid:83689036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.181.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825935/; classtype:trojan-activity;sid:83689035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825934/; classtype:trojan-activity;sid:83689034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.159.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825933/; classtype:trojan-activity;sid:83689033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.205.219.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825932/; classtype:trojan-activity;sid:83689032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.213.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825931/; classtype:trojan-activity;sid:83689031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xspj7kxzgyho"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825930/; classtype:trojan-activity;sid:83689030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825929/; classtype:trojan-activity;sid:83689029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.247.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825928/; classtype:trojan-activity;sid:83689028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.41.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825925/; classtype:trojan-activity;sid:83689025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.38.221.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825926/; classtype:trojan-activity;sid:83689026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.119.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825927/; classtype:trojan-activity;sid:83689027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.89.201.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825924/; classtype:trojan-activity;sid:83689024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825923/; classtype:trojan-activity;sid:83689023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.125.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825922/; classtype:trojan-activity;sid:83689022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.188.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825921/; classtype:trojan-activity;sid:83689021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.188.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825920/; classtype:trojan-activity;sid:83689020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825919/; classtype:trojan-activity;sid:83689019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825918/; classtype:trojan-activity;sid:83689018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.85.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825917/; classtype:trojan-activity;sid:83689017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825916/; classtype:trojan-activity;sid:83689016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825915/; classtype:trojan-activity;sid:83689015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825914/; classtype:trojan-activity;sid:83689014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825913/; classtype:trojan-activity;sid:83689013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.52.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825912/; classtype:trojan-activity;sid:83689012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.112.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825911/; classtype:trojan-activity;sid:83689011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.18.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825910/; classtype:trojan-activity;sid:83689010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.218.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825909/; classtype:trojan-activity;sid:83689009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.24.25.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825908/; classtype:trojan-activity;sid:83689008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825907/; classtype:trojan-activity;sid:83689007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.124.4.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825906/; classtype:trojan-activity;sid:83689006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.179.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825905/; classtype:trojan-activity;sid:83689005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.85.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825904/; classtype:trojan-activity;sid:83689004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.122.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825903/; classtype:trojan-activity;sid:83689003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.109.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825902/; classtype:trojan-activity;sid:83689002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825901/; classtype:trojan-activity;sid:83689001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.228.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825900/; classtype:trojan-activity;sid:83689000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.231.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825899/; classtype:trojan-activity;sid:83688999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825898/; classtype:trojan-activity;sid:83688998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.4.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825896/; classtype:trojan-activity;sid:83688996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.168.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825897/; classtype:trojan-activity;sid:83688997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825895/; classtype:trojan-activity;sid:83688995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.4.162.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825894/; classtype:trojan-activity;sid:83688994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.59.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825893/; classtype:trojan-activity;sid:83688993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.218.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825892/; classtype:trojan-activity;sid:83688992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.217.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825891/; classtype:trojan-activity;sid:83688991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.193.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825890/; classtype:trojan-activity;sid:83688990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.178.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825889/; classtype:trojan-activity;sid:83688989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.122.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825888/; classtype:trojan-activity;sid:83688988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.116.248.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825887/; classtype:trojan-activity;sid:83688987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.179.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825886/; classtype:trojan-activity;sid:83688986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.38.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825885/; classtype:trojan-activity;sid:83688985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.228.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825884/; classtype:trojan-activity;sid:83688984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.23.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825883/; classtype:trojan-activity;sid:83688983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.168.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825882/; classtype:trojan-activity;sid:83688982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.4.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825881/; classtype:trojan-activity;sid:83688981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.231.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825880/; classtype:trojan-activity;sid:83688980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825879/; classtype:trojan-activity;sid:83688979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825878/; classtype:trojan-activity;sid:83688978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.75.125.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825877/; classtype:trojan-activity;sid:83688977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.96.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825876/; classtype:trojan-activity;sid:83688976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.193.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825875/; classtype:trojan-activity;sid:83688975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"quw.result.garrettcountygranfondo.org"; depth:37; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825874/; classtype:trojan-activity;sid:83688974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.178.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825873/; classtype:trojan-activity;sid:83688973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.79.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825872/; classtype:trojan-activity;sid:83688972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.236.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825871/; classtype:trojan-activity;sid:83688971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.26.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825870/; classtype:trojan-activity;sid:83688970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.188.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825869/; classtype:trojan-activity;sid:83688969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.189.99.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825868/; classtype:trojan-activity;sid:83688968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.23.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825867/; classtype:trojan-activity;sid:83688967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.38.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825865/; classtype:trojan-activity;sid:83688965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.159.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825866/; classtype:trojan-activity;sid:83688966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.32.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825864/; classtype:trojan-activity;sid:83688964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.188.211.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825863/; classtype:trojan-activity;sid:83688963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.96.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825862/; classtype:trojan-activity;sid:83688962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825861/; classtype:trojan-activity;sid:83688961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.15.16.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825860/; classtype:trojan-activity;sid:83688960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.202.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825859/; classtype:trojan-activity;sid:83688959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825858/; classtype:trojan-activity;sid:83688958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.174.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825857/; classtype:trojan-activity;sid:83688957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.62.16.25"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825855/; classtype:trojan-activity;sid:83688955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.10.91.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825856/; classtype:trojan-activity;sid:83688956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.58.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825854/; classtype:trojan-activity;sid:83688954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.79.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825853/; classtype:trojan-activity;sid:83688953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.59.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825852/; classtype:trojan-activity;sid:83688952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.189.99.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825851/; classtype:trojan-activity;sid:83688951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.215.189.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825850/; classtype:trojan-activity;sid:83688950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825849/; classtype:trojan-activity;sid:83688949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825847/; classtype:trojan-activity;sid:83688947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.3.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825848/; classtype:trojan-activity;sid:83688948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.202.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825846/; classtype:trojan-activity;sid:83688946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.22.238.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825845/; classtype:trojan-activity;sid:83688945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.83.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825844/; classtype:trojan-activity;sid:83688944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.78.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825843/; classtype:trojan-activity;sid:83688943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.208.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825842/; classtype:trojan-activity;sid:83688942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.254.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825841/; classtype:trojan-activity;sid:83688941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.16.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825840/; classtype:trojan-activity;sid:83688940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.165.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825839/; classtype:trojan-activity;sid:83688939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.116.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825838/; classtype:trojan-activity;sid:83688938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.211.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825837/; classtype:trojan-activity;sid:83688937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.11.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825836/; classtype:trojan-activity;sid:83688936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.163.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825835/; classtype:trojan-activity;sid:83688935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.41.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825833/; classtype:trojan-activity;sid:83688933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.188.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825834/; classtype:trojan-activity;sid:83688934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharkmenu/sharkmenureban.exe"; depth:29; endswith; nocase; http.host; content:"45.141.215.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825832/; classtype:trojan-activity;sid:83688932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.53"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825831/; classtype:trojan-activity;sid:83688931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825830/; classtype:trojan-activity;sid:83688930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825829/; classtype:trojan-activity;sid:83688929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.164.118.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825828/; classtype:trojan-activity;sid:83688928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.197.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825827/; classtype:trojan-activity;sid:83688927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.83.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825826/; classtype:trojan-activity;sid:83688926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.78.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825825/; classtype:trojan-activity;sid:83688925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.201.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825824/; classtype:trojan-activity;sid:83688924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825823/; classtype:trojan-activity;sid:83688923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.6.50"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825822/; classtype:trojan-activity;sid:83688922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.165.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825821/; classtype:trojan-activity;sid:83688921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825820/; classtype:trojan-activity;sid:83688920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.214.152.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825818/; classtype:trojan-activity;sid:83688918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825819/; classtype:trojan-activity;sid:83688919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.101.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825817/; classtype:trojan-activity;sid:83688917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.199.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825816/; classtype:trojan-activity;sid:83688916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.61.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825815/; classtype:trojan-activity;sid:83688915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.92.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825814/; classtype:trojan-activity;sid:83688914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.68.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825813/; classtype:trojan-activity;sid:83688913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825812/; classtype:trojan-activity;sid:83688912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.163.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825811/; classtype:trojan-activity;sid:83688911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.81.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825810/; classtype:trojan-activity;sid:83688910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.41.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825809/; classtype:trojan-activity;sid:83688909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.230.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825808/; classtype:trojan-activity;sid:83688908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.11.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825807/; classtype:trojan-activity;sid:83688907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.29.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825806/; classtype:trojan-activity;sid:83688906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.209.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825805/; classtype:trojan-activity;sid:83688905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.112.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825804/; classtype:trojan-activity;sid:83688904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.201.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825803/; classtype:trojan-activity;sid:83688903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.133.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825802/; classtype:trojan-activity;sid:83688902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.15.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825801/; classtype:trojan-activity;sid:83688901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.118.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825800/; classtype:trojan-activity;sid:83688900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caffe.jpg"; depth:10; endswith; nocase; http.host; content:"51.195.94.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825799/; classtype:trojan-activity;sid:83688899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825798/; classtype:trojan-activity;sid:83688898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.jpg"; depth:6; endswith; nocase; http.host; content:"45.94.31.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825797/; classtype:trojan-activity;sid:83688897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h5s1.txt"; depth:9; endswith; nocase; http.host; content:"45.94.31.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825796/; classtype:trojan-activity;sid:83688896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.101.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825795/; classtype:trojan-activity;sid:83688895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/buhm"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825794/; classtype:trojan-activity;sid:83688894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.68.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825792/; classtype:trojan-activity;sid:83688892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.92.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825793/; classtype:trojan-activity;sid:83688893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.13.44.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825791/; classtype:trojan-activity;sid:83688891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825790/; classtype:trojan-activity;sid:83688890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.196.142.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825789/; classtype:trojan-activity;sid:83688889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.230.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825788/; classtype:trojan-activity;sid:83688888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.101.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825786/; classtype:trojan-activity;sid:83688886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.83.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825787/; classtype:trojan-activity;sid:83688887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.112.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825784/; classtype:trojan-activity;sid:83688884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.16.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825783/; classtype:trojan-activity;sid:83688883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aboriginal/downloads/old/binaries/1.2.6/cross-compiler-armv7l.tar.bz2"; depth:70; endswith; nocase; http.host; content:"landley.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825782/; classtype:trojan-activity;sid:83688882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2"; depth:59; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825772/; classtype:trojan-activity;sid:83688872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2"; depth:57; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825773/; classtype:trojan-activity;sid:83688873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2"; depth:58; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825774/; classtype:trojan-activity;sid:83688874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2"; depth:56; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825775/; classtype:trojan-activity;sid:83688875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2"; depth:58; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825776/; classtype:trojan-activity;sid:83688876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-x86_64.tar.bz2"; depth:58; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825777/; classtype:trojan-activity;sid:83688877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2"; depth:58; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825778/; classtype:trojan-activity;sid:83688878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2"; depth:56; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825779/; classtype:trojan-activity;sid:83688879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2"; depth:56; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825780/; classtype:trojan-activity;sid:83688880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2"; depth:55; endswith; nocase; http.host; content:"www.uclibc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825781/; classtype:trojan-activity;sid:83688881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.246.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825771/; classtype:trojan-activity;sid:83688871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825770/; classtype:trojan-activity;sid:83688870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825769/; classtype:trojan-activity;sid:83688869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.118.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825768/; classtype:trojan-activity;sid:83688868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.194.166.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825767/; classtype:trojan-activity;sid:83688867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.13.44.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825766/; classtype:trojan-activity;sid:83688866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.37.237.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825765/; classtype:trojan-activity;sid:83688865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.151.72.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825764/; classtype:trojan-activity;sid:83688864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.151.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825763/; classtype:trojan-activity;sid:83688863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.242.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825762/; classtype:trojan-activity;sid:83688862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.99.201.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825758/; classtype:trojan-activity;sid:83688858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.123.71.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825759/; classtype:trojan-activity;sid:83688859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.51.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825760/; classtype:trojan-activity;sid:83688860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.191.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825761/; classtype:trojan-activity;sid:83688861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.16.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825757/; classtype:trojan-activity;sid:83688857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.110.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825756/; classtype:trojan-activity;sid:83688856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.33.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825755/; classtype:trojan-activity;sid:83688855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.159.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825754/; classtype:trojan-activity;sid:83688854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.181.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825753/; classtype:trojan-activity;sid:83688853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.229.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825752/; classtype:trojan-activity;sid:83688852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.248.189.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825751/; classtype:trojan-activity;sid:83688851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.155.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825750/; classtype:trojan-activity;sid:83688850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825749/; classtype:trojan-activity;sid:83688849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.104.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825748/; classtype:trojan-activity;sid:83688848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/buhh"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825747/; classtype:trojan-activity;sid:83688847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.16.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825746/; classtype:trojan-activity;sid:83688846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.49.198.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825745/; classtype:trojan-activity;sid:83688845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.179.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825744/; classtype:trojan-activity;sid:83688844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.55.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825743/; classtype:trojan-activity;sid:83688843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.248.189.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825742/; classtype:trojan-activity;sid:83688842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.163.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825741/; classtype:trojan-activity;sid:83688841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.104.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825740/; classtype:trojan-activity;sid:83688840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825739/; classtype:trojan-activity;sid:83688839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.220.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825738/; classtype:trojan-activity;sid:83688838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.161.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825737/; classtype:trojan-activity;sid:83688837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.86.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825736/; classtype:trojan-activity;sid:83688836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.245.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825735/; classtype:trojan-activity;sid:83688835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.53.7.68"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825733/; classtype:trojan-activity;sid:83688833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.166.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825734/; classtype:trojan-activity;sid:83688834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825732/; classtype:trojan-activity;sid:83688832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.188.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825731/; classtype:trojan-activity;sid:83688831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.180.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825730/; classtype:trojan-activity;sid:83688830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.48.73.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825729/; classtype:trojan-activity;sid:83688829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.97.163.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825728/; classtype:trojan-activity;sid:83688828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.246.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825727/; classtype:trojan-activity;sid:83688827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.190.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825726/; classtype:trojan-activity;sid:83688826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825723/; classtype:trojan-activity;sid:83688823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.83.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825724/; classtype:trojan-activity;sid:83688824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.155.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825725/; classtype:trojan-activity;sid:83688825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.139.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825722/; classtype:trojan-activity;sid:83688822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825721/; classtype:trojan-activity;sid:83688821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825720/; classtype:trojan-activity;sid:83688820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.220.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825719/; classtype:trojan-activity;sid:83688819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.63.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825718/; classtype:trojan-activity;sid:83688818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/buhf"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825717/; classtype:trojan-activity;sid:83688817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.140.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825715/; classtype:trojan-activity;sid:83688815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xkzdri6ngpg3"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825716/; classtype:trojan-activity;sid:83688816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.122.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825714/; classtype:trojan-activity;sid:83688814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.121.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825713/; classtype:trojan-activity;sid:83688813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.53.7.68"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825712/; classtype:trojan-activity;sid:83688812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.162.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825711/; classtype:trojan-activity;sid:83688811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.104.200.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825710/; classtype:trojan-activity;sid:83688810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.11.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825708/; classtype:trojan-activity;sid:83688808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.158.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825709/; classtype:trojan-activity;sid:83688809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.61.93.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825707/; classtype:trojan-activity;sid:83688807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.102.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825706/; classtype:trojan-activity;sid:83688806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.193.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825705/; classtype:trojan-activity;sid:83688805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.47.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825704/; classtype:trojan-activity;sid:83688804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.188.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825703/; classtype:trojan-activity;sid:83688803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.180.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825702/; classtype:trojan-activity;sid:83688802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227670155350245456/1232456274730287215/novacheeto_2.exe|3f|ex=662985d9|7c|26|7c|is=66283459|7c|26|7c|hm=4296903cf5dd3ca9cda7f9f27c6e723280d8dd6d8d4eda50fb7909222339cd48|7c|26|7c|"; depth:192; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825700/; classtype:trojan-activity;sid:83688800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loaderupgame.zip"; depth:17; endswith; nocase; http.host; content:"up-game.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825701/; classtype:trojan-activity;sid:83688801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pewporupor47/pewporupor47/releases/download/download/lnstaller.rar"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825699/; classtype:trojan-activity;sid:83688799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lander/stealer-morenz/loader.zip"; depth:33; endswith; nocase; http.host; content:"cheatroom.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825698/; classtype:trojan-activity;sid:83688798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825697/; classtype:trojan-activity;sid:83688797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.207.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825696/; classtype:trojan-activity;sid:83688796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.189.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825695/; classtype:trojan-activity;sid:83688795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.6.50"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825694/; classtype:trojan-activity;sid:83688794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.0.213"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825692/; classtype:trojan-activity;sid:83688792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.193.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825693/; classtype:trojan-activity;sid:83688793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.37.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825690/; classtype:trojan-activity;sid:83688790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.249.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825691/; classtype:trojan-activity;sid:83688791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.188.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825689/; classtype:trojan-activity;sid:83688789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825688/; classtype:trojan-activity;sid:83688788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825687/; classtype:trojan-activity;sid:83688787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.73.38.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825686/; classtype:trojan-activity;sid:83688786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.130.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825685/; classtype:trojan-activity;sid:83688785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.174.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825684/; classtype:trojan-activity;sid:83688784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825683/; classtype:trojan-activity;sid:83688783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668931745|3f|hash=v6u3ezvayqcmpvwjpd7lxtkwwm6vbi7tz4wbd4qxbcx|7c|26|7c|dl=drq4v45szyvd4deoobynjcltpis5tw08n6n3keocncc|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825682/; classtype:trojan-activity;sid:83688782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.91.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825681/; classtype:trojan-activity;sid:83688781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825680/; classtype:trojan-activity;sid:83688780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825679/; classtype:trojan-activity;sid:83688779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.207.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825678/; classtype:trojan-activity;sid:83688778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825677/; classtype:trojan-activity;sid:83688777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.77.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825676/; classtype:trojan-activity;sid:83688776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.60.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825674/; classtype:trojan-activity;sid:83688774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825675/; classtype:trojan-activity;sid:83688775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.211.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825673/; classtype:trojan-activity;sid:83688773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825666/; classtype:trojan-activity;sid:83688766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825667/; classtype:trojan-activity;sid:83688767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825668/; classtype:trojan-activity;sid:83688768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825669/; classtype:trojan-activity;sid:83688769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825670/; classtype:trojan-activity;sid:83688770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825671/; classtype:trojan-activity;sid:83688771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.161.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825672/; classtype:trojan-activity;sid:83688772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825665/; classtype:trojan-activity;sid:83688765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825664/; classtype:trojan-activity;sid:83688764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.71.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825663/; classtype:trojan-activity;sid:83688763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668931711|3f|hash=brklr47lpuozuaoullcl9ykhbcnoglzcjilgk4bups4|7c|26|7c|dl=i6f5ignxi4x8m5gmbpmmodgfuzrfwbz8nwbzitex5to|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825662/; classtype:trojan-activity;sid:83688762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.37.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825661/; classtype:trojan-activity;sid:83688761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825660/; classtype:trojan-activity;sid:83688760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.249.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825659/; classtype:trojan-activity;sid:83688759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"95.164.63.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825658/; classtype:trojan-activity;sid:83688758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.249.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825657/; classtype:trojan-activity;sid:83688757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.208.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825656/; classtype:trojan-activity;sid:83688756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.93.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825655/; classtype:trojan-activity;sid:83688755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.164.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825654/; classtype:trojan-activity;sid:83688754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerjdsiaoduywa"; depth:31; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825653/; classtype:trojan-activity;sid:83688753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerdjsklaj"; depth:27; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825646/; classtype:trojan-activity;sid:83688746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerue89216"; depth:27; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825647/; classtype:trojan-activity;sid:83688747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerdis9ayd"; depth:27; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825648/; classtype:trojan-activity;sid:83688748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerdkiwoquyd"; depth:29; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825649/; classtype:trojan-activity;sid:83688749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerid90aw78ds"; depth:30; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825650/; classtype:trojan-activity;sid:83688750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerfdjsajkdfysa9"; depth:33; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825651/; classtype:trojan-activity;sid:83688751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerdlskajhdk"; depth:29; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825652/; classtype:trojan-activity;sid:83688752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerdj8aw"; depth:25; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825645/; classtype:trojan-activity;sid:83688745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckhoneypotsniggerdposajkdsa"; depth:30; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825644/; classtype:trojan-activity;sid:83688744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825643/; classtype:trojan-activity;sid:83688743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.228.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825642/; classtype:trojan-activity;sid:83688742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.161.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825641/; classtype:trojan-activity;sid:83688741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.193.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825640/; classtype:trojan-activity;sid:83688740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.60.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825639/; classtype:trojan-activity;sid:83688739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.251.12.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825638/; classtype:trojan-activity;sid:83688738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.127.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825637/; classtype:trojan-activity;sid:83688737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.173.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825636/; classtype:trojan-activity;sid:83688736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668932599|3f|hash=yoivyv9vbk0e1onhmyxylqpzizgmv9f7y4azt1ly0pd|7c|26|7c|dl=tzhwzuzpcposz85wjeprgs4a5tzodlciyvbzotgji4x|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825635/; classtype:trojan-activity;sid:83688735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.93.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825634/; classtype:trojan-activity;sid:83688734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"snu.anesthetics.biomedzglobal.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825633/; classtype:trojan-activity;sid:83688733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.249.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825632/; classtype:trojan-activity;sid:83688732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"93.123.39.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825631/; classtype:trojan-activity;sid:83688731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.190.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825630/; classtype:trojan-activity;sid:83688730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.61.18.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825629/; classtype:trojan-activity;sid:83688729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.84.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825628/; classtype:trojan-activity;sid:83688728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.125.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825627/; classtype:trojan-activity;sid:83688727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.145.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825626/; classtype:trojan-activity;sid:83688726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.99.152.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825625/; classtype:trojan-activity;sid:83688725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.143.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825618/; classtype:trojan-activity;sid:83688718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/wget"; depth:13; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825619/; classtype:trojan-activity;sid:83688719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/wget"; depth:13; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825620/; classtype:trojan-activity;sid:83688720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/w.sh"; depth:13; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825621/; classtype:trojan-activity;sid:83688721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/c.sh"; depth:13; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825622/; classtype:trojan-activity;sid:83688722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.231.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825623/; classtype:trojan-activity;sid:83688723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/wget.sh"; depth:16; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825624/; classtype:trojan-activity;sid:83688724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/telnet"; depth:15; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825614/; classtype:trojan-activity;sid:83688714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/ohshit.sh"; depth:18; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825615/; classtype:trojan-activity;sid:83688715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/ohshit.sh"; depth:18; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825616/; classtype:trojan-activity;sid:83688716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/telnet"; depth:15; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825617/; classtype:trojan-activity;sid:83688717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.91.154"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825613/; classtype:trojan-activity;sid:83688713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.254.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825612/; classtype:trojan-activity;sid:83688712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825611/; classtype:trojan-activity;sid:83688711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.74.18.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825610/; classtype:trojan-activity;sid:83688710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.209.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825609/; classtype:trojan-activity;sid:83688709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.218.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825608/; classtype:trojan-activity;sid:83688708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.mips"; depth:17; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825607/; classtype:trojan-activity;sid:83688707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.x86_64"; depth:19; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825600/; classtype:trojan-activity;sid:83688700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.x86"; depth:16; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825601/; classtype:trojan-activity;sid:83688701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/debug.dbg"; depth:18; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825602/; classtype:trojan-activity;sid:83688702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/debug.dbg"; depth:18; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825603/; classtype:trojan-activity;sid:83688703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.x86_64"; depth:19; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825604/; classtype:trojan-activity;sid:83688704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.arm7"; depth:17; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825605/; classtype:trojan-activity;sid:83688705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.mips"; depth:17; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825606/; classtype:trojan-activity;sid:83688706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.arm7"; depth:17; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825599/; classtype:trojan-activity;sid:83688699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.arm6"; depth:17; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825596/; classtype:trojan-activity;sid:83688696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.mpsl"; depth:17; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825597/; classtype:trojan-activity;sid:83688697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.arm5"; depth:17; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825598/; classtype:trojan-activity;sid:83688698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.m68k"; depth:17; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825592/; classtype:trojan-activity;sid:83688692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.sh4"; depth:16; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825593/; classtype:trojan-activity;sid:83688693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.arm6"; depth:17; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825594/; classtype:trojan-activity;sid:83688694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.arm"; depth:16; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825595/; classtype:trojan-activity;sid:83688695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.m68k"; depth:17; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825590/; classtype:trojan-activity;sid:83688690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.27.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825591/; classtype:trojan-activity;sid:83688691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.mpsl"; depth:17; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825589/; classtype:trojan-activity;sid:83688689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.sh4"; depth:16; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825585/; classtype:trojan-activity;sid:83688685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.arm"; depth:16; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825586/; classtype:trojan-activity;sid:83688686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.arm5"; depth:17; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825587/; classtype:trojan-activity;sid:83688687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/bot.x86"; depth:16; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825588/; classtype:trojan-activity;sid:83688688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.83.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825584/; classtype:trojan-activity;sid:83688684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.160.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825583/; classtype:trojan-activity;sid:83688683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.59.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825582/; classtype:trojan-activity;sid:83688682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/and"; depth:12; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825580/; classtype:trojan-activity;sid:83688680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/a"; depth:10; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825581/; classtype:trojan-activity;sid:83688681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.145.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825579/; classtype:trojan-activity;sid:83688679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/and"; depth:12; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825575/; classtype:trojan-activity;sid:83688675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ohyeah/a"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825576/; classtype:trojan-activity;sid:83688676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.71.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825574/; classtype:trojan-activity;sid:83688674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verseless.hhk"; depth:14; endswith; nocase; http.host; content:"147.78.103.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825573/; classtype:trojan-activity;sid:83688673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.118.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825572/; classtype:trojan-activity;sid:83688672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.237.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825571/; classtype:trojan-activity;sid:83688671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.38.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825570/; classtype:trojan-activity;sid:83688670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825568/; classtype:trojan-activity;sid:83688668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825569/; classtype:trojan-activity;sid:83688669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825561/; classtype:trojan-activity;sid:83688661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825562/; classtype:trojan-activity;sid:83688662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825563/; classtype:trojan-activity;sid:83688663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825564/; classtype:trojan-activity;sid:83688664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825565/; classtype:trojan-activity;sid:83688665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825566/; classtype:trojan-activity;sid:83688666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825567/; classtype:trojan-activity;sid:83688667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825559/; classtype:trojan-activity;sid:83688659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825560/; classtype:trojan-activity;sid:83688660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.122.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825558/; classtype:trojan-activity;sid:83688658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825557/; classtype:trojan-activity;sid:83688657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.143.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825556/; classtype:trojan-activity;sid:83688656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.11.76.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825555/; classtype:trojan-activity;sid:83688655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.254.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825553/; classtype:trojan-activity;sid:83688653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.37.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825554/; classtype:trojan-activity;sid:83688654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825552/; classtype:trojan-activity;sid:83688652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.216.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825551/; classtype:trojan-activity;sid:83688651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i586"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825544/; classtype:trojan-activity;sid:83688644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825545/; classtype:trojan-activity;sid:83688645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825546/; classtype:trojan-activity;sid:83688646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825547/; classtype:trojan-activity;sid:83688647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xh0roxxnavebusyoo.x86"; depth:23; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825548/; classtype:trojan-activity;sid:83688648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825549/; classtype:trojan-activity;sid:83688649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825550/; classtype:trojan-activity;sid:83688650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825543/; classtype:trojan-activity;sid:83688643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i586"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825541/; classtype:trojan-activity;sid:83688641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xh0roxxnavebusyoo.x86"; depth:23; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825542/; classtype:trojan-activity;sid:83688642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825538/; classtype:trojan-activity;sid:83688638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825539/; classtype:trojan-activity;sid:83688639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm4"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825540/; classtype:trojan-activity;sid:83688640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825530/; classtype:trojan-activity;sid:83688630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825531/; classtype:trojan-activity;sid:83688631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825532/; classtype:trojan-activity;sid:83688632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825533/; classtype:trojan-activity;sid:83688633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825534/; classtype:trojan-activity;sid:83688634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825535/; classtype:trojan-activity;sid:83688635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825536/; classtype:trojan-activity;sid:83688636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825537/; classtype:trojan-activity;sid:83688637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825524/; classtype:trojan-activity;sid:83688624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825525/; classtype:trojan-activity;sid:83688625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825526/; classtype:trojan-activity;sid:83688626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825527/; classtype:trojan-activity;sid:83688627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825528/; classtype:trojan-activity;sid:83688628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825529/; classtype:trojan-activity;sid:83688629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825520/; classtype:trojan-activity;sid:83688620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"sdjgh29387y29ws.group-networks.ru"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825521/; classtype:trojan-activity;sid:83688621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm4"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825522/; classtype:trojan-activity;sid:83688622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825523/; classtype:trojan-activity;sid:83688623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825517/; classtype:trojan-activity;sid:83688617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825518/; classtype:trojan-activity;sid:83688618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825519/; classtype:trojan-activity;sid:83688619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825515/; classtype:trojan-activity;sid:83688615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"zsu-ua-gov.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825516/; classtype:trojan-activity;sid:83688616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825514/; classtype:trojan-activity;sid:83688614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825513/; classtype:trojan-activity;sid:83688613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.183.40.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825512/; classtype:trojan-activity;sid:83688612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.218.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825511/; classtype:trojan-activity;sid:83688611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825510/; classtype:trojan-activity;sid:83688610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825504/; classtype:trojan-activity;sid:83688604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825505/; classtype:trojan-activity;sid:83688605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825506/; classtype:trojan-activity;sid:83688606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825507/; classtype:trojan-activity;sid:83688607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825508/; classtype:trojan-activity;sid:83688608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825509/; classtype:trojan-activity;sid:83688609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825500/; classtype:trojan-activity;sid:83688600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.spc"; depth:9; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825501/; classtype:trojan-activity;sid:83688601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825502/; classtype:trojan-activity;sid:83688602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825503/; classtype:trojan-activity;sid:83688603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825497/; classtype:trojan-activity;sid:83688597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825498/; classtype:trojan-activity;sid:83688598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"tracking-alert.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825499/; classtype:trojan-activity;sid:83688599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825488/; classtype:trojan-activity;sid:83688588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825489/; classtype:trojan-activity;sid:83688589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825490/; classtype:trojan-activity;sid:83688590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825491/; classtype:trojan-activity;sid:83688591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825492/; classtype:trojan-activity;sid:83688592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825493/; classtype:trojan-activity;sid:83688593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825494/; classtype:trojan-activity;sid:83688594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.spc"; depth:9; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825485/; classtype:trojan-activity;sid:83688585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825486/; classtype:trojan-activity;sid:83688586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825487/; classtype:trojan-activity;sid:83688587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825483/; classtype:trojan-activity;sid:83688583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825484/; classtype:trojan-activity;sid:83688584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825481/; classtype:trojan-activity;sid:83688581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"boats.voidnet.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825482/; classtype:trojan-activity;sid:83688582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.18.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825480/; classtype:trojan-activity;sid:83688580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825476/; classtype:trojan-activity;sid:83688576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825475/; classtype:trojan-activity;sid:83688575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825474/; classtype:trojan-activity;sid:83688574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825469/; classtype:trojan-activity;sid:83688569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825470/; classtype:trojan-activity;sid:83688570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825471/; classtype:trojan-activity;sid:83688571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825472/; classtype:trojan-activity;sid:83688572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.248.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825473/; classtype:trojan-activity;sid:83688573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825464/; classtype:trojan-activity;sid:83688564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.spc"; depth:9; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825465/; classtype:trojan-activity;sid:83688565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825466/; classtype:trojan-activity;sid:83688566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825467/; classtype:trojan-activity;sid:83688567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825468/; classtype:trojan-activity;sid:83688568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825462/; classtype:trojan-activity;sid:83688562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"cnc.voidnet.click"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825463/; classtype:trojan-activity;sid:83688563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.54.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825460/; classtype:trojan-activity;sid:83688560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.218.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825459/; classtype:trojan-activity;sid:83688559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.49.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825458/; classtype:trojan-activity;sid:83688558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.58.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825457/; classtype:trojan-activity;sid:83688557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.50.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825456/; classtype:trojan-activity;sid:83688556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.248.55.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825455/; classtype:trojan-activity;sid:83688555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.253.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825453/; classtype:trojan-activity;sid:83688553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.87.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825454/; classtype:trojan-activity;sid:83688554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.160.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825452/; classtype:trojan-activity;sid:83688552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668920049|3f|hash=v8h4zbhscia4f2gx7rr3yzxlkr1uzf1brizkvfc0rtp|7c|26|7c|dl=ikl901clegstusdzdwfukqywmmuhfqtzfvsv0birihg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825451/; classtype:trojan-activity;sid:83688551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.36.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825450/; classtype:trojan-activity;sid:83688550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.70.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825443/; classtype:trojan-activity;sid:83688543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.36.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825442/; classtype:trojan-activity;sid:83688542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.206.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825441/; classtype:trojan-activity;sid:83688541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825440/; classtype:trojan-activity;sid:83688540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.php"; depth:6; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825437/; classtype:trojan-activity;sid:83688537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.php"; depth:6; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825438/; classtype:trojan-activity;sid:83688538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.php"; depth:6; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825439/; classtype:trojan-activity;sid:83688539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825436/; classtype:trojan-activity;sid:83688536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825434/; classtype:trojan-activity;sid:83688534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825435/; classtype:trojan-activity;sid:83688535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.92.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825433/; classtype:trojan-activity;sid:83688533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.174.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825432/; classtype:trojan-activity;sid:83688532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.159.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825431/; classtype:trojan-activity;sid:83688531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.253.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825430/; classtype:trojan-activity;sid:83688530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.42.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825428/; classtype:trojan-activity;sid:83688528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.72.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825429/; classtype:trojan-activity;sid:83688529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.38.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825427/; classtype:trojan-activity;sid:83688527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.180.149.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825426/; classtype:trojan-activity;sid:83688526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.248.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825424/; classtype:trojan-activity;sid:83688524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.185.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825425/; classtype:trojan-activity;sid:83688525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.122.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825423/; classtype:trojan-activity;sid:83688523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel_softfloat"; depth:23; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825422/; classtype:trojan-activity;sid:83688522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el_softfloat"; depth:25; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825421/; classtype:trojan-activity;sid:83688521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64_softfloat"; depth:23; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825420/; classtype:trojan-activity;sid:83688520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips_softfloat"; depth:21; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825419/; classtype:trojan-activity;sid:83688519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825418/; classtype:trojan-activity;sid:83688518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825417/; classtype:trojan-activity;sid:83688517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64el"; depth:14; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825416/; classtype:trojan-activity;sid:83688516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825415/; classtype:trojan-activity;sid:83688515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825414/; classtype:trojan-activity;sid:83688514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825413/; classtype:trojan-activity;sid:83688513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825412/; classtype:trojan-activity;sid:83688512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825411/; classtype:trojan-activity;sid:83688511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm64"; depth:12; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825410/; classtype:trojan-activity;sid:83688510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825409/; classtype:trojan-activity;sid:83688509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64"; depth:12; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825408/; classtype:trojan-activity;sid:83688508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825407/; classtype:trojan-activity;sid:83688507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825406/; classtype:trojan-activity;sid:83688506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xiaoccnb.sh"; depth:12; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825403/; classtype:trojan-activity;sid:83688503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.236.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825404/; classtype:trojan-activity;sid:83688504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.160.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825405/; classtype:trojan-activity;sid:83688505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips_softfloat"; depth:21; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825402/; classtype:trojan-activity;sid:83688502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825401/; classtype:trojan-activity;sid:83688501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825400/; classtype:trojan-activity;sid:83688500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825399/; classtype:trojan-activity;sid:83688499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825397/; classtype:trojan-activity;sid:83688497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel_softfloat"; depth:23; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825398/; classtype:trojan-activity;sid:83688498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825396/; classtype:trojan-activity;sid:83688496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825395/; classtype:trojan-activity;sid:83688495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64"; depth:12; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825394/; classtype:trojan-activity;sid:83688494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64_softfloat"; depth:23; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825393/; classtype:trojan-activity;sid:83688493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825392/; classtype:trojan-activity;sid:83688492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64el"; depth:14; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825390/; classtype:trojan-activity;sid:83688490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el_softfloat"; depth:25; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825391/; classtype:trojan-activity;sid:83688491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825389/; classtype:trojan-activity;sid:83688489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825388/; classtype:trojan-activity;sid:83688488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm64"; depth:12; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825387/; classtype:trojan-activity;sid:83688487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.exe"; depth:8; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825386/; classtype:trojan-activity;sid:83688486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.exe"; depth:8; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825385/; classtype:trojan-activity;sid:83688485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xiaoccnb.sh"; depth:12; endswith; nocase; http.host; content:"154.12.83.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825384/; classtype:trojan-activity;sid:83688484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825383/; classtype:trojan-activity;sid:83688483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.32.8.135"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825381/; classtype:trojan-activity;sid:83688481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.219.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825382/; classtype:trojan-activity;sid:83688482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.95.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825380/; classtype:trojan-activity;sid:83688480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.117.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825379/; classtype:trojan-activity;sid:83688479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825378/; classtype:trojan-activity;sid:83688478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.114.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825377/; classtype:trojan-activity;sid:83688477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825375/; classtype:trojan-activity;sid:83688475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.35.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825376/; classtype:trojan-activity;sid:83688476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.33.62.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825373/; classtype:trojan-activity;sid:83688473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.238.89.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825374/; classtype:trojan-activity;sid:83688474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.17.147.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825372/; classtype:trojan-activity;sid:83688472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.22.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825371/; classtype:trojan-activity;sid:83688471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.209.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825370/; classtype:trojan-activity;sid:83688470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.72.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825369/; classtype:trojan-activity;sid:83688469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.18.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825368/; classtype:trojan-activity;sid:83688468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825367/; classtype:trojan-activity;sid:83688467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825366/; classtype:trojan-activity;sid:83688466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_nap"; depth:10; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825365/; classtype:trojan-activity;sid:83688465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825363/; classtype:trojan-activity;sid:83688463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825364/; classtype:trojan-activity;sid:83688464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rj.sh"; depth:6; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825352/; classtype:trojan-activity;sid:83688452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_a7l"; depth:10; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825353/; classtype:trojan-activity;sid:83688453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a5.sh"; depth:6; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825354/; classtype:trojan-activity;sid:83688454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.sh"; depth:5; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825355/; classtype:trojan-activity;sid:83688455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_mpel"; depth:11; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825356/; classtype:trojan-activity;sid:83688456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_a5l"; depth:10; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825357/; classtype:trojan-activity;sid:83688457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_64"; depth:9; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825358/; classtype:trojan-activity;sid:83688458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_a64"; depth:10; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825359/; classtype:trojan-activity;sid:83688459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_86"; depth:9; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825360/; classtype:trojan-activity;sid:83688460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825361/; classtype:trojan-activity;sid:83688461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.sh"; depth:5; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825362/; classtype:trojan-activity;sid:83688462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x1.sh"; depth:6; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825350/; classtype:trojan-activity;sid:83688450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"23.224.176.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825351/; classtype:trojan-activity;sid:83688451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.197.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825349/; classtype:trojan-activity;sid:83688449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.83.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825348/; classtype:trojan-activity;sid:83688448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.15.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825347/; classtype:trojan-activity;sid:83688447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.220.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825346/; classtype:trojan-activity;sid:83688446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.152.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825345/; classtype:trojan-activity;sid:83688445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.82.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825344/; classtype:trojan-activity;sid:83688444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.68.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825343/; classtype:trojan-activity;sid:83688443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.32.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825342/; classtype:trojan-activity;sid:83688442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.166.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825341/; classtype:trojan-activity;sid:83688441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pl"; depth:3; endswith; nocase; http.host; content:"95.164.69.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825340/; classtype:trojan-activity;sid:83688440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.94.156.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825338/; classtype:trojan-activity;sid:83688438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ms"; depth:3; endswith; nocase; http.host; content:"95.164.69.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825339/; classtype:trojan-activity;sid:83688439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.238.89.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825337/; classtype:trojan-activity;sid:83688437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.32.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825336/; classtype:trojan-activity;sid:83688436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.0.201"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825334/; classtype:trojan-activity;sid:83688434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.197.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825335/; classtype:trojan-activity;sid:83688435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.253.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825333/; classtype:trojan-activity;sid:83688433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.215.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825332/; classtype:trojan-activity;sid:83688432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.191.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825331/; classtype:trojan-activity;sid:83688431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sspc"; depth:6; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825323/; classtype:trojan-activity;sid:83688423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sm68k"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825324/; classtype:trojan-activity;sid:83688424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825325/; classtype:trojan-activity;sid:83688425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smpsl"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825326/; classtype:trojan-activity;sid:83688426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm6"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825327/; classtype:trojan-activity;sid:83688427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86_64"; depth:9; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825328/; classtype:trojan-activity;sid:83688428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smips"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825329/; classtype:trojan-activity;sid:83688429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825330/; classtype:trojan-activity;sid:83688430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86"; depth:6; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825321/; classtype:trojan-activity;sid:83688421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm5"; depth:7; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825322/; classtype:trojan-activity;sid:83688422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825318/; classtype:trojan-activity;sid:83688418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825319/; classtype:trojan-activity;sid:83688419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"95.169.196.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825320/; classtype:trojan-activity;sid:83688420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.82.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825317/; classtype:trojan-activity;sid:83688417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825316/; classtype:trojan-activity;sid:83688416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.166.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825315/; classtype:trojan-activity;sid:83688415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.240.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825314/; classtype:trojan-activity;sid:83688414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.225.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825313/; classtype:trojan-activity;sid:83688413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.92.132"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825312/; classtype:trojan-activity;sid:83688412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.110.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825311/; classtype:trojan-activity;sid:83688411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825310/; classtype:trojan-activity;sid:83688410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825305/; classtype:trojan-activity;sid:83688405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.94.156.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825306/; classtype:trojan-activity;sid:83688406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825307/; classtype:trojan-activity;sid:83688407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825308/; classtype:trojan-activity;sid:83688408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825309/; classtype:trojan-activity;sid:83688409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825299/; classtype:trojan-activity;sid:83688399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825300/; classtype:trojan-activity;sid:83688400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825301/; classtype:trojan-activity;sid:83688401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825302/; classtype:trojan-activity;sid:83688402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825303/; classtype:trojan-activity;sid:83688403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.156.71.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825304/; classtype:trojan-activity;sid:83688404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825294/; classtype:trojan-activity;sid:83688394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825295/; classtype:trojan-activity;sid:83688395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825296/; classtype:trojan-activity;sid:83688396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825297/; classtype:trojan-activity;sid:83688397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825298/; classtype:trojan-activity;sid:83688398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825291/; classtype:trojan-activity;sid:83688391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825292/; classtype:trojan-activity;sid:83688392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825293/; classtype:trojan-activity;sid:83688393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825290/; classtype:trojan-activity;sid:83688390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825288/; classtype:trojan-activity;sid:83688388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"zimbralet.x24hr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825289/; classtype:trojan-activity;sid:83688389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825287/; classtype:trojan-activity;sid:83688387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.191.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825286/; classtype:trojan-activity;sid:83688386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/logo4.jpg"; depth:14; endswith; nocase; http.host; content:"public-ftp.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825285/; classtype:trojan-activity;sid:83688385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.215.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825284/; classtype:trojan-activity;sid:83688384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vre"; depth:4; endswith; nocase; http.host; content:"zahramsatya.ddns.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825283/; classtype:trojan-activity;sid:83688383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825282/; classtype:trojan-activity;sid:83688382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825281/; classtype:trojan-activity;sid:83688381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825280/; classtype:trojan-activity;sid:83688380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.110.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825279/; classtype:trojan-activity;sid:83688379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.225.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825278/; classtype:trojan-activity;sid:83688378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.95.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825277/; classtype:trojan-activity;sid:83688377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.216.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825276/; classtype:trojan-activity;sid:83688376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.201.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825275/; classtype:trojan-activity;sid:83688375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825274/; classtype:trojan-activity;sid:83688374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.71.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825273/; classtype:trojan-activity;sid:83688373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825272/; classtype:trojan-activity;sid:83688372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.9.167"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825271/; classtype:trojan-activity;sid:83688371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825270/; classtype:trojan-activity;sid:83688370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.216.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825269/; classtype:trojan-activity;sid:83688369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/qauasariscrypted.exe"; depth:26; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825268/; classtype:trojan-activity;sid:83688368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/fzonsvup.exe"; depth:20; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825267/; classtype:trojan-activity;sid:83688367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.127.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825266/; classtype:trojan-activity;sid:83688366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825265/; classtype:trojan-activity;sid:83688365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%2477xmrig.exe"; depth:15; endswith; nocase; http.host; content:"dsahgduoi.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825264/; classtype:trojan-activity;sid:83688364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.161.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825263/; classtype:trojan-activity;sid:83688363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.vbs"; depth:11; endswith; nocase; http.host; content:"dsahgduoi.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825262/; classtype:trojan-activity;sid:83688362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.71.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825260/; classtype:trojan-activity;sid:83688360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825261/; classtype:trojan-activity;sid:83688361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825258/; classtype:trojan-activity;sid:83688358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825259/; classtype:trojan-activity;sid:83688359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.100.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825257/; classtype:trojan-activity;sid:83688357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//curl-amd64"; depth:12; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825255/; classtype:trojan-activity;sid:83688355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//kinsing"; depth:9; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825256/; classtype:trojan-activity;sid:83688356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.9.167"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825254/; classtype:trojan-activity;sid:83688354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//kinsing_aarch64"; depth:17; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825253/; classtype:trojan-activity;sid:83688353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//curl-aarch64"; depth:14; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825252/; classtype:trojan-activity;sid:83688352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//libsystem.so"; depth:14; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825251/; classtype:trojan-activity;sid:83688351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.m68k"; depth:10; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825241/; classtype:trojan-activity;sid:83688341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.mips"; depth:10; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825242/; classtype:trojan-activity;sid:83688342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.arm5"; depth:10; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825243/; classtype:trojan-activity;sid:83688343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.ppc"; depth:9; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825244/; classtype:trojan-activity;sid:83688344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.arm7"; depth:10; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825245/; classtype:trojan-activity;sid:83688345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.arm"; depth:9; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825246/; classtype:trojan-activity;sid:83688346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.x86"; depth:9; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825247/; classtype:trojan-activity;sid:83688347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.arm6"; depth:10; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825248/; classtype:trojan-activity;sid:83688348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.spc"; depth:9; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825249/; classtype:trojan-activity;sid:83688349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoho.sh4"; depth:9; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825250/; classtype:trojan-activity;sid:83688350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.39.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825240/; classtype:trojan-activity;sid:83688340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goping.sh"; depth:10; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825239/; classtype:trojan-activity;sid:83688339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goping"; depth:7; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825238/; classtype:trojan-activity;sid:83688338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goping_aarch64"; depth:15; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825236/; classtype:trojan-activity;sid:83688336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goping_armv7l"; depth:14; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825237/; classtype:trojan-activity;sid:83688337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.105.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825231/; classtype:trojan-activity;sid:83688331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825232/; classtype:trojan-activity;sid:83688332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825233/; classtype:trojan-activity;sid:83688333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825234/; classtype:trojan-activity;sid:83688334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825235/; classtype:trojan-activity;sid:83688335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825223/; classtype:trojan-activity;sid:83688323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825224/; classtype:trojan-activity;sid:83688324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825225/; classtype:trojan-activity;sid:83688325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825226/; classtype:trojan-activity;sid:83688326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825227/; classtype:trojan-activity;sid:83688327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825228/; classtype:trojan-activity;sid:83688328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825229/; classtype:trojan-activity;sid:83688329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825230/; classtype:trojan-activity;sid:83688330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.254.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825222/; classtype:trojan-activity;sid:83688322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.127.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825221/; classtype:trojan-activity;sid:83688321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.133.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825219/; classtype:trojan-activity;sid:83688319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.41.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825220/; classtype:trojan-activity;sid:83688320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.77.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825218/; classtype:trojan-activity;sid:83688318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.73.77.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825217/; classtype:trojan-activity;sid:83688317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.41.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825216/; classtype:trojan-activity;sid:83688316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.29.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825215/; classtype:trojan-activity;sid:83688315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.238.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825214/; classtype:trojan-activity;sid:83688314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825213/; classtype:trojan-activity;sid:83688313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.39.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825212/; classtype:trojan-activity;sid:83688312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825211/; classtype:trojan-activity;sid:83688311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.254.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825210/; classtype:trojan-activity;sid:83688310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-aarch64"; depth:13; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825209/; classtype:trojan-activity;sid:83688309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-amd64"; depth:11; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825208/; classtype:trojan-activity;sid:83688308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/so"; depth:3; endswith; nocase; http.host; content:"95.164.69.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825206/; classtype:trojan-activity;sid:83688306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"95.164.69.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825207/; classtype:trojan-activity;sid:83688307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing_aarch64"; depth:16; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825205/; classtype:trojan-activity;sid:83688305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing"; depth:8; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825202/; classtype:trojan-activity;sid:83688302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libsystem.so"; depth:13; endswith; nocase; http.host; content:"89.110.89.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825203/; classtype:trojan-activity;sid:83688303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825204/; classtype:trojan-activity;sid:83688304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825201/; classtype:trojan-activity;sid:83688301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825200/; classtype:trojan-activity;sid:83688300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825198/; classtype:trojan-activity;sid:83688298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825199/; classtype:trojan-activity;sid:83688299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825196/; classtype:trojan-activity;sid:83688296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"91.92.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825197/; classtype:trojan-activity;sid:83688297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825191/; classtype:trojan-activity;sid:83688291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825192/; classtype:trojan-activity;sid:83688292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825193/; classtype:trojan-activity;sid:83688293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825194/; classtype:trojan-activity;sid:83688294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.axis"; depth:13; endswith; nocase; http.host; content:"185.150.26.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825195/; classtype:trojan-activity;sid:83688295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.armv7"; depth:12; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825188/; classtype:trojan-activity;sid:83688288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825189/; classtype:trojan-activity;sid:83688289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825190/; classtype:trojan-activity;sid:83688290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825185/; classtype:trojan-activity;sid:83688285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825186/; classtype:trojan-activity;sid:83688286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825187/; classtype:trojan-activity;sid:83688287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825179/; classtype:trojan-activity;sid:83688279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.sh4"; depth:10; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825180/; classtype:trojan-activity;sid:83688280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825181/; classtype:trojan-activity;sid:83688281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825182/; classtype:trojan-activity;sid:83688282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.mips"; depth:11; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825183/; classtype:trojan-activity;sid:83688283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.x86"; depth:10; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825184/; classtype:trojan-activity;sid:83688284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825178/; classtype:trojan-activity;sid:83688278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"91.92.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825176/; classtype:trojan-activity;sid:83688276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825177/; classtype:trojan-activity;sid:83688277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825174/; classtype:trojan-activity;sid:83688274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686_1"; depth:7; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825175/; classtype:trojan-activity;sid:83688275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.92.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825170/; classtype:trojan-activity;sid:83688270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825171/; classtype:trojan-activity;sid:83688271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//zmap.arm7"; depth:11; endswith; nocase; http.host; content:"91.92.240.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825172/; classtype:trojan-activity;sid:83688272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm7"; depth:10; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825173/; classtype:trojan-activity;sid:83688273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825165/; classtype:trojan-activity;sid:83688265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//zmap.arm"; depth:10; endswith; nocase; http.host; content:"91.92.240.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825166/; classtype:trojan-activity;sid:83688266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825167/; classtype:trojan-activity;sid:83688267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825168/; classtype:trojan-activity;sid:83688268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.armv6"; depth:12; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825169/; classtype:trojan-activity;sid:83688269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.ppc"; depth:9; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825161/; classtype:trojan-activity;sid:83688261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825162/; classtype:trojan-activity;sid:83688262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//zmap.m68k"; depth:11; endswith; nocase; http.host; content:"91.92.240.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825163/; classtype:trojan-activity;sid:83688263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.sparc"; depth:12; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825164/; classtype:trojan-activity;sid:83688264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825157/; classtype:trojan-activity;sid:83688257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825158/; classtype:trojan-activity;sid:83688258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.x86"; depth:9; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825159/; classtype:trojan-activity;sid:83688259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.m68k"; depth:11; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825160/; classtype:trojan-activity;sid:83688260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.110.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825152/; classtype:trojan-activity;sid:83688252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.1686"; depth:11; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825153/; classtype:trojan-activity;sid:83688253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.armv5"; depth:12; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825154/; classtype:trojan-activity;sid:83688254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825155/; classtype:trojan-activity;sid:83688255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.armv4"; depth:12; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825156/; classtype:trojan-activity;sid:83688256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825147/; classtype:trojan-activity;sid:83688247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.1586"; depth:11; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825148/; classtype:trojan-activity;sid:83688248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825149/; classtype:trojan-activity;sid:83688249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mpsl"; depth:10; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825150/; classtype:trojan-activity;sid:83688250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.spc"; depth:9; endswith; nocase; http.host; content:"91.92.240.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825151/; classtype:trojan-activity;sid:83688251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825137/; classtype:trojan-activity;sid:83688237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"91.92.244.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825138/; classtype:trojan-activity;sid:83688238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825139/; classtype:trojan-activity;sid:83688239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825140/; classtype:trojan-activity;sid:83688240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825141/; classtype:trojan-activity;sid:83688241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825142/; classtype:trojan-activity;sid:83688242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.ppc"; depth:10; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825143/; classtype:trojan-activity;sid:83688243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.axis"; depth:13; endswith; nocase; http.host; content:"185.150.26.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825144/; classtype:trojan-activity;sid:83688244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/force.mipsel"; depth:13; endswith; nocase; http.host; content:"93.123.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825145/; classtype:trojan-activity;sid:83688245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"91.92.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825146/; classtype:trojan-activity;sid:83688246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825134/; classtype:trojan-activity;sid:83688234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm"; depth:9; endswith; nocase; http.host; content:"91.92.240.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825135/; classtype:trojan-activity;sid:83688235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825136/; classtype:trojan-activity;sid:83688236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"91.92.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825132/; classtype:trojan-activity;sid:83688232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//zmap.spc"; depth:10; endswith; nocase; http.host; content:"91.92.240.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825133/; classtype:trojan-activity;sid:83688233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825129/; classtype:trojan-activity;sid:83688229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825130/; classtype:trojan-activity;sid:83688230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm5"; depth:10; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825131/; classtype:trojan-activity;sid:83688231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825123/; classtype:trojan-activity;sid:83688223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825124/; classtype:trojan-activity;sid:83688224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.103.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825125/; classtype:trojan-activity;sid:83688225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"91.92.252.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825126/; classtype:trojan-activity;sid:83688226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825127/; classtype:trojan-activity;sid:83688227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825128/; classtype:trojan-activity;sid:83688228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825122/; classtype:trojan-activity;sid:83688222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"212.70.149.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825121/; classtype:trojan-activity;sid:83688221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.sh4"; depth:9; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825120/; classtype:trojan-activity;sid:83688220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825119/; classtype:trojan-activity;sid:83688219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825112/; classtype:trojan-activity;sid:83688212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825113/; classtype:trojan-activity;sid:83688213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825114/; classtype:trojan-activity;sid:83688214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mips"; depth:10; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825115/; classtype:trojan-activity;sid:83688215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm6"; depth:10; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825116/; classtype:trojan-activity;sid:83688216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"185.196.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825117/; classtype:trojan-activity;sid:83688217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.m68k"; depth:10; endswith; nocase; http.host; content:"94.158.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825118/; classtype:trojan-activity;sid:83688218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/var"; depth:4; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825109/; classtype:trojan-activity;sid:83688209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm7"; depth:10; endswith; nocase; http.host; content:"91.92.240.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825110/; classtype:trojan-activity;sid:83688210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.m68k"; depth:10; endswith; nocase; http.host; content:"91.92.240.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825111/; classtype:trojan-activity;sid:83688211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668866105|3f|hash=592mxvodryhi3mokvqbteipjnbvrzgpbzpepip7nzth|7c|26|7c|dl=rbtxpdf9vtm1vsuxs5paumbwjcwjarztzep2ujhnhwd|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825108/; classtype:trojan-activity;sid:83688208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.98.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825107/; classtype:trojan-activity;sid:83688207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.100.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825106/; classtype:trojan-activity;sid:83688206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.209.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825105/; classtype:trojan-activity;sid:83688205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.105.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825104/; classtype:trojan-activity;sid:83688204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.149.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825103/; classtype:trojan-activity;sid:83688203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.133.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825102/; classtype:trojan-activity;sid:83688202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.78.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825101/; classtype:trojan-activity;sid:83688201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668922454|3f|hash=3qe0ezwmzimaqnvhqzhx1ieli9asceldqz942b9xonz|7c|26|7c|dl=bslmeg06gztey2ob56piy44gvec68jf9fdfvtqmmkhk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825100/; classtype:trojan-activity;sid:83688200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.133.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825099/; classtype:trojan-activity;sid:83688199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825098/; classtype:trojan-activity;sid:83688198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825097/; classtype:trojan-activity;sid:83688197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.141.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825096/; classtype:trojan-activity;sid:83688196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.130.240.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825095/; classtype:trojan-activity;sid:83688195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.70.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825094/; classtype:trojan-activity;sid:83688194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.29.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825093/; classtype:trojan-activity;sid:83688193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.ppc"; depth:14; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825086/; classtype:trojan-activity;sid:83688186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm6"; depth:15; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825087/; classtype:trojan-activity;sid:83688187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.x86_64"; depth:17; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825088/; classtype:trojan-activity;sid:83688188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm"; depth:14; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825089/; classtype:trojan-activity;sid:83688189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.x86"; depth:14; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825090/; classtype:trojan-activity;sid:83688190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.m68k"; depth:15; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825091/; classtype:trojan-activity;sid:83688191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.sh4"; depth:14; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825092/; classtype:trojan-activity;sid:83688192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.mpsl"; depth:15; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825083/; classtype:trojan-activity;sid:83688183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.i686"; depth:15; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825084/; classtype:trojan-activity;sid:83688184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm7"; depth:15; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825085/; classtype:trojan-activity;sid:83688185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.arm5"; depth:15; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825081/; classtype:trojan-activity;sid:83688181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/syms.mips"; depth:15; endswith; nocase; http.host; content:"64.23.189.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825082/; classtype:trojan-activity;sid:83688182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pc"; depth:3; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825076/; classtype:trojan-activity;sid:83688176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nano"; depth:5; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825077/; classtype:trojan-activity;sid:83688177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825078/; classtype:trojan-activity;sid:83688178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat"; depth:4; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825079/; classtype:trojan-activity;sid:83688179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825080/; classtype:trojan-activity;sid:83688180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825069/; classtype:trojan-activity;sid:83688169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825070/; classtype:trojan-activity;sid:83688170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftpd"; depth:6; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825071/; classtype:trojan-activity;sid:83688171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bashd"; depth:6; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825072/; classtype:trojan-activity;sid:83688172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825073/; classtype:trojan-activity;sid:83688173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825074/; classtype:trojan-activity;sid:83688174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825075/; classtype:trojan-activity;sid:83688175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swarm.sh"; depth:9; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825067/; classtype:trojan-activity;sid:83688167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"45.88.90.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825068/; classtype:trojan-activity;sid:83688168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.110.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825066/; classtype:trojan-activity;sid:83688166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.103.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825065/; classtype:trojan-activity;sid:83688165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x1.exe"; depth:7; endswith; nocase; http.host; content:"91.92.252.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825058/; classtype:trojan-activity;sid:83688158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iv.sh"; depth:6; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825059/; classtype:trojan-activity;sid:83688159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x2.exe"; depth:7; endswith; nocase; http.host; content:"91.92.252.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825060/; classtype:trojan-activity;sid:83688160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.exe"; depth:10; endswith; nocase; http.host; content:"91.92.252.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825061/; classtype:trojan-activity;sid:83688161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output.exe"; depth:11; endswith; nocase; http.host; content:"91.92.252.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825062/; classtype:trojan-activity;sid:83688162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/screenconnect.client.exe"; depth:25; endswith; nocase; http.host; content:"91.92.252.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825063/; classtype:trojan-activity;sid:83688163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/explorer.exe"; depth:13; endswith; nocase; http.host; content:"91.92.252.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825064/; classtype:trojan-activity;sid:83688164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123.jpg"; depth:8; endswith; nocase; http.host; content:"91.92.252.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825057/; classtype:trojan-activity;sid:83688157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123.txt"; depth:8; endswith; nocase; http.host; content:"91.92.252.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825056/; classtype:trojan-activity;sid:83688156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.162.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825055/; classtype:trojan-activity;sid:83688155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.48.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825054/; classtype:trojan-activity;sid:83688154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825053/; classtype:trojan-activity;sid:83688153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.80.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825051/; classtype:trojan-activity;sid:83688151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.78.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825052/; classtype:trojan-activity;sid:83688152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.229.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825050/; classtype:trojan-activity;sid:83688150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.26.222.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825049/; classtype:trojan-activity;sid:83688149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.43.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825048/; classtype:trojan-activity;sid:83688148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.127.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825047/; classtype:trojan-activity;sid:83688147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/version_2.exe"; depth:14; endswith; nocase; http.host; content:"103.113.70.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825046/; classtype:trojan-activity;sid:83688146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825045/; classtype:trojan-activity;sid:83688145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825042/; classtype:trojan-activity;sid:83688142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825043/; classtype:trojan-activity;sid:83688143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825044/; classtype:trojan-activity;sid:83688144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825036/; classtype:trojan-activity;sid:83688136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825037/; classtype:trojan-activity;sid:83688137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825038/; classtype:trojan-activity;sid:83688138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825039/; classtype:trojan-activity;sid:83688139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825040/; classtype:trojan-activity;sid:83688140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825041/; classtype:trojan-activity;sid:83688141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"putin.zelenskyj.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825035/; classtype:trojan-activity;sid:83688135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825034/; classtype:trojan-activity;sid:83688134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.149.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825033/; classtype:trojan-activity;sid:83688133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient.exe"; depth:12; endswith; nocase; http.host; content:"91.92.247.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825031/; classtype:trojan-activity;sid:83688131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient2.exe"; depth:13; endswith; nocase; http.host; content:"91.92.247.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825032/; classtype:trojan-activity;sid:83688132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825030/; classtype:trojan-activity;sid:83688130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.249.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825029/; classtype:trojan-activity;sid:83688129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/responsibilityleadpro.exe"; depth:26; endswith; nocase; http.host; content:"91.92.249.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825027/; classtype:trojan-activity;sid:83688127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient.exe"; depth:12; endswith; nocase; http.host; content:"91.92.249.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825028/; classtype:trojan-activity;sid:83688128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baburk_0x0002423fe77156.exe"; depth:28; endswith; nocase; http.host; content:"91.92.249.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825026/; classtype:trojan-activity;sid:83688126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phantom.exe"; depth:12; endswith; nocase; http.host; content:"91.92.249.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825025/; classtype:trojan-activity;sid:83688125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.127.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825024/; classtype:trojan-activity;sid:83688124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825023/; classtype:trojan-activity;sid:83688123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.155.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825021/; classtype:trojan-activity;sid:83688121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.141.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825022/; classtype:trojan-activity;sid:83688122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.195.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825020/; classtype:trojan-activity;sid:83688120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.80.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825019/; classtype:trojan-activity;sid:83688119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.255.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825018/; classtype:trojan-activity;sid:83688118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.191.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825017/; classtype:trojan-activity;sid:83688117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825016/; classtype:trojan-activity;sid:83688116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.249.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825015/; classtype:trojan-activity;sid:83688115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.175.93.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825014/; classtype:trojan-activity;sid:83688114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825013/; classtype:trojan-activity;sid:83688113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.230.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825012/; classtype:trojan-activity;sid:83688112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.130.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825011/; classtype:trojan-activity;sid:83688111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.41.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825010/; classtype:trojan-activity;sid:83688110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.228.252.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825009/; classtype:trojan-activity;sid:83688109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.222.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825007/; classtype:trojan-activity;sid:83688107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.124.44.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825008/; classtype:trojan-activity;sid:83688108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.220.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825006/; classtype:trojan-activity;sid:83688106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.155.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825005/; classtype:trojan-activity;sid:83688105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.239.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825004/; classtype:trojan-activity;sid:83688104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=fdb0512de793b32e%21192|7c|26|7c|authkey=!aabmannkbvjdxgc"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825003/; classtype:trojan-activity;sid:83688103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/45.64.rar"; depth:15; endswith; nocase; http.host; content:"121.167.2.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825002/; classtype:trojan-activity;sid:83688102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/360/hjc.exe"; depth:12; endswith; nocase; http.host; content:"103.198.26.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825001/; classtype:trojan-activity;sid:83688101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/45.64.json"; depth:16; endswith; nocase; http.host; content:"121.167.2.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824999/; classtype:trojan-activity;sid:83688099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/45.6472.txt"; depth:17; endswith; nocase; http.host; content:"121.167.2.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825000/; classtype:trojan-activity;sid:83688100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/arm7"; depth:11; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824998/; classtype:trojan-activity;sid:83688098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/arm5"; depth:11; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824995/; classtype:trojan-activity;sid:83688095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/arm6"; depth:11; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824996/; classtype:trojan-activity;sid:83688096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/mips"; depth:11; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824997/; classtype:trojan-activity;sid:83688097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/i686"; depth:11; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824989/; classtype:trojan-activity;sid:83688089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/arm5nk"; depth:13; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824990/; classtype:trojan-activity;sid:83688090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/arm"; depth:10; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824991/; classtype:trojan-activity;sid:83688091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/x86_64"; depth:13; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824992/; classtype:trojan-activity;sid:83688092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/mipsel"; depth:13; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824993/; classtype:trojan-activity;sid:83688093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824994/; classtype:trojan-activity;sid:83688094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxcvn/i568"; depth:11; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824988/; classtype:trojan-activity;sid:83688088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/hon.txt"; depth:11; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824987/; classtype:trojan-activity;sid:83688087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.191.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824986/; classtype:trojan-activity;sid:83688086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.255.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824985/; classtype:trojan-activity;sid:83688085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/ikfbd"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824984/; classtype:trojan-activity;sid:83688084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.29.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824983/; classtype:trojan-activity;sid:83688083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668917943|3f|hash=d5rzevxq6oscx6fdgid8uazfi1bmxaehjo22ctx3ilp|7c|26|7c|dl=10qtemrbibys6qzm2xhocznvo2gpykxakjz6rrkfzjk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824982/; classtype:trojan-activity;sid:83688082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824981/; classtype:trojan-activity;sid:83688081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824980/; classtype:trojan-activity;sid:83688080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824979/; classtype:trojan-activity;sid:83688079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.251.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824978/; classtype:trojan-activity;sid:83688078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lti4plfomwgccukejpybprip-lcokwed"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824977/; classtype:trojan-activity;sid:83688077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1pp5tqfaznaibje3dril2oknytyoy1zxy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824976/; classtype:trojan-activity;sid:83688076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.141.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824974/; classtype:trojan-activity;sid:83688074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1-kqmxodyjhhw6fn77qkvco3tox2hzzli"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824975/; classtype:trojan-activity;sid:83688075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.249.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824973/; classtype:trojan-activity;sid:83688073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=13sidgku2d7ii6zrxa4ggysas5i0mhatb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824972/; classtype:trojan-activity;sid:83688072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824971/; classtype:trojan-activity;sid:83688071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.176.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824970/; classtype:trojan-activity;sid:83688070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.76.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824969/; classtype:trojan-activity;sid:83688069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.68.162.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824968/; classtype:trojan-activity;sid:83688068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.40.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824967/; classtype:trojan-activity;sid:83688067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.230.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824966/; classtype:trojan-activity;sid:83688066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.214.32.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824965/; classtype:trojan-activity;sid:83688065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.160.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824964/; classtype:trojan-activity;sid:83688064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.109.234.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824963/; classtype:trojan-activity;sid:83688063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-sh4"; depth:9; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824962/; classtype:trojan-activity;sid:83688062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mips"; depth:10; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824961/; classtype:trojan-activity;sid:83688061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm7"; depth:10; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824960/; classtype:trojan-activity;sid:83688060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm"; depth:9; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824958/; classtype:trojan-activity;sid:83688058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mpsl"; depth:10; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824959/; classtype:trojan-activity;sid:83688059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-m68k"; depth:10; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824955/; classtype:trojan-activity;sid:83688055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm6"; depth:10; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824956/; classtype:trojan-activity;sid:83688056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824957/; classtype:trojan-activity;sid:83688057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm5"; depth:10; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824953/; classtype:trojan-activity;sid:83688053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86"; depth:9; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824954/; classtype:trojan-activity;sid:83688054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824952/; classtype:trojan-activity;sid:83688052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"net-killer.ooguy.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824951/; classtype:trojan-activity;sid:83688051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.141.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824950/; classtype:trojan-activity;sid:83688050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824949/; classtype:trojan-activity;sid:83688049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.145.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824947/; classtype:trojan-activity;sid:83688047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.122.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824948/; classtype:trojan-activity;sid:83688048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.252.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824946/; classtype:trojan-activity;sid:83688046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824944/; classtype:trojan-activity;sid:83688044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.87.13"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824945/; classtype:trojan-activity;sid:83688045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824941/; classtype:trojan-activity;sid:83688041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824942/; classtype:trojan-activity;sid:83688042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824943/; classtype:trojan-activity;sid:83688043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824939/; classtype:trojan-activity;sid:83688039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824940/; classtype:trojan-activity;sid:83688040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.87.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824937/; classtype:trojan-activity;sid:83688037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824938/; classtype:trojan-activity;sid:83688038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824932/; classtype:trojan-activity;sid:83688032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824933/; classtype:trojan-activity;sid:83688033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824934/; classtype:trojan-activity;sid:83688034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824935/; classtype:trojan-activity;sid:83688035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824936/; classtype:trojan-activity;sid:83688036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"45.88.90.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824931/; classtype:trojan-activity;sid:83688031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.40.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824930/; classtype:trojan-activity;sid:83688030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.109.234.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824929/; classtype:trojan-activity;sid:83688029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824926/; classtype:trojan-activity;sid:83688026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824927/; classtype:trojan-activity;sid:83688027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824928/; classtype:trojan-activity;sid:83688028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824922/; classtype:trojan-activity;sid:83688022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824923/; classtype:trojan-activity;sid:83688023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824924/; classtype:trojan-activity;sid:83688024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824925/; classtype:trojan-activity;sid:83688025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824918/; classtype:trojan-activity;sid:83688018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824919/; classtype:trojan-activity;sid:83688019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824920/; classtype:trojan-activity;sid:83688020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824921/; classtype:trojan-activity;sid:83688021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"89.169.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824917/; classtype:trojan-activity;sid:83688017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.200.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824916/; classtype:trojan-activity;sid:83688016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"122.191.177.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824915/; classtype:trojan-activity;sid:83688015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.131.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824913/; classtype:trojan-activity;sid:83688013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.130.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824914/; classtype:trojan-activity;sid:83688014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824912/; classtype:trojan-activity;sid:83688012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824911/; classtype:trojan-activity;sid:83688011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824910/; classtype:trojan-activity;sid:83688010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824909/; classtype:trojan-activity;sid:83688009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824908/; classtype:trojan-activity;sid:83688008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824907/; classtype:trojan-activity;sid:83688007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824906/; classtype:trojan-activity;sid:83688006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824903/; classtype:trojan-activity;sid:83688003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824904/; classtype:trojan-activity;sid:83688004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824905/; classtype:trojan-activity;sid:83688005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824901/; classtype:trojan-activity;sid:83688001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824902/; classtype:trojan-activity;sid:83688002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824898/; classtype:trojan-activity;sid:83687998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824899/; classtype:trojan-activity;sid:83687999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824900/; classtype:trojan-activity;sid:83688000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824896/; classtype:trojan-activity;sid:83687996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824893/; classtype:trojan-activity;sid:83687993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824894/; classtype:trojan-activity;sid:83687994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"eclp8oz0m8mxouv96hc9p7k2btydt3iv.click"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824895/; classtype:trojan-activity;sid:83687995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.51.195.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824892/; classtype:trojan-activity;sid:83687992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824890/; classtype:trojan-activity;sid:83687990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.122.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824891/; classtype:trojan-activity;sid:83687991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86_64"; depth:13; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824887/; classtype:trojan-activity;sid:83687987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm7"; depth:11; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824888/; classtype:trojan-activity;sid:83687988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mips"; depth:11; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824889/; classtype:trojan-activity;sid:83687989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm5"; depth:11; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824884/; classtype:trojan-activity;sid:83687984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm6"; depth:11; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824885/; classtype:trojan-activity;sid:83687985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86"; depth:10; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824886/; classtype:trojan-activity;sid:83687986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.m68k"; depth:11; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824880/; classtype:trojan-activity;sid:83687980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.ppc"; depth:10; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824881/; classtype:trojan-activity;sid:83687981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mpsl"; depth:11; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824882/; classtype:trojan-activity;sid:83687982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.sh4"; depth:10; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824883/; classtype:trojan-activity;sid:83687983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb2.sh"; depth:8; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824877/; classtype:trojan-activity;sid:83687977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm"; depth:10; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824878/; classtype:trojan-activity;sid:83687978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.spc"; depth:10; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824879/; classtype:trojan-activity;sid:83687979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu.sh"; depth:8; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824874/; classtype:trojan-activity;sid:83687974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb1.sh"; depth:8; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824875/; classtype:trojan-activity;sid:83687975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb3.sh"; depth:8; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824876/; classtype:trojan-activity;sid:83687976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.81.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824871/; classtype:trojan-activity;sid:83687971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.78.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824872/; classtype:trojan-activity;sid:83687972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.145.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824873/; classtype:trojan-activity;sid:83687973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.24.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824870/; classtype:trojan-activity;sid:83687970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668917518|3f|hash=hcqsqb4bez69zzdudzhpg5p3oduugmc4h5hdrueztfd|7c|26|7c|dl=73wmq1mpcifge320felzdyt7fofkatzhuaxvpkovez0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824869/; classtype:trojan-activity;sid:83687969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824866/; classtype:trojan-activity;sid:83687966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824867/; classtype:trojan-activity;sid:83687967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.95.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824868/; classtype:trojan-activity;sid:83687968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.252.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824865/; classtype:trojan-activity;sid:83687965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.133.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824864/; classtype:trojan-activity;sid:83687964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.170.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824844/; classtype:trojan-activity;sid:83687944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.87.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824842/; classtype:trojan-activity;sid:83687942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.131.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824843/; classtype:trojan-activity;sid:83687943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824841/; classtype:trojan-activity;sid:83687941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.78.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824840/; classtype:trojan-activity;sid:83687940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.178.116.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824839/; classtype:trojan-activity;sid:83687939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.171.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824838/; classtype:trojan-activity;sid:83687938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.77.239.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824837/; classtype:trojan-activity;sid:83687937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.69.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824835/; classtype:trojan-activity;sid:83687935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.32.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824836/; classtype:trojan-activity;sid:83687936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.102.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824834/; classtype:trojan-activity;sid:83687934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.51.195.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824833/; classtype:trojan-activity;sid:83687933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.45.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824832/; classtype:trojan-activity;sid:83687932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.253.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824831/; classtype:trojan-activity;sid:83687931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.69.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824830/; classtype:trojan-activity;sid:83687930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check"; depth:6; endswith; nocase; http.host; content:"181.215.6.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824829/; classtype:trojan-activity;sid:83687929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.164.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824828/; classtype:trojan-activity;sid:83687928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824827/; classtype:trojan-activity;sid:83687927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.45.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824826/; classtype:trojan-activity;sid:83687926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.145.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824825/; classtype:trojan-activity;sid:83687925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.170.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824824/; classtype:trojan-activity;sid:83687924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.87.13"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824823/; classtype:trojan-activity;sid:83687923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.34.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824822/; classtype:trojan-activity;sid:83687922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824821/; classtype:trojan-activity;sid:83687921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.102.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824820/; classtype:trojan-activity;sid:83687920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.250.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824819/; classtype:trojan-activity;sid:83687919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824818/; classtype:trojan-activity;sid:83687918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824817/; classtype:trojan-activity;sid:83687917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.73.94.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824816/; classtype:trojan-activity;sid:83687916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.86.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824815/; classtype:trojan-activity;sid:83687915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.181.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824814/; classtype:trojan-activity;sid:83687914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.69.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824813/; classtype:trojan-activity;sid:83687913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.253.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824812/; classtype:trojan-activity;sid:83687912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.45.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824810/; classtype:trojan-activity;sid:83687910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824811/; classtype:trojan-activity;sid:83687911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.26.232.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824809/; classtype:trojan-activity;sid:83687909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.150.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824808/; classtype:trojan-activity;sid:83687908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824807/; classtype:trojan-activity;sid:83687907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.69.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824806/; classtype:trojan-activity;sid:83687906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.164.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824805/; classtype:trojan-activity;sid:83687905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.203.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824804/; classtype:trojan-activity;sid:83687904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.171.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824803/; classtype:trojan-activity;sid:83687903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.72.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824801/; classtype:trojan-activity;sid:83687901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.52.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824802/; classtype:trojan-activity;sid:83687902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.210.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824800/; classtype:trojan-activity;sid:83687900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.38.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824799/; classtype:trojan-activity;sid:83687899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824798/; classtype:trojan-activity;sid:83687898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.44.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824797/; classtype:trojan-activity;sid:83687897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.250.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824796/; classtype:trojan-activity;sid:83687896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.222.237.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824795/; classtype:trojan-activity;sid:83687895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.34.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824794/; classtype:trojan-activity;sid:83687894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"181.215.6.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824793/; classtype:trojan-activity;sid:83687893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824792/; classtype:trojan-activity;sid:83687892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.50.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824791/; classtype:trojan-activity;sid:83687891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.136.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824790/; classtype:trojan-activity;sid:83687890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824789/; classtype:trojan-activity;sid:83687889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.173.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824788/; classtype:trojan-activity;sid:83687888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.84.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824787/; classtype:trojan-activity;sid:83687887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824786/; classtype:trojan-activity;sid:83687886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.177.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824785/; classtype:trojan-activity;sid:83687885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cmss/cm/ireallywanthoimportantthisgirlinmylifesheismybeautifulgirlwhoilovedhertrulyfromtheheartsheismygirl___ireallylovedherfromtheheart.doc"; depth:147; endswith; nocase; http.host; content:"103.198.26.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824784/; classtype:trojan-activity;sid:83687884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.185.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824782/; classtype:trojan-activity;sid:83687882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824783/; classtype:trojan-activity;sid:83687883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.33.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824781/; classtype:trojan-activity;sid:83687881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.235.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824779/; classtype:trojan-activity;sid:83687879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.35.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824780/; classtype:trojan-activity;sid:83687880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824778/; classtype:trojan-activity;sid:83687878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.186.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824776/; classtype:trojan-activity;sid:83687876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.29.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824777/; classtype:trojan-activity;sid:83687877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.81.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824775/; classtype:trojan-activity;sid:83687875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824774/; classtype:trojan-activity;sid:83687874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824773/; classtype:trojan-activity;sid:83687873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.111.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824770/; classtype:trojan-activity;sid:83687870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.203.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824771/; classtype:trojan-activity;sid:83687871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.249.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824772/; classtype:trojan-activity;sid:83687872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.191.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824769/; classtype:trojan-activity;sid:83687869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.50.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824768/; classtype:trojan-activity;sid:83687868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.169.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824767/; classtype:trojan-activity;sid:83687867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824766/; classtype:trojan-activity;sid:83687866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.78.177.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824765/; classtype:trojan-activity;sid:83687865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.225.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824764/; classtype:trojan-activity;sid:83687864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.87.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824763/; classtype:trojan-activity;sid:83687863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824762/; classtype:trojan-activity;sid:83687862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.2.178"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824761/; classtype:trojan-activity;sid:83687861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.132.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824760/; classtype:trojan-activity;sid:83687860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.115.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824759/; classtype:trojan-activity;sid:83687859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824758/; classtype:trojan-activity;sid:83687858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.15.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824757/; classtype:trojan-activity;sid:83687857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.252.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824756/; classtype:trojan-activity;sid:83687856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.84.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824755/; classtype:trojan-activity;sid:83687855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.220.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824754/; classtype:trojan-activity;sid:83687854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.111.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824753/; classtype:trojan-activity;sid:83687853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.235.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824752/; classtype:trojan-activity;sid:83687852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.173.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824751/; classtype:trojan-activity;sid:83687851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.234.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824748/; classtype:trojan-activity;sid:83687848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.35.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824749/; classtype:trojan-activity;sid:83687849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.29.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824750/; classtype:trojan-activity;sid:83687850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.220.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824747/; classtype:trojan-activity;sid:83687847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.221.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824746/; classtype:trojan-activity;sid:83687846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.175.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824745/; classtype:trojan-activity;sid:83687845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.19.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824744/; classtype:trojan-activity;sid:83687844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.34.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824742/; classtype:trojan-activity;sid:83687842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.89.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824743/; classtype:trojan-activity;sid:83687843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.220.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824741/; classtype:trojan-activity;sid:83687841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1xckkdlkkijgtc2n28hjl0l19ubuxj6w9"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824740/; classtype:trojan-activity;sid:83687840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gfth2ko7xztbakhz0a-faxdow0utl33g"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824739/; classtype:trojan-activity;sid:83687839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.131.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824738/; classtype:trojan-activity;sid:83687838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pros.scr"; depth:9; endswith; nocase; http.host; content:"dukeenergyltd.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824737/; classtype:trojan-activity;sid:83687837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/355/hjc.exe"; depth:12; endswith; nocase; http.host; content:"103.198.26.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824736/; classtype:trojan-activity;sid:83687836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/aw/yt.hta"; depth:17; endswith; nocase; http.host; content:"www.sessosesso.it"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824735/; classtype:trojan-activity;sid:83687835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jimbo/j23.txt"; depth:14; endswith; nocase; http.host; content:"ajai.ydns.eu"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824734/; classtype:trojan-activity;sid:83687834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jimbo/prnportss.vbs"; depth:20; endswith; nocase; http.host; content:"blessy.ydns.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824733/; classtype:trojan-activity;sid:83687833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/yk0cxsc5"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824732/; classtype:trojan-activity;sid:83687832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jimbo/prnportjjm.vbs"; depth:21; endswith; nocase; http.host; content:"blessy.ydns.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824731/; classtype:trojan-activity;sid:83687831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.158.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824728/; classtype:trojan-activity;sid:83687828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/kbk/kksk.txt"; depth:19; endswith; nocase; http.host; content:"139.162.255.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824729/; classtype:trojan-activity;sid:83687829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/773/797/original/new_image.jpg"; depth:42; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824730/; classtype:trojan-activity;sid:83687830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/kbk/ieinternetmonkeycallpdf.html"; depth:39; endswith; nocase; http.host; content:"139.162.255.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824726/; classtype:trojan-activity;sid:83687826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/kbk/kbk/moneyjumpinginthetreewithmonkeycallkissherloverwithouthavingkissingbetterthananotherlovreshe___isverybeautifulgirlmonkeykisser.doc"; depth:145; endswith; nocase; http.host; content:"139.162.255.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824727/; classtype:trojan-activity;sid:83687827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/0xlqr"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824725/; classtype:trojan-activity;sid:83687825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.234.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824724/; classtype:trojan-activity;sid:83687824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.225.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824723/; classtype:trojan-activity;sid:83687823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.252.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824722/; classtype:trojan-activity;sid:83687822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824721/; classtype:trojan-activity;sid:83687821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.205.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824720/; classtype:trojan-activity;sid:83687820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824719/; classtype:trojan-activity;sid:83687819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.167.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824718/; classtype:trojan-activity;sid:83687818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.170.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824717/; classtype:trojan-activity;sid:83687817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.15.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824716/; classtype:trojan-activity;sid:83687816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.221.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824715/; classtype:trojan-activity;sid:83687815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.78.177.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824713/; classtype:trojan-activity;sid:83687813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.227.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824714/; classtype:trojan-activity;sid:83687814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824712/; classtype:trojan-activity;sid:83687812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.55.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824711/; classtype:trojan-activity;sid:83687811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824710/; classtype:trojan-activity;sid:83687810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jgipskojkrgliyu123.bin"; depth:23; endswith; nocase; http.host; content:"kraljevikonaci.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824709/; classtype:trojan-activity;sid:83687809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.131.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824708/; classtype:trojan-activity;sid:83687808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boldklubbens.pcz"; depth:17; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824707/; classtype:trojan-activity;sid:83687807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbizb192.bin"; depth:13; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824706/; classtype:trojan-activity;sid:83687806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uncvssc231.bin"; depth:15; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824704/; classtype:trojan-activity;sid:83687804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thoroughpaced.inf"; depth:18; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824705/; classtype:trojan-activity;sid:83687805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.121.147.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824702/; classtype:trojan-activity;sid:83687802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.169.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824703/; classtype:trojan-activity;sid:83687803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zgoeacm3.bin"; depth:13; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824697/; classtype:trojan-activity;sid:83687797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/renovationsselskabers221.mix"; depth:29; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824698/; classtype:trojan-activity;sid:83687798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pliotron.snp"; depth:13; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824699/; classtype:trojan-activity;sid:83687799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azcpwioauyiifycfmyekl44.bin"; depth:28; endswith; nocase; http.host; content:"185.255.114.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824700/; classtype:trojan-activity;sid:83687800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhqompznfdrd117.bin"; depth:20; endswith; nocase; http.host; content:"185.255.114.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824701/; classtype:trojan-activity;sid:83687801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.55.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824696/; classtype:trojan-activity;sid:83687796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a50c1b38c13f8f79/nss3.dll"; depth:26; endswith; nocase; http.host; content:"89.105.198.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824695/; classtype:trojan-activity;sid:83687795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a50c1b38c13f8f79/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"89.105.198.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824689/; classtype:trojan-activity;sid:83687789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a50c1b38c13f8f79/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"89.105.198.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824690/; classtype:trojan-activity;sid:83687790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a50c1b38c13f8f79/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"89.105.198.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824691/; classtype:trojan-activity;sid:83687791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a50c1b38c13f8f79/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"89.105.198.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824692/; classtype:trojan-activity;sid:83687792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a50c1b38c13f8f79/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"89.105.198.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824693/; classtype:trojan-activity;sid:83687793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a50c1b38c13f8f79/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"89.105.198.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824694/; classtype:trojan-activity;sid:83687794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.79.48.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824688/; classtype:trojan-activity;sid:83687788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.228.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824687/; classtype:trojan-activity;sid:83687787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.180.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824686/; classtype:trojan-activity;sid:83687786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824685/; classtype:trojan-activity;sid:83687785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.203.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824684/; classtype:trojan-activity;sid:83687784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"211.148.101.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824683/; classtype:trojan-activity;sid:83687783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm7"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824681/; classtype:trojan-activity;sid:83687781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mips"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824682/; classtype:trojan-activity;sid:83687782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824674/; classtype:trojan-activity;sid:83687774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mpsl"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824675/; classtype:trojan-activity;sid:83687775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm6"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824676/; classtype:trojan-activity;sid:83687776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.sh4"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824677/; classtype:trojan-activity;sid:83687777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824678/; classtype:trojan-activity;sid:83687778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm5"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824679/; classtype:trojan-activity;sid:83687779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.m68k"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824680/; classtype:trojan-activity;sid:83687780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.227.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824673/; classtype:trojan-activity;sid:83687773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.7.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824672/; classtype:trojan-activity;sid:83687772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.0.201"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824671/; classtype:trojan-activity;sid:83687771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824670/; classtype:trojan-activity;sid:83687770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.54.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824669/; classtype:trojan-activity;sid:83687769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.60.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824668/; classtype:trojan-activity;sid:83687768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.234"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824667/; classtype:trojan-activity;sid:83687767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.222.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824666/; classtype:trojan-activity;sid:83687766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.166.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824665/; classtype:trojan-activity;sid:83687765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.10.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824664/; classtype:trojan-activity;sid:83687764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.189.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824660/; classtype:trojan-activity;sid:83687760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.91.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824661/; classtype:trojan-activity;sid:83687761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.70.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824662/; classtype:trojan-activity;sid:83687762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824663/; classtype:trojan-activity;sid:83687763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.135.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824659/; classtype:trojan-activity;sid:83687759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.60.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824658/; classtype:trojan-activity;sid:83687758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.228.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824657/; classtype:trojan-activity;sid:83687757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.207.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824656/; classtype:trojan-activity;sid:83687756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.180.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824655/; classtype:trojan-activity;sid:83687755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.61.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824654/; classtype:trojan-activity;sid:83687754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824652/; classtype:trojan-activity;sid:83687752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.239.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824653/; classtype:trojan-activity;sid:83687753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.203.125.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824651/; classtype:trojan-activity;sid:83687751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.166.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824650/; classtype:trojan-activity;sid:83687750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.135.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824649/; classtype:trojan-activity;sid:83687749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.97.200.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824648/; classtype:trojan-activity;sid:83687748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.15.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824647/; classtype:trojan-activity;sid:83687747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.54.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824646/; classtype:trojan-activity;sid:83687746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.189.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824645/; classtype:trojan-activity;sid:83687745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824644/; classtype:trojan-activity;sid:83687744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.99.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824643/; classtype:trojan-activity;sid:83687743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824642/; classtype:trojan-activity;sid:83687742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.221.58.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824641/; classtype:trojan-activity;sid:83687741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.61.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824639/; classtype:trojan-activity;sid:83687739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.221.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824640/; classtype:trojan-activity;sid:83687740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.207.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824638/; classtype:trojan-activity;sid:83687738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824633/; classtype:trojan-activity;sid:83687733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824634/; classtype:trojan-activity;sid:83687734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824635/; classtype:trojan-activity;sid:83687735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824636/; classtype:trojan-activity;sid:83687736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824637/; classtype:trojan-activity;sid:83687737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824632/; classtype:trojan-activity;sid:83687732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824628/; classtype:trojan-activity;sid:83687728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824629/; classtype:trojan-activity;sid:83687729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824630/; classtype:trojan-activity;sid:83687730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824631/; classtype:trojan-activity;sid:83687731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824623/; classtype:trojan-activity;sid:83687723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824624/; classtype:trojan-activity;sid:83687724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824625/; classtype:trojan-activity;sid:83687725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824626/; classtype:trojan-activity;sid:83687726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824627/; classtype:trojan-activity;sid:83687727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824621/; classtype:trojan-activity;sid:83687721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824622/; classtype:trojan-activity;sid:83687722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824619/; classtype:trojan-activity;sid:83687719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824620/; classtype:trojan-activity;sid:83687720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/sh"; depth:5; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824617/; classtype:trojan-activity;sid:83687717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.132.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824618/; classtype:trojan-activity;sid:83687718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"45.118.146.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824616/; classtype:trojan-activity;sid:83687716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.142.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824615/; classtype:trojan-activity;sid:83687715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.239.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824614/; classtype:trojan-activity;sid:83687714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.195.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824613/; classtype:trojan-activity;sid:83687713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.110.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824612/; classtype:trojan-activity;sid:83687712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.45.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824610/; classtype:trojan-activity;sid:83687710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.102.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824611/; classtype:trojan-activity;sid:83687711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.254.70.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824609/; classtype:trojan-activity;sid:83687709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.201.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824608/; classtype:trojan-activity;sid:83687708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.124.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824607/; classtype:trojan-activity;sid:83687707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824606/; classtype:trojan-activity;sid:83687706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.144.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824604/; classtype:trojan-activity;sid:83687704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.81.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824605/; classtype:trojan-activity;sid:83687705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.222.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824603/; classtype:trojan-activity;sid:83687703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824602/; classtype:trojan-activity;sid:83687702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.99.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824601/; classtype:trojan-activity;sid:83687701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.45.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824600/; classtype:trojan-activity;sid:83687700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.184.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824599/; classtype:trojan-activity;sid:83687699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.233.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824598/; classtype:trojan-activity;sid:83687698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824597/; classtype:trojan-activity;sid:83687697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824596/; classtype:trojan-activity;sid:83687696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.129.193.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824594/; classtype:trojan-activity;sid:83687694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.11.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824595/; classtype:trojan-activity;sid:83687695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.132.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824593/; classtype:trojan-activity;sid:83687693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.12.154.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824592/; classtype:trojan-activity;sid:83687692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824591/; classtype:trojan-activity;sid:83687691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.142.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824590/; classtype:trojan-activity;sid:83687690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.171.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824589/; classtype:trojan-activity;sid:83687689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824588/; classtype:trojan-activity;sid:83687688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824587/; classtype:trojan-activity;sid:83687687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824586/; classtype:trojan-activity;sid:83687686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.144.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824585/; classtype:trojan-activity;sid:83687685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.178.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824584/; classtype:trojan-activity;sid:83687684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824583/; classtype:trojan-activity;sid:83687683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.206.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824582/; classtype:trojan-activity;sid:83687682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.2.37"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824579/; classtype:trojan-activity;sid:83687679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.10.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824580/; classtype:trojan-activity;sid:83687680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.71.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824581/; classtype:trojan-activity;sid:83687681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.213.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824578/; classtype:trojan-activity;sid:83687678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.48.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824577/; classtype:trojan-activity;sid:83687677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.174.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824576/; classtype:trojan-activity;sid:83687676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824575/; classtype:trojan-activity;sid:83687675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.211.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824574/; classtype:trojan-activity;sid:83687674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.159.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824573/; classtype:trojan-activity;sid:83687673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824572/; classtype:trojan-activity;sid:83687672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.158.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824571/; classtype:trojan-activity;sid:83687671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.123.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824570/; classtype:trojan-activity;sid:83687670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.206.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824569/; classtype:trojan-activity;sid:83687669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824567/; classtype:trojan-activity;sid:83687667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.125.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824568/; classtype:trojan-activity;sid:83687668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.134.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824566/; classtype:trojan-activity;sid:83687666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.104.220.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824565/; classtype:trojan-activity;sid:83687665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.2.37"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824564/; classtype:trojan-activity;sid:83687664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.215.202.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824562/; classtype:trojan-activity;sid:83687662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.6.95.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824563/; classtype:trojan-activity;sid:83687663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.10.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824561/; classtype:trojan-activity;sid:83687661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.171.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824560/; classtype:trojan-activity;sid:83687660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.153.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824559/; classtype:trojan-activity;sid:83687659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.251.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824557/; classtype:trojan-activity;sid:83687657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.217.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824558/; classtype:trojan-activity;sid:83687658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824556/; classtype:trojan-activity;sid:83687656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.110.146.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824555/; classtype:trojan-activity;sid:83687655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.160.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824554/; classtype:trojan-activity;sid:83687654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824553/; classtype:trojan-activity;sid:83687653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.250.149.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824552/; classtype:trojan-activity;sid:83687652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.247.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824551/; classtype:trojan-activity;sid:83687651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.22.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824550/; classtype:trojan-activity;sid:83687650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.189.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824549/; classtype:trojan-activity;sid:83687649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.7.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824548/; classtype:trojan-activity;sid:83687648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.179.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824547/; classtype:trojan-activity;sid:83687647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.23.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824545/; classtype:trojan-activity;sid:83687645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.29.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824546/; classtype:trojan-activity;sid:83687646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.213.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824544/; classtype:trojan-activity;sid:83687644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824543/; classtype:trojan-activity;sid:83687643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.215.202.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824542/; classtype:trojan-activity;sid:83687642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.51.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824541/; classtype:trojan-activity;sid:83687641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.16.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824540/; classtype:trojan-activity;sid:83687640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.90.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824539/; classtype:trojan-activity;sid:83687639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.214.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824538/; classtype:trojan-activity;sid:83687638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.214.12.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824537/; classtype:trojan-activity;sid:83687637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.32.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824536/; classtype:trojan-activity;sid:83687636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.160.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824535/; classtype:trojan-activity;sid:83687635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.110.146.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824534/; classtype:trojan-activity;sid:83687634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.91.237.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824533/; classtype:trojan-activity;sid:83687633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.35.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824532/; classtype:trojan-activity;sid:83687632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.214.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824531/; classtype:trojan-activity;sid:83687631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.240.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824529/; classtype:trojan-activity;sid:83687629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.238.196.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824530/; classtype:trojan-activity;sid:83687630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.9.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824528/; classtype:trojan-activity;sid:83687628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.12.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824527/; classtype:trojan-activity;sid:83687627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824526/; classtype:trojan-activity;sid:83687626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.44.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824525/; classtype:trojan-activity;sid:83687625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.211.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824524/; classtype:trojan-activity;sid:83687624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.7.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824523/; classtype:trojan-activity;sid:83687623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.238.196.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824522/; classtype:trojan-activity;sid:83687622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.250.149.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824520/; classtype:trojan-activity;sid:83687620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824521/; classtype:trojan-activity;sid:83687621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824519/; classtype:trojan-activity;sid:83687619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.61.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824516/; classtype:trojan-activity;sid:83687616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.25.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824517/; classtype:trojan-activity;sid:83687617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.99.152.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824518/; classtype:trojan-activity;sid:83687618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.191.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824515/; classtype:trojan-activity;sid:83687615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.32.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824513/; classtype:trojan-activity;sid:83687613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.91.237.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824514/; classtype:trojan-activity;sid:83687614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824512/; classtype:trojan-activity;sid:83687612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.7.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824511/; classtype:trojan-activity;sid:83687611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.132.104.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824510/; classtype:trojan-activity;sid:83687610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.156.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824509/; classtype:trojan-activity;sid:83687609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.178.116.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824508/; classtype:trojan-activity;sid:83687608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.124.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824507/; classtype:trojan-activity;sid:83687607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.96.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824506/; classtype:trojan-activity;sid:83687606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"95.164.63.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824505/; classtype:trojan-activity;sid:83687605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.190.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824504/; classtype:trojan-activity;sid:83687604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.167.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824503/; classtype:trojan-activity;sid:83687603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.211.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824502/; classtype:trojan-activity;sid:83687602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824501/; classtype:trojan-activity;sid:83687601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824500/; classtype:trojan-activity;sid:83687600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824499/; classtype:trojan-activity;sid:83687599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824498/; classtype:trojan-activity;sid:83687598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.99.152.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824497/; classtype:trojan-activity;sid:83687597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.156.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824496/; classtype:trojan-activity;sid:83687596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668846862|3f|hash=tboezituvfp9vq89fpvaest88w8zogetghgcxhb8c2p|7c|26|7c|dl=wonddrrjrhp6tjspcmm0zenp6kqyngpzwawpqz7dvzl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824495/; classtype:trojan-activity;sid:83687595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.113.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824494/; classtype:trojan-activity;sid:83687594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.97.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824492/; classtype:trojan-activity;sid:83687592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.79.116.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824493/; classtype:trojan-activity;sid:83687593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.222.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824491/; classtype:trojan-activity;sid:83687591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.248.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824490/; classtype:trojan-activity;sid:83687590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668861827|3f|hash=fwj2dr5pswsbignulstpvruel8iqzivvkkybelzcmux|7c|26|7c|dl=yqvtrfpzxlvxs48vzl7aas53iilfkythds7rygzmgjw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824489/; classtype:trojan-activity;sid:83687589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.190.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824488/; classtype:trojan-activity;sid:83687588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.254.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824487/; classtype:trojan-activity;sid:83687587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824486/; classtype:trojan-activity;sid:83687586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.71.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824484/; classtype:trojan-activity;sid:83687584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.154.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824485/; classtype:trojan-activity;sid:83687585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.240.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824483/; classtype:trojan-activity;sid:83687583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.7.83"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824482/; classtype:trojan-activity;sid:83687582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824481/; classtype:trojan-activity;sid:83687581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.53.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824480/; classtype:trojan-activity;sid:83687580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.172.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824479/; classtype:trojan-activity;sid:83687579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.9.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824478/; classtype:trojan-activity;sid:83687578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.50.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824477/; classtype:trojan-activity;sid:83687577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.97.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824476/; classtype:trojan-activity;sid:83687576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.248.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824475/; classtype:trojan-activity;sid:83687575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.83"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824474/; classtype:trojan-activity;sid:83687574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.222.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824473/; classtype:trojan-activity;sid:83687573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824472/; classtype:trojan-activity;sid:83687572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.31.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824471/; classtype:trojan-activity;sid:83687571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.139.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824470/; classtype:trojan-activity;sid:83687570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.8.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824469/; classtype:trojan-activity;sid:83687569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824468/; classtype:trojan-activity;sid:83687568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.241.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824467/; classtype:trojan-activity;sid:83687567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.58.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824466/; classtype:trojan-activity;sid:83687566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824465/; classtype:trojan-activity;sid:83687565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.240.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824464/; classtype:trojan-activity;sid:83687564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.250.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824463/; classtype:trojan-activity;sid:83687563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824462/; classtype:trojan-activity;sid:83687562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824461/; classtype:trojan-activity;sid:83687561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.198.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824460/; classtype:trojan-activity;sid:83687560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ybrta/ads.exe"; depth:14; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824459/; classtype:trojan-activity;sid:83687559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.240.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824458/; classtype:trojan-activity;sid:83687558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.8.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824457/; classtype:trojan-activity;sid:83687557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.58.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824456/; classtype:trojan-activity;sid:83687556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.202.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824455/; classtype:trojan-activity;sid:83687555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.3.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824454/; classtype:trojan-activity;sid:83687554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824453/; classtype:trojan-activity;sid:83687553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824452/; classtype:trojan-activity;sid:83687552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824451/; classtype:trojan-activity;sid:83687551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.10.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824450/; classtype:trojan-activity;sid:83687550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824449/; classtype:trojan-activity;sid:83687549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.52.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824448/; classtype:trojan-activity;sid:83687548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824447/; classtype:trojan-activity;sid:83687547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.121.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824446/; classtype:trojan-activity;sid:83687546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824445/; classtype:trojan-activity;sid:83687545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.254.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824444/; classtype:trojan-activity;sid:83687544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824443/; classtype:trojan-activity;sid:83687543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.251.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824442/; classtype:trojan-activity;sid:83687542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xjxie2zffsw4"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824441/; classtype:trojan-activity;sid:83687541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.188.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824440/; classtype:trojan-activity;sid:83687540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824439/; classtype:trojan-activity;sid:83687539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824438/; classtype:trojan-activity;sid:83687538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.139.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824437/; classtype:trojan-activity;sid:83687537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/banda/gidro.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824436/; classtype:trojan-activity;sid:83687536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824435/; classtype:trojan-activity;sid:83687535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824434/; classtype:trojan-activity;sid:83687534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.61.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824433/; classtype:trojan-activity;sid:83687533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.214.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824432/; classtype:trojan-activity;sid:83687532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824431/; classtype:trojan-activity;sid:83687531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.140.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824430/; classtype:trojan-activity;sid:83687530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.88.165.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824429/; classtype:trojan-activity;sid:83687529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.201.134.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824428/; classtype:trojan-activity;sid:83687528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.166.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824427/; classtype:trojan-activity;sid:83687527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.139.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824425/; classtype:trojan-activity;sid:83687525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.208.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824426/; classtype:trojan-activity;sid:83687526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.226.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824424/; classtype:trojan-activity;sid:83687524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.34.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824423/; classtype:trojan-activity;sid:83687523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.49.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824422/; classtype:trojan-activity;sid:83687522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.128.106.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824421/; classtype:trojan-activity;sid:83687521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824420/; classtype:trojan-activity;sid:83687520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.63.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824419/; classtype:trojan-activity;sid:83687519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.76.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824418/; classtype:trojan-activity;sid:83687518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.166.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824417/; classtype:trojan-activity;sid:83687517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824416/; classtype:trojan-activity;sid:83687516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.64.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824415/; classtype:trojan-activity;sid:83687515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.203.125.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824414/; classtype:trojan-activity;sid:83687514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.128.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824413/; classtype:trojan-activity;sid:83687513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824412/; classtype:trojan-activity;sid:83687512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.183.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824411/; classtype:trojan-activity;sid:83687511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824410/; classtype:trojan-activity;sid:83687510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.23.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824408/; classtype:trojan-activity;sid:83687508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.119.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824409/; classtype:trojan-activity;sid:83687509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.36.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824407/; classtype:trojan-activity;sid:83687507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824406/; classtype:trojan-activity;sid:83687506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.87.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824405/; classtype:trojan-activity;sid:83687505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.63.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824404/; classtype:trojan-activity;sid:83687504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/qauasariscrypted.exe"; depth:26; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824403/; classtype:trojan-activity;sid:83687503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/fzonsvup.exe"; depth:20; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824402/; classtype:trojan-activity;sid:83687502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.68.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824400/; classtype:trojan-activity;sid:83687500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.96.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824401/; classtype:trojan-activity;sid:83687501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824399/; classtype:trojan-activity;sid:83687499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.89.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824397/; classtype:trojan-activity;sid:83687497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.76.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824398/; classtype:trojan-activity;sid:83687498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.83.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824396/; classtype:trojan-activity;sid:83687496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.183.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824395/; classtype:trojan-activity;sid:83687495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.68.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824394/; classtype:trojan-activity;sid:83687494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.88.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824393/; classtype:trojan-activity;sid:83687493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.90.97.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824392/; classtype:trojan-activity;sid:83687492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.126.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824391/; classtype:trojan-activity;sid:83687491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.226.129.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824390/; classtype:trojan-activity;sid:83687490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.133.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824389/; classtype:trojan-activity;sid:83687489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.128.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824388/; classtype:trojan-activity;sid:83687488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824387/; classtype:trojan-activity;sid:83687487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.68.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824386/; classtype:trojan-activity;sid:83687486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.100.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824385/; classtype:trojan-activity;sid:83687485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824384/; classtype:trojan-activity;sid:83687484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824382/; classtype:trojan-activity;sid:83687482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.37.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824383/; classtype:trojan-activity;sid:83687483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.83.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824381/; classtype:trojan-activity;sid:83687481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.106.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824380/; classtype:trojan-activity;sid:83687480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824379/; classtype:trojan-activity;sid:83687479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.67.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824378/; classtype:trojan-activity;sid:83687478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.53.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824377/; classtype:trojan-activity;sid:83687477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.24.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824376/; classtype:trojan-activity;sid:83687476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.106.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824375/; classtype:trojan-activity;sid:83687475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.3.148"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824374/; classtype:trojan-activity;sid:83687474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.53.94.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824373/; classtype:trojan-activity;sid:83687473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.35.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824372/; classtype:trojan-activity;sid:83687472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.84.249.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824371/; classtype:trojan-activity;sid:83687471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.204.171.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824370/; classtype:trojan-activity;sid:83687470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.38.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824369/; classtype:trojan-activity;sid:83687469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.60.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824368/; classtype:trojan-activity;sid:83687468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.41.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824367/; classtype:trojan-activity;sid:83687467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.140.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824365/; classtype:trojan-activity;sid:83687465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.122.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824366/; classtype:trojan-activity;sid:83687466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.32.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824364/; classtype:trojan-activity;sid:83687464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ourq.anesthetics.biomedzglobal.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824363/; classtype:trojan-activity;sid:83687463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.22.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824361/; classtype:trojan-activity;sid:83687461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.87.43"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824362/; classtype:trojan-activity;sid:83687462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.65.145.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824360/; classtype:trojan-activity;sid:83687460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824359/; classtype:trojan-activity;sid:83687459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.9.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824358/; classtype:trojan-activity;sid:83687458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824357/; classtype:trojan-activity;sid:83687457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.24.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824356/; classtype:trojan-activity;sid:83687456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.189.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824355/; classtype:trojan-activity;sid:83687455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668907894|3f|hash=etj5sxfgnlvqn3fsuayzbk2uqj2qdtrgingq1gfezf8|7c|26|7c|dl=85q0izwrqziupxoggtzpvwf3ndpdhfkjoqnlv1d4ksh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824354/; classtype:trojan-activity;sid:83687454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.140.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824353/; classtype:trojan-activity;sid:83687453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.227.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824351/; classtype:trojan-activity;sid:83687451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.41.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824352/; classtype:trojan-activity;sid:83687452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824350/; classtype:trojan-activity;sid:83687450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.11.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824349/; classtype:trojan-activity;sid:83687449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.206.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824348/; classtype:trojan-activity;sid:83687448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824347/; classtype:trojan-activity;sid:83687447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.6.211.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824345/; classtype:trojan-activity;sid:83687445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824346/; classtype:trojan-activity;sid:83687446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.227.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824344/; classtype:trojan-activity;sid:83687444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.195.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824343/; classtype:trojan-activity;sid:83687443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.122.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824342/; classtype:trojan-activity;sid:83687442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.101.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824341/; classtype:trojan-activity;sid:83687441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.11.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824340/; classtype:trojan-activity;sid:83687440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.206.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824339/; classtype:trojan-activity;sid:83687439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.90.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824337/; classtype:trojan-activity;sid:83687437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.140.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824338/; classtype:trojan-activity;sid:83687438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.130.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824336/; classtype:trojan-activity;sid:83687436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.115.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824335/; classtype:trojan-activity;sid:83687435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.13.48.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824334/; classtype:trojan-activity;sid:83687434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.91.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824333/; classtype:trojan-activity;sid:83687433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.101.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824332/; classtype:trojan-activity;sid:83687432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824331/; classtype:trojan-activity;sid:83687431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.51.195.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824330/; classtype:trojan-activity;sid:83687430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.195.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824329/; classtype:trojan-activity;sid:83687429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.237.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824328/; classtype:trojan-activity;sid:83687428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.232.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824327/; classtype:trojan-activity;sid:83687427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824326/; classtype:trojan-activity;sid:83687426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824325/; classtype:trojan-activity;sid:83687425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.13.48.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824324/; classtype:trojan-activity;sid:83687424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.20.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824323/; classtype:trojan-activity;sid:83687423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.238.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824322/; classtype:trojan-activity;sid:83687422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.104"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824321/; classtype:trojan-activity;sid:83687421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.237.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824320/; classtype:trojan-activity;sid:83687420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.211.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824319/; classtype:trojan-activity;sid:83687419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.115.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824318/; classtype:trojan-activity;sid:83687418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.91.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824317/; classtype:trojan-activity;sid:83687417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.34.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824316/; classtype:trojan-activity;sid:83687416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.55.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824315/; classtype:trojan-activity;sid:83687415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.238.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824314/; classtype:trojan-activity;sid:83687414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.42.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824313/; classtype:trojan-activity;sid:83687413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.240.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824312/; classtype:trojan-activity;sid:83687412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.100.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824311/; classtype:trojan-activity;sid:83687411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824309/; classtype:trojan-activity;sid:83687409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824310/; classtype:trojan-activity;sid:83687410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824308/; classtype:trojan-activity;sid:83687408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.193.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824307/; classtype:trojan-activity;sid:83687407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meyas33/x3261/releases/download/v32.6.1/x326.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824306/; classtype:trojan-activity;sid:83687406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.137.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824305/; classtype:trojan-activity;sid:83687405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.10.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824304/; classtype:trojan-activity;sid:83687404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.172.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824303/; classtype:trojan-activity;sid:83687403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.70.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824302/; classtype:trojan-activity;sid:83687402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824301/; classtype:trojan-activity;sid:83687401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.8.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824300/; classtype:trojan-activity;sid:83687400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.65.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824299/; classtype:trojan-activity;sid:83687399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.28.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824298/; classtype:trojan-activity;sid:83687398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824297/; classtype:trojan-activity;sid:83687397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.57.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824296/; classtype:trojan-activity;sid:83687396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.159.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824295/; classtype:trojan-activity;sid:83687395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.137.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824294/; classtype:trojan-activity;sid:83687394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.159.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824293/; classtype:trojan-activity;sid:83687393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.7.11"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824292/; classtype:trojan-activity;sid:83687392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.111.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824291/; classtype:trojan-activity;sid:83687391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.146.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824290/; classtype:trojan-activity;sid:83687390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.8.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824289/; classtype:trojan-activity;sid:83687389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824288/; classtype:trojan-activity;sid:83687388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.242.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824287/; classtype:trojan-activity;sid:83687387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xr0pkn5o4q5d"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824286/; classtype:trojan-activity;sid:83687386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824285/; classtype:trojan-activity;sid:83687385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.46.70.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824284/; classtype:trojan-activity;sid:83687384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.173.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824281/; classtype:trojan-activity;sid:83687381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.215.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824282/; classtype:trojan-activity;sid:83687382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.138.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824283/; classtype:trojan-activity;sid:83687383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.49.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824280/; classtype:trojan-activity;sid:83687380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824279/; classtype:trojan-activity;sid:83687379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824278/; classtype:trojan-activity;sid:83687378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.18.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824277/; classtype:trojan-activity;sid:83687377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.111.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824276/; classtype:trojan-activity;sid:83687376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.145.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824275/; classtype:trojan-activity;sid:83687375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.106.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824274/; classtype:trojan-activity;sid:83687374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.146.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824273/; classtype:trojan-activity;sid:83687373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.99.107.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824272/; classtype:trojan-activity;sid:83687372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.116.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824271/; classtype:trojan-activity;sid:83687371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.16.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824269/; classtype:trojan-activity;sid:83687369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824270/; classtype:trojan-activity;sid:83687370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.11"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824268/; classtype:trojan-activity;sid:83687368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/5141779/klkjjk.exe"; depth:22; endswith; nocase; http.host; content:"tmpfiles.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824267/; classtype:trojan-activity;sid:83687367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824266/; classtype:trojan-activity;sid:83687366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.246.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824265/; classtype:trojan-activity;sid:83687365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.243.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824264/; classtype:trojan-activity;sid:83687364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.180.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824263/; classtype:trojan-activity;sid:83687363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"eubya.anesthetics.biomedzglobal.com"; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824262/; classtype:trojan-activity;sid:83687362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824261/; classtype:trojan-activity;sid:83687361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.22.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824260/; classtype:trojan-activity;sid:83687360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.255.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824259/; classtype:trojan-activity;sid:83687359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.189.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824258/; classtype:trojan-activity;sid:83687358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.130.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824257/; classtype:trojan-activity;sid:83687357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.246.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824256/; classtype:trojan-activity;sid:83687356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.189.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824255/; classtype:trojan-activity;sid:83687355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.18.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824254/; classtype:trojan-activity;sid:83687354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.159.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824253/; classtype:trojan-activity;sid:83687353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.120.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824252/; classtype:trojan-activity;sid:83687352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.255.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824250/; classtype:trojan-activity;sid:83687350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.38.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824251/; classtype:trojan-activity;sid:83687351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824249/; classtype:trojan-activity;sid:83687349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.140.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824248/; classtype:trojan-activity;sid:83687348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.104.221.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824247/; classtype:trojan-activity;sid:83687347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.41.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824245/; classtype:trojan-activity;sid:83687345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.139.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824246/; classtype:trojan-activity;sid:83687346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.168.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824244/; classtype:trojan-activity;sid:83687344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.166.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824243/; classtype:trojan-activity;sid:83687343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.140.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824242/; classtype:trojan-activity;sid:83687342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.201.134.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824241/; classtype:trojan-activity;sid:83687341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.68.162.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824240/; classtype:trojan-activity;sid:83687340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.26.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824239/; classtype:trojan-activity;sid:83687339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.181.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824238/; classtype:trojan-activity;sid:83687338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824237/; classtype:trojan-activity;sid:83687337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.33.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824236/; classtype:trojan-activity;sid:83687336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.93.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824235/; classtype:trojan-activity;sid:83687335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/klkjjk.exe"; depth:16; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824234/; classtype:trojan-activity;sid:83687334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824233/; classtype:trojan-activity;sid:83687333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/web/9c86373c-6336-4fb5-bbc4-de77cdad2083/build.rar"; depth:60; endswith; nocase; http.host; content:"store10.gofile.io"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824232/; classtype:trojan-activity;sid:83687332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dirtypipez"; depth:11; endswith; nocase; http.host; content:"50.43.49.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824230/; classtype:trojan-activity;sid:83687330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dirtypipez.c"; depth:13; endswith; nocase; http.host; content:"50.43.49.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824231/; classtype:trojan-activity;sid:83687331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/emp0zo"; depth:9; endswith; nocase; http.host; content:"gofile.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824229/; classtype:trojan-activity;sid:83687329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1224817096030949406/1229800439973810266/release.rar|3f|ex=6630ffe9|7c|26|7c|is=661e8ae9|7c|26|7c|hm=5dc2980f3b5506b5a7dd269105936e28074f330bd8560dff7b66e368892ef979|7c|26|7c|"; depth:187; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824228/; classtype:trojan-activity;sid:83687328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.36.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824227/; classtype:trojan-activity;sid:83687327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.53.94.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824226/; classtype:trojan-activity;sid:83687326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.214.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824225/; classtype:trojan-activity;sid:83687325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.7.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824224/; classtype:trojan-activity;sid:83687324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.89.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824223/; classtype:trojan-activity;sid:83687323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.181.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824222/; classtype:trojan-activity;sid:83687322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824217/; classtype:trojan-activity;sid:83687317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824218/; classtype:trojan-activity;sid:83687318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824219/; classtype:trojan-activity;sid:83687319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824220/; classtype:trojan-activity;sid:83687320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824221/; classtype:trojan-activity;sid:83687321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.172.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824216/; classtype:trojan-activity;sid:83687316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824213/; classtype:trojan-activity;sid:83687313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824214/; classtype:trojan-activity;sid:83687314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824215/; classtype:trojan-activity;sid:83687315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824211/; classtype:trojan-activity;sid:83687311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.spc"; depth:9; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824212/; classtype:trojan-activity;sid:83687312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.7.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824210/; classtype:trojan-activity;sid:83687310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824209/; classtype:trojan-activity;sid:83687309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824208/; classtype:trojan-activity;sid:83687308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.255.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824207/; classtype:trojan-activity;sid:83687307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.159.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824206/; classtype:trojan-activity;sid:83687306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.144.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824205/; classtype:trojan-activity;sid:83687305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.224.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824204/; classtype:trojan-activity;sid:83687304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824203/; classtype:trojan-activity;sid:83687303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.147.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824202/; classtype:trojan-activity;sid:83687302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.39.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824201/; classtype:trojan-activity;sid:83687301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/fghghghgfd.pdf"; depth:19; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824199/; classtype:trojan-activity;sid:83687299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/softcore-shd-lavacrypt.exe"; depth:34; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824200/; classtype:trojan-activity;sid:83687300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/noncryptedmainstub.exe"; depth:28; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824197/; classtype:trojan-activity;sid:83687297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dffgfgfgfd.jpeg"; depth:20; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824198/; classtype:trojan-activity;sid:83687298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824196/; classtype:trojan-activity;sid:83687296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/klkjjk.exe"; depth:16; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824194/; classtype:trojan-activity;sid:83687294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/klkjjk.exe"; depth:16; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824195/; classtype:trojan-activity;sid:83687295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/qausarneedscrypted.exe"; depth:28; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824193/; classtype:trojan-activity;sid:83687293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/degrado-lavacrypt-dfgs.exe"; depth:34; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824190/; classtype:trojan-activity;sid:83687290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/krummy-lavacrypt-gfhd.exe"; depth:33; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824191/; classtype:trojan-activity;sid:83687291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/xx-lavacrypt-dfgs.exe"; depth:29; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824192/; classtype:trojan-activity;sid:83687292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/hajde-lavacrypt-dfgs.exe"; depth:32; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824189/; classtype:trojan-activity;sid:83687289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/ghghghgfg.xml"; depth:18; endswith; nocase; http.host; content:"gjhfhgdg.insane.wang"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824188/; classtype:trojan-activity;sid:83687288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824187/; classtype:trojan-activity;sid:83687287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.99.201.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824186/; classtype:trojan-activity;sid:83687286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.193.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824185/; classtype:trojan-activity;sid:83687285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824184/; classtype:trojan-activity;sid:83687284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro.bin"; depth:7; endswith; nocase; http.host; content:"agrar-bolt.hu"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824183/; classtype:trojan-activity;sid:83687283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koo/kpyqgtbbzswvoy6.bin"; depth:24; endswith; nocase; http.host; content:"nitio.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824182/; classtype:trojan-activity;sid:83687282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koo1/decipher.csv"; depth:18; endswith; nocase; http.host; content:"nitio.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824181/; classtype:trojan-activity;sid:83687281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patch"; depth:6; endswith; nocase; http.host; content:"72.5.43.90"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824180/; classtype:trojan-activity;sid:83687280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0"; depth:2; endswith; nocase; http.host; content:"192.253.234.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824178/; classtype:trojan-activity;sid:83687278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47477.py"; depth:9; endswith; nocase; http.host; content:"192.253.234.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824179/; classtype:trojan-activity;sid:83687279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//47478.elf"; depth:11; endswith; nocase; http.host; content:"192.253.234.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824177/; classtype:trojan-activity;sid:83687277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.134.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824175/; classtype:trojan-activity;sid:83687275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.39.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824176/; classtype:trojan-activity;sid:83687276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824174/; classtype:trojan-activity;sid:83687274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.8.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824173/; classtype:trojan-activity;sid:83687273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824172/; classtype:trojan-activity;sid:83687272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.91.63.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824171/; classtype:trojan-activity;sid:83687271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.199.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824170/; classtype:trojan-activity;sid:83687270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.89.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824169/; classtype:trojan-activity;sid:83687269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.157.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824168/; classtype:trojan-activity;sid:83687268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.92.177.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824167/; classtype:trojan-activity;sid:83687267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.220.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824166/; classtype:trojan-activity;sid:83687266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.193.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824165/; classtype:trojan-activity;sid:83687265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.183.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824164/; classtype:trojan-activity;sid:83687264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.228.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824163/; classtype:trojan-activity;sid:83687263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824162/; classtype:trojan-activity;sid:83687262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.170.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824161/; classtype:trojan-activity;sid:83687261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824160/; classtype:trojan-activity;sid:83687260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.253.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824159/; classtype:trojan-activity;sid:83687259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.140.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824158/; classtype:trojan-activity;sid:83687258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.153.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824157/; classtype:trojan-activity;sid:83687257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.165.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824156/; classtype:trojan-activity;sid:83687256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.42.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824154/; classtype:trojan-activity;sid:83687254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"190.109.230.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824155/; classtype:trojan-activity;sid:83687255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.97.167.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824153/; classtype:trojan-activity;sid:83687253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.228.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824152/; classtype:trojan-activity;sid:83687252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824151/; classtype:trojan-activity;sid:83687251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.99.94.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824150/; classtype:trojan-activity;sid:83687250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.210.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824148/; classtype:trojan-activity;sid:83687248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.255.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824149/; classtype:trojan-activity;sid:83687249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.183.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824147/; classtype:trojan-activity;sid:83687247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/softcore-shd-lavacrypt.exe"; depth:34; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824146/; classtype:trojan-activity;sid:83687246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/krummy-lavacrypt-gfhd.exe"; depth:33; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824142/; classtype:trojan-activity;sid:83687242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dffgfgfgfd.jpeg"; depth:20; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824143/; classtype:trojan-activity;sid:83687243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/qausarneedscrypted.exe"; depth:28; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824144/; classtype:trojan-activity;sid:83687244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/fghghghgfd.pdf"; depth:19; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824145/; classtype:trojan-activity;sid:83687245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/hajde-lavacrypt-dfgs.exe"; depth:32; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824141/; classtype:trojan-activity;sid:83687241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/ghghghgfg.xml"; depth:18; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824140/; classtype:trojan-activity;sid:83687240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/xx-lavacrypt-dfgs.exe"; depth:29; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824138/; classtype:trojan-activity;sid:83687238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/degrado-lavacrypt-dfgs.exe"; depth:34; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824139/; classtype:trojan-activity;sid:83687239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.140.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824137/; classtype:trojan-activity;sid:83687237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.42.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824136/; classtype:trojan-activity;sid:83687236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824135/; classtype:trojan-activity;sid:83687235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.145.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824134/; classtype:trojan-activity;sid:83687234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.233.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824132/; classtype:trojan-activity;sid:83687232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.207.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824133/; classtype:trojan-activity;sid:83687233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cmss/ireallywanthowimportantthisgirlinmylifesheismybeautifulgirlwhoilovedhertrulyfromtheheartsheismygirl___ireallylovedherfromtheheart.doc"; depth:145; endswith; nocase; http.host; content:"103.198.26.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824131/; classtype:trojan-activity;sid:83687231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824130/; classtype:trojan-activity;sid:83687230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.241.14.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824129/; classtype:trojan-activity;sid:83687229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.244.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824128/; classtype:trojan-activity;sid:83687228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.243.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824127/; classtype:trojan-activity;sid:83687227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.135.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824126/; classtype:trojan-activity;sid:83687226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.155.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824125/; classtype:trojan-activity;sid:83687225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.26.232.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824124/; classtype:trojan-activity;sid:83687224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.132.146.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824122/; classtype:trojan-activity;sid:83687222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.31.230.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824123/; classtype:trojan-activity;sid:83687223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.244.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824121/; classtype:trojan-activity;sid:83687221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.209.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824120/; classtype:trojan-activity;sid:83687220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824119/; classtype:trojan-activity;sid:83687219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.135.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824118/; classtype:trojan-activity;sid:83687218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824117/; classtype:trojan-activity;sid:83687217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824116/; classtype:trojan-activity;sid:83687216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.126.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824115/; classtype:trojan-activity;sid:83687215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.97.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824114/; classtype:trojan-activity;sid:83687214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824113/; classtype:trojan-activity;sid:83687213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.241.14.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824112/; classtype:trojan-activity;sid:83687212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.135.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824111/; classtype:trojan-activity;sid:83687211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824110/; classtype:trojan-activity;sid:83687210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.69.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824109/; classtype:trojan-activity;sid:83687209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824108/; classtype:trojan-activity;sid:83687208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.135.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824107/; classtype:trojan-activity;sid:83687207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.205.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824106/; classtype:trojan-activity;sid:83687206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.121.176.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824105/; classtype:trojan-activity;sid:83687205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"104.230.136.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824103/; classtype:trojan-activity;sid:83687203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.25.203.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824104/; classtype:trojan-activity;sid:83687204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.233.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824102/; classtype:trojan-activity;sid:83687202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.34.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824099/; classtype:trojan-activity;sid:83687199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.109.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824100/; classtype:trojan-activity;sid:83687200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.223.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824101/; classtype:trojan-activity;sid:83687201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824098/; classtype:trojan-activity;sid:83687198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.31.180.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824097/; classtype:trojan-activity;sid:83687197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.214.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824096/; classtype:trojan-activity;sid:83687196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.252.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824095/; classtype:trojan-activity;sid:83687195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.216.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824094/; classtype:trojan-activity;sid:83687194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.202.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824093/; classtype:trojan-activity;sid:83687193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.233.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824092/; classtype:trojan-activity;sid:83687192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824090/; classtype:trojan-activity;sid:83687190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.28.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824091/; classtype:trojan-activity;sid:83687191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.148.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824088/; classtype:trojan-activity;sid:83687188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.118.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824089/; classtype:trojan-activity;sid:83687189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.162.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824087/; classtype:trojan-activity;sid:83687187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.237.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824086/; classtype:trojan-activity;sid:83687186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.211.188.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824084/; classtype:trojan-activity;sid:83687184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.83.1.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824085/; classtype:trojan-activity;sid:83687185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824082/; classtype:trojan-activity;sid:83687182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.61.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824083/; classtype:trojan-activity;sid:83687183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.41.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824081/; classtype:trojan-activity;sid:83687181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.57.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824080/; classtype:trojan-activity;sid:83687180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.205.58.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824076/; classtype:trojan-activity;sid:83687176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.208.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824074/; classtype:trojan-activity;sid:83687174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.250.149.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824075/; classtype:trojan-activity;sid:83687175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.85.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824073/; classtype:trojan-activity;sid:83687173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668891517|3f|hash=zychbdtfjgvw31t1mk1g1mnciucbn6z0qvxs8zqj47c|7c|26|7c|dl=q5jykpgwidhpm0n5zx8vbk4ltltznopmgiibgqbgalt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824072/; classtype:trojan-activity;sid:83687172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.109.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824071/; classtype:trojan-activity;sid:83687171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.83.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824070/; classtype:trojan-activity;sid:83687170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.216.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824069/; classtype:trojan-activity;sid:83687169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.202.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824068/; classtype:trojan-activity;sid:83687168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.219.60.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824067/; classtype:trojan-activity;sid:83687167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.148.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824066/; classtype:trojan-activity;sid:83687166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.61.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824065/; classtype:trojan-activity;sid:83687165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.225.42.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824064/; classtype:trojan-activity;sid:83687164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.39.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824063/; classtype:trojan-activity;sid:83687163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824061/; classtype:trojan-activity;sid:83687161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.222.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824062/; classtype:trojan-activity;sid:83687162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.18.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824060/; classtype:trojan-activity;sid:83687160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.3.46"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824059/; classtype:trojan-activity;sid:83687159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.8.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824058/; classtype:trojan-activity;sid:83687158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.41.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824057/; classtype:trojan-activity;sid:83687157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.76.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824056/; classtype:trojan-activity;sid:83687156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824055/; classtype:trojan-activity;sid:83687155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824045/; classtype:trojan-activity;sid:83687145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824046/; classtype:trojan-activity;sid:83687146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824047/; classtype:trojan-activity;sid:83687147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824048/; classtype:trojan-activity;sid:83687148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824049/; classtype:trojan-activity;sid:83687149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824050/; classtype:trojan-activity;sid:83687150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824051/; classtype:trojan-activity;sid:83687151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824052/; classtype:trojan-activity;sid:83687152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"94.156.8.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824053/; classtype:trojan-activity;sid:83687153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.105.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824054/; classtype:trojan-activity;sid:83687154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.109.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824044/; classtype:trojan-activity;sid:83687144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/noncryptedmainstub.exe"; depth:28; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824043/; classtype:trojan-activity;sid:83687143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.85.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824042/; classtype:trojan-activity;sid:83687142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.35.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824041/; classtype:trojan-activity;sid:83687141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.8.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824040/; classtype:trojan-activity;sid:83687140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824039/; classtype:trojan-activity;sid:83687139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824038/; classtype:trojan-activity;sid:83687138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.90.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824037/; classtype:trojan-activity;sid:83687137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.45.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824036/; classtype:trojan-activity;sid:83687136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.16.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824035/; classtype:trojan-activity;sid:83687135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.230.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824034/; classtype:trojan-activity;sid:83687134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.185.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824033/; classtype:trojan-activity;sid:83687133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.35.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824032/; classtype:trojan-activity;sid:83687132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.105.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824031/; classtype:trojan-activity;sid:83687131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.223.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824030/; classtype:trojan-activity;sid:83687130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.16.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824029/; classtype:trojan-activity;sid:83687129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.92.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824028/; classtype:trojan-activity;sid:83687128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.184.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824027/; classtype:trojan-activity;sid:83687127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.68.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824026/; classtype:trojan-activity;sid:83687126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824025/; classtype:trojan-activity;sid:83687125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.183.15.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824024/; classtype:trojan-activity;sid:83687124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/hjhjhhj.exe"; depth:17; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824023/; classtype:trojan-activity;sid:83687123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.184.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824022/; classtype:trojan-activity;sid:83687122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.230.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824020/; classtype:trojan-activity;sid:83687120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.179.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824021/; classtype:trojan-activity;sid:83687121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.90.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824019/; classtype:trojan-activity;sid:83687119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824018/; classtype:trojan-activity;sid:83687118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.116.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824017/; classtype:trojan-activity;sid:83687117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.222.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824016/; classtype:trojan-activity;sid:83687116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.25.143.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824015/; classtype:trojan-activity;sid:83687115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824013/; classtype:trojan-activity;sid:83687113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.18.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824014/; classtype:trojan-activity;sid:83687114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.107.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824012/; classtype:trojan-activity;sid:83687112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.92.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824011/; classtype:trojan-activity;sid:83687111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824010/; classtype:trojan-activity;sid:83687110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.184.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824009/; classtype:trojan-activity;sid:83687109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824008/; classtype:trojan-activity;sid:83687108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.201.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824007/; classtype:trojan-activity;sid:83687107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.179.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824006/; classtype:trojan-activity;sid:83687106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.9.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824004/; classtype:trojan-activity;sid:83687104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.7.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824005/; classtype:trojan-activity;sid:83687105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.60.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824003/; classtype:trojan-activity;sid:83687103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823998/; classtype:trojan-activity;sid:83687098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823999/; classtype:trojan-activity;sid:83687099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824000/; classtype:trojan-activity;sid:83687100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824001/; classtype:trojan-activity;sid:83687101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824002/; classtype:trojan-activity;sid:83687102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823992/; classtype:trojan-activity;sid:83687092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823993/; classtype:trojan-activity;sid:83687093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823994/; classtype:trojan-activity;sid:83687094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823995/; classtype:trojan-activity;sid:83687095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823996/; classtype:trojan-activity;sid:83687096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823997/; classtype:trojan-activity;sid:83687097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823989/; classtype:trojan-activity;sid:83687089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823990/; classtype:trojan-activity;sid:83687090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823991/; classtype:trojan-activity;sid:83687091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823988/; classtype:trojan-activity;sid:83687088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.55.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823987/; classtype:trojan-activity;sid:83687087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.41.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823985/; classtype:trojan-activity;sid:83687085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.223.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823986/; classtype:trojan-activity;sid:83687086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823983/; classtype:trojan-activity;sid:83687083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823984/; classtype:trojan-activity;sid:83687084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823982/; classtype:trojan-activity;sid:83687082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.249.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823981/; classtype:trojan-activity;sid:83687081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823980/; classtype:trojan-activity;sid:83687080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.22.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823979/; classtype:trojan-activity;sid:83687079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.150.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823978/; classtype:trojan-activity;sid:83687078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.31.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823977/; classtype:trojan-activity;sid:83687077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.241.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823974/; classtype:trojan-activity;sid:83687074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.177.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823975/; classtype:trojan-activity;sid:83687075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.215.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823976/; classtype:trojan-activity;sid:83687076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g1/589/steamworks.exe"; depth:22; endswith; nocase; http.host; content:"by.haory.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823973/; classtype:trojan-activity;sid:83687073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.2.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823972/; classtype:trojan-activity;sid:83687072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.46.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823971/; classtype:trojan-activity;sid:83687071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.150.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823970/; classtype:trojan-activity;sid:83687070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.172.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823969/; classtype:trojan-activity;sid:83687069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.233.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823968/; classtype:trojan-activity;sid:83687068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.113.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823966/; classtype:trojan-activity;sid:83687066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.195.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823967/; classtype:trojan-activity;sid:83687067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.167.6.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823964/; classtype:trojan-activity;sid:83687064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.59.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823965/; classtype:trojan-activity;sid:83687065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s2104m/wininit.exe"; depth:19; endswith; nocase; http.host; content:"192.3.176.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823963/; classtype:trojan-activity;sid:83687063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.210.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823962/; classtype:trojan-activity;sid:83687062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.240.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823961/; classtype:trojan-activity;sid:83687061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/uho/mewillthinkaboutthegoodthingstogetinbacktheprojecttointernationalideatoseehowitswillbekissing___lovertogetmebackthetruthfeel.doc"; depth:139; endswith; nocase; http.host; content:"192.3.176.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823960/; classtype:trojan-activity;sid:83687060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.60.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823959/; classtype:trojan-activity;sid:83687059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ext/chatgpt_search.jpeg"; depth:24; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823958/; classtype:trojan-activity;sid:83687058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823957/; classtype:trojan-activity;sid:83687057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/droid-21a46.appspot.com/o/tailorman.vbs|3f|alt=media|7c|26|7c|token=b664299a-525c-4cd5-91a2-f9603898c0b1"; depth:110; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823956/; classtype:trojan-activity;sid:83687056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qvxzm4.bin"; depth:11; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823954/; classtype:trojan-activity;sid:83687054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/normals.pcz"; depth:12; endswith; nocase; http.host; content:"23.95.60.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823955/; classtype:trojan-activity;sid:83687055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//curl-amd64"; depth:12; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823952/; classtype:trojan-activity;sid:83687052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//kinsing"; depth:9; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823953/; classtype:trojan-activity;sid:83687053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//kinsing_aarch64"; depth:17; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823951/; classtype:trojan-activity;sid:83687051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//libsystem.so"; depth:14; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823949/; classtype:trojan-activity;sid:83687049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//curl-aarch64"; depth:14; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823950/; classtype:trojan-activity;sid:83687050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.150.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823948/; classtype:trojan-activity;sid:83687048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.41.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823947/; classtype:trojan-activity;sid:83687047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823946/; classtype:trojan-activity;sid:83687046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823933/; classtype:trojan-activity;sid:83687033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tf.sh"; depth:6; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823934/; classtype:trojan-activity;sid:83687034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823935/; classtype:trojan-activity;sid:83687035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823936/; classtype:trojan-activity;sid:83687036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.153.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823937/; classtype:trojan-activity;sid:83687037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823938/; classtype:trojan-activity;sid:83687038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823939/; classtype:trojan-activity;sid:83687039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823940/; classtype:trojan-activity;sid:83687040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex.sh"; depth:6; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823941/; classtype:trojan-activity;sid:83687041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823942/; classtype:trojan-activity;sid:83687042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823943/; classtype:trojan-activity;sid:83687043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823944/; classtype:trojan-activity;sid:83687044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lh.sh"; depth:6; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823945/; classtype:trojan-activity;sid:83687045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823930/; classtype:trojan-activity;sid:83687030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823931/; classtype:trojan-activity;sid:83687031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823932/; classtype:trojan-activity;sid:83687032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823928/; classtype:trojan-activity;sid:83687028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823929/; classtype:trojan-activity;sid:83687029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823926/; classtype:trojan-activity;sid:83687026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae.sh"; depth:6; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823927/; classtype:trojan-activity;sid:83687027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823925/; classtype:trojan-activity;sid:83687025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.211.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823924/; classtype:trojan-activity;sid:83687024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823923/; classtype:trojan-activity;sid:83687023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.208.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823922/; classtype:trojan-activity;sid:83687022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.129.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823921/; classtype:trojan-activity;sid:83687021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.39.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823919/; classtype:trojan-activity;sid:83687019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.177.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823920/; classtype:trojan-activity;sid:83687020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.76.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823918/; classtype:trojan-activity;sid:83687018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.195.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823917/; classtype:trojan-activity;sid:83687017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.22.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823915/; classtype:trojan-activity;sid:83687015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.95.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823916/; classtype:trojan-activity;sid:83687016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.210.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823914/; classtype:trojan-activity;sid:83687014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.167.6.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823912/; classtype:trojan-activity;sid:83687012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.225.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823913/; classtype:trojan-activity;sid:83687013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.240.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823911/; classtype:trojan-activity;sid:83687011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.206.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823910/; classtype:trojan-activity;sid:83687010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823909/; classtype:trojan-activity;sid:83687009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.238.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823908/; classtype:trojan-activity;sid:83687008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.153.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823907/; classtype:trojan-activity;sid:83687007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823906/; classtype:trojan-activity;sid:83687006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.33.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823905/; classtype:trojan-activity;sid:83687005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.186.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823904/; classtype:trojan-activity;sid:83687004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.17.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823903/; classtype:trojan-activity;sid:83687003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.221.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823902/; classtype:trojan-activity;sid:83687002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.244.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823901/; classtype:trojan-activity;sid:83687001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.84.61.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823900/; classtype:trojan-activity;sid:83687000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.241.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823899/; classtype:trojan-activity;sid:83686999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.188.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823898/; classtype:trojan-activity;sid:83686998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.68.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823897/; classtype:trojan-activity;sid:83686997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823896/; classtype:trojan-activity;sid:83686996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.219.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823895/; classtype:trojan-activity;sid:83686995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.76.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823894/; classtype:trojan-activity;sid:83686994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823893/; classtype:trojan-activity;sid:83686993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.64.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823892/; classtype:trojan-activity;sid:83686992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.173.116.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823891/; classtype:trojan-activity;sid:83686991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.59.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823890/; classtype:trojan-activity;sid:83686990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"107.189.5.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823889/; classtype:trojan-activity;sid:83686989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.238.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823888/; classtype:trojan-activity;sid:83686988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823887/; classtype:trojan-activity;sid:83686987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/mips"; depth:13; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823885/; classtype:trojan-activity;sid:83686985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/mpsl"; depth:13; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823886/; classtype:trojan-activity;sid:83686986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/ppc"; depth:12; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823878/; classtype:trojan-activity;sid:83686978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/m68k"; depth:13; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823879/; classtype:trojan-activity;sid:83686979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/arm"; depth:12; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823880/; classtype:trojan-activity;sid:83686980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/sh4"; depth:12; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823881/; classtype:trojan-activity;sid:83686981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/arm7"; depth:13; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823882/; classtype:trojan-activity;sid:83686982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/arm6"; depth:13; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823883/; classtype:trojan-activity;sid:83686983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/spc"; depth:12; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823884/; classtype:trojan-activity;sid:83686984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/root"; depth:13; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823872/; classtype:trojan-activity;sid:83686972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/yarn"; depth:13; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823873/; classtype:trojan-activity;sid:83686973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/x86_64"; depth:15; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823874/; classtype:trojan-activity;sid:83686974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/x86"; depth:12; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823875/; classtype:trojan-activity;sid:83686975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/zte"; depth:12; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823876/; classtype:trojan-activity;sid:83686976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/rtk"; depth:12; endswith; nocase; http.host; content:"193.35.18.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823877/; classtype:trojan-activity;sid:83686977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.186.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823871/; classtype:trojan-activity;sid:83686971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.153.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823870/; classtype:trojan-activity;sid:83686970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"188.225.18.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823869/; classtype:trojan-activity;sid:83686969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"xod.anesthetics.biomedzglobal.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823868/; classtype:trojan-activity;sid:83686968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.68.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823867/; classtype:trojan-activity;sid:83686967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823866/; classtype:trojan-activity;sid:83686966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.141.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823865/; classtype:trojan-activity;sid:83686965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.64.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823864/; classtype:trojan-activity;sid:83686964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-x86"; depth:18; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823861/; classtype:trojan-activity;sid:83686961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-arm7"; depth:19; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823862/; classtype:trojan-activity;sid:83686962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-mips"; depth:19; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823863/; classtype:trojan-activity;sid:83686963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-m68k"; depth:19; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823857/; classtype:trojan-activity;sid:83686957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-ppc"; depth:18; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823858/; classtype:trojan-activity;sid:83686958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-sh4"; depth:18; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823859/; classtype:trojan-activity;sid:83686959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/nig.sh"; depth:13; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823860/; classtype:trojan-activity;sid:83686960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto.sh"; depth:17; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823849/; classtype:trojan-activity;sid:83686949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-mpsl"; depth:19; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823850/; classtype:trojan-activity;sid:83686950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/lilin.sh"; depth:15; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823851/; classtype:trojan-activity;sid:83686951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-arm6"; depth:19; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823852/; classtype:trojan-activity;sid:83686952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-arm5"; depth:19; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823853/; classtype:trojan-activity;sid:83686953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-spc"; depth:18; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823854/; classtype:trojan-activity;sid:83686954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/gpon.sh"; depth:14; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823855/; classtype:trojan-activity;sid:83686955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwinf/insetto-arm"; depth:18; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823856/; classtype:trojan-activity;sid:83686956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget1.sh"; depth:9; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823848/; classtype:trojan-activity;sid:83686948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.219.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823847/; classtype:trojan-activity;sid:83686947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kys.sh"; depth:7; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823845/; classtype:trojan-activity;sid:83686945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nig.sh"; depth:7; endswith; nocase; http.host; content:"94.156.65.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823846/; classtype:trojan-activity;sid:83686946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823843/; classtype:trojan-activity;sid:83686943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol"; depth:4; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823844/; classtype:trojan-activity;sid:83686944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823842/; classtype:trojan-activity;sid:83686942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb3.sh"; depth:8; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823839/; classtype:trojan-activity;sid:83686939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb2.sh"; depth:8; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823840/; classtype:trojan-activity;sid:83686940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb1.sh"; depth:8; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823841/; classtype:trojan-activity;sid:83686941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu.sh"; depth:8; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823838/; classtype:trojan-activity;sid:83686938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"141.98.7.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823837/; classtype:trojan-activity;sid:83686937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.39.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823836/; classtype:trojan-activity;sid:83686936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.230.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823835/; classtype:trojan-activity;sid:83686935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823834/; classtype:trojan-activity;sid:83686934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823833/; classtype:trojan-activity;sid:83686933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.111.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823832/; classtype:trojan-activity;sid:83686932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.82.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823831/; classtype:trojan-activity;sid:83686931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823827/; classtype:trojan-activity;sid:83686927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823828/; classtype:trojan-activity;sid:83686928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823829/; classtype:trojan-activity;sid:83686929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823830/; classtype:trojan-activity;sid:83686930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823825/; classtype:trojan-activity;sid:83686925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823826/; classtype:trojan-activity;sid:83686926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823824/; classtype:trojan-activity;sid:83686924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823823/; classtype:trojan-activity;sid:83686923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.102.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823822/; classtype:trojan-activity;sid:83686922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823820/; classtype:trojan-activity;sid:83686920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823821/; classtype:trojan-activity;sid:83686921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823818/; classtype:trojan-activity;sid:83686918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823819/; classtype:trojan-activity;sid:83686919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.76.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823817/; classtype:trojan-activity;sid:83686917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.121.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823816/; classtype:trojan-activity;sid:83686916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823814/; classtype:trojan-activity;sid:83686914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.84.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823815/; classtype:trojan-activity;sid:83686915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.3.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823813/; classtype:trojan-activity;sid:83686913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.207.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823812/; classtype:trojan-activity;sid:83686912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823802/; classtype:trojan-activity;sid:83686902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823803/; classtype:trojan-activity;sid:83686903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823804/; classtype:trojan-activity;sid:83686904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823805/; classtype:trojan-activity;sid:83686905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823806/; classtype:trojan-activity;sid:83686906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823807/; classtype:trojan-activity;sid:83686907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823808/; classtype:trojan-activity;sid:83686908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823809/; classtype:trojan-activity;sid:83686909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823810/; classtype:trojan-activity;sid:83686910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.252.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823811/; classtype:trojan-activity;sid:83686911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823793/; classtype:trojan-activity;sid:83686893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823794/; classtype:trojan-activity;sid:83686894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823795/; classtype:trojan-activity;sid:83686895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823796/; classtype:trojan-activity;sid:83686896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823797/; classtype:trojan-activity;sid:83686897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823798/; classtype:trojan-activity;sid:83686898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823799/; classtype:trojan-activity;sid:83686899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823800/; classtype:trojan-activity;sid:83686900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823801/; classtype:trojan-activity;sid:83686901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823789/; classtype:trojan-activity;sid:83686889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823790/; classtype:trojan-activity;sid:83686890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823791/; classtype:trojan-activity;sid:83686891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823792/; classtype:trojan-activity;sid:83686892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823788/; classtype:trojan-activity;sid:83686888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"141.98.7.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823783/; classtype:trojan-activity;sid:83686883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"141.98.7.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823784/; classtype:trojan-activity;sid:83686884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"141.98.7.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823785/; classtype:trojan-activity;sid:83686885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"141.98.7.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823786/; classtype:trojan-activity;sid:83686886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"141.98.7.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823787/; classtype:trojan-activity;sid:83686887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823782/; classtype:trojan-activity;sid:83686882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.23.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823781/; classtype:trojan-activity;sid:83686881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.1.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823780/; classtype:trojan-activity;sid:83686880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.153.0.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823779/; classtype:trojan-activity;sid:83686879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.102.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823778/; classtype:trojan-activity;sid:83686878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.76.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823777/; classtype:trojan-activity;sid:83686877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.121.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823776/; classtype:trojan-activity;sid:83686876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.3.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823775/; classtype:trojan-activity;sid:83686875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.161.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823774/; classtype:trojan-activity;sid:83686874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.239.49.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823773/; classtype:trojan-activity;sid:83686873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.64.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823772/; classtype:trojan-activity;sid:83686872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.186.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823771/; classtype:trojan-activity;sid:83686871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.153.0.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823770/; classtype:trojan-activity;sid:83686870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.1.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823769/; classtype:trojan-activity;sid:83686869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.117.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823768/; classtype:trojan-activity;sid:83686868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.119.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823766/; classtype:trojan-activity;sid:83686866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.4.181.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823767/; classtype:trojan-activity;sid:83686867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.117.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823765/; classtype:trojan-activity;sid:83686865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.194.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823764/; classtype:trojan-activity;sid:83686864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.236.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823763/; classtype:trojan-activity;sid:83686863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.157.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823762/; classtype:trojan-activity;sid:83686862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.186.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823761/; classtype:trojan-activity;sid:83686861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.36.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823760/; classtype:trojan-activity;sid:83686860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.64.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823758/; classtype:trojan-activity;sid:83686858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823759/; classtype:trojan-activity;sid:83686859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.172.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823757/; classtype:trojan-activity;sid:83686857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823756/; classtype:trojan-activity;sid:83686856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prosp.scr"; depth:10; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823755/; classtype:trojan-activity;sid:83686855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.248.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823754/; classtype:trojan-activity;sid:83686854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hylasmus.ocx"; depth:13; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823753/; classtype:trojan-activity;sid:83686853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1fwetamc8xvaea3jv16qusgx6tuli6s0w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823751/; classtype:trojan-activity;sid:83686851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rwrhh1uo-srar92_q8wl4e7pn2kxc1ok"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823752/; classtype:trojan-activity;sid:83686852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1r688rmf1ekkwt19kwahjjlqtomqjh-e6"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823750/; classtype:trojan-activity;sid:83686850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jmzhy6tmilzovaehmxp1a_p6vqcurnrs"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823749/; classtype:trojan-activity;sid:83686849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.191.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823748/; classtype:trojan-activity;sid:83686848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1odj9i8b8gd74vuco_0maarxsozjeinb5"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823747/; classtype:trojan-activity;sid:83686847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.180.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823746/; classtype:trojan-activity;sid:83686846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykc8ds/45699.exe"; depth:17; endswith; nocase; http.host; content:"redirectdata.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823745/; classtype:trojan-activity;sid:83686845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykc8ds/45693.exe"; depth:17; endswith; nocase; http.host; content:"redirectdata.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823742/; classtype:trojan-activity;sid:83686842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.168.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823743/; classtype:trojan-activity;sid:83686843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykc8ds/45697.exe"; depth:17; endswith; nocase; http.host; content:"redirectdata.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823744/; classtype:trojan-activity;sid:83686844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykc8ds/45692.exe"; depth:17; endswith; nocase; http.host; content:"redirectdata.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823741/; classtype:trojan-activity;sid:83686841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.33.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823740/; classtype:trojan-activity;sid:83686840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823739/; classtype:trojan-activity;sid:83686839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.194.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823738/; classtype:trojan-activity;sid:83686838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.195.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823737/; classtype:trojan-activity;sid:83686837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/error/xwapri.txt"; depth:17; endswith; nocase; http.host; content:"pantherropes.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823736/; classtype:trojan-activity;sid:83686836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/fiwxa"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823735/; classtype:trojan-activity;sid:83686835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/dhltxt.txt"; depth:14; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823733/; classtype:trojan-activity;sid:83686833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yeejvogc5tnffd9176ed_0ks8y3ynrmw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823734/; classtype:trojan-activity;sid:83686834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1x5z6ep6zepn6sgrs0woiyu9d6shs6n57"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823731/; classtype:trojan-activity;sid:83686831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/luswy"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823732/; classtype:trojan-activity;sid:83686832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4505/rmp.txt"; depth:13; endswith; nocase; http.host; content:"45.136.48.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823729/; classtype:trojan-activity;sid:83686829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/ta8fx"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823730/; classtype:trojan-activity;sid:83686830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4505/rms/mydeargirlgetitbackwithentireprocesstogetmygirllovedsomeonetokissherlipswithlotoflove___shemygirlicanunderstandu.doc"; depth:126; endswith; nocase; http.host; content:"45.136.48.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823727/; classtype:trojan-activity;sid:83686827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4505/checkinginternetconnection.html"; depth:37; endswith; nocase; http.host; content:"45.136.48.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823728/; classtype:trojan-activity;sid:83686828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/gmb/gm/mereallylovedhewithentirethingswhichmakeuunderstandhowmuchilovedherwithallmyheartbecausesheismy__girlwhoilovedtrulyfromtheheart.doc"; depth:145; endswith; nocase; http.host; content:"45.136.48.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823726/; classtype:trojan-activity;sid:83686826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/gmb/ibinternetpdf.html"; depth:29; endswith; nocase; http.host; content:"45.136.48.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823725/; classtype:trojan-activity;sid:83686825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/gmb/gmb.txt"; depth:18; endswith; nocase; http.host; content:"45.136.48.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823724/; classtype:trojan-activity;sid:83686824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bnpparibasremittanceadvice.exe"; depth:31; endswith; nocase; http.host; content:"dukeenergyltd.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823723/; classtype:trojan-activity;sid:83686823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.36.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823722/; classtype:trojan-activity;sid:83686822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.157.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823721/; classtype:trojan-activity;sid:83686821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.56.10.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823720/; classtype:trojan-activity;sid:83686820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.208.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823719/; classtype:trojan-activity;sid:83686819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.60.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823718/; classtype:trojan-activity;sid:83686818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.230.243.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823717/; classtype:trojan-activity;sid:83686817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/imtoken-v2.apk"; depth:25; endswith; nocase; http.host; content:"token.im"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823716/; classtype:trojan-activity;sid:83686816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/lmtoken-3dh7c02k.apk"; depth:26; endswith; nocase; http.host; content:"194.41.59.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823715/; classtype:trojan-activity;sid:83686815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/powershell/"; depth:21; endswith; nocase; http.host; content:"194.163.130.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823714/; classtype:trojan-activity;sid:83686814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823713/; classtype:trojan-activity;sid:83686813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows/verify"; depth:15; endswith; nocase; http.host; content:"cloudnetworkverify.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823712/; classtype:trojan-activity;sid:83686812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32/verification.exe"; depth:20; endswith; nocase; http.host; content:"longboothcant.site"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823711/; classtype:trojan-activity;sid:83686811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gco_startup.bat"; depth:16; endswith; nocase; http.host; content:"194.163.130.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823709/; classtype:trojan-activity;sid:83686809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load_startup_camper.txt"; depth:24; endswith; nocase; http.host; content:"194.163.130.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823710/; classtype:trojan-activity;sid:83686810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load_startup.txt"; depth:17; endswith; nocase; http.host; content:"194.163.130.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823708/; classtype:trojan-activity;sid:83686808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.253.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823707/; classtype:trojan-activity;sid:83686807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823705/; classtype:trojan-activity;sid:83686805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.168.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823706/; classtype:trojan-activity;sid:83686806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.74.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823704/; classtype:trojan-activity;sid:83686804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.214.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823703/; classtype:trojan-activity;sid:83686803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.64.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823702/; classtype:trojan-activity;sid:83686802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.172.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823701/; classtype:trojan-activity;sid:83686801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.194.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823699/; classtype:trojan-activity;sid:83686799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.185.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823700/; classtype:trojan-activity;sid:83686800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.43.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823698/; classtype:trojan-activity;sid:83686798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.221.58.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823697/; classtype:trojan-activity;sid:83686797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.11.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823696/; classtype:trojan-activity;sid:83686796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.210.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823695/; classtype:trojan-activity;sid:83686795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.119.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823693/; classtype:trojan-activity;sid:83686793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.115.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823694/; classtype:trojan-activity;sid:83686794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.26.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823692/; classtype:trojan-activity;sid:83686792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.195.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823691/; classtype:trojan-activity;sid:83686791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.253.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823690/; classtype:trojan-activity;sid:83686790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.225.152.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823689/; classtype:trojan-activity;sid:83686789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.130.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823688/; classtype:trojan-activity;sid:83686788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.235.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823686/; classtype:trojan-activity;sid:83686786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.129.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823687/; classtype:trojan-activity;sid:83686787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.203.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823685/; classtype:trojan-activity;sid:83686785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823684/; classtype:trojan-activity;sid:83686784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.64.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823683/; classtype:trojan-activity;sid:83686783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.67.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823682/; classtype:trojan-activity;sid:83686782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823681/; classtype:trojan-activity;sid:83686781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.176.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823680/; classtype:trojan-activity;sid:83686780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.59.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823679/; classtype:trojan-activity;sid:83686779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.115.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823678/; classtype:trojan-activity;sid:83686778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.71.236.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823676/; classtype:trojan-activity;sid:83686776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.147.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823677/; classtype:trojan-activity;sid:83686777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.146.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823675/; classtype:trojan-activity;sid:83686775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykc8ds/45690.exe"; depth:17; endswith; nocase; http.host; content:"redirectdata.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823674/; classtype:trojan-activity;sid:83686774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.119.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823673/; classtype:trojan-activity;sid:83686773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.53.142.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823672/; classtype:trojan-activity;sid:83686772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.177.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823671/; classtype:trojan-activity;sid:83686771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823670/; classtype:trojan-activity;sid:83686770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.203.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823669/; classtype:trojan-activity;sid:83686769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.253.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823668/; classtype:trojan-activity;sid:83686768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.81.137.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823667/; classtype:trojan-activity;sid:83686767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.116.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823666/; classtype:trojan-activity;sid:83686766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.143.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823665/; classtype:trojan-activity;sid:83686765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.53.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823664/; classtype:trojan-activity;sid:83686764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.54.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823663/; classtype:trojan-activity;sid:83686763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.19.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823662/; classtype:trojan-activity;sid:83686762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.86.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823661/; classtype:trojan-activity;sid:83686761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.72.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823660/; classtype:trojan-activity;sid:83686760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.226.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823659/; classtype:trojan-activity;sid:83686759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.71.236.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823658/; classtype:trojan-activity;sid:83686758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.116.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823657/; classtype:trojan-activity;sid:83686757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.150.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823654/; classtype:trojan-activity;sid:83686754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.45.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823655/; classtype:trojan-activity;sid:83686755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.110.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823656/; classtype:trojan-activity;sid:83686756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.149.139.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823653/; classtype:trojan-activity;sid:83686753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.53.142.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823652/; classtype:trojan-activity;sid:83686752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.128.232.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823651/; classtype:trojan-activity;sid:83686751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823650/; classtype:trojan-activity;sid:83686750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.202.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823649/; classtype:trojan-activity;sid:83686749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.34.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823648/; classtype:trojan-activity;sid:83686748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.253.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823645/; classtype:trojan-activity;sid:83686745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823646/; classtype:trojan-activity;sid:83686746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.27.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823647/; classtype:trojan-activity;sid:83686747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.72.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823644/; classtype:trojan-activity;sid:83686744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.215.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823642/; classtype:trojan-activity;sid:83686742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.105.177.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823643/; classtype:trojan-activity;sid:83686743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.69.152.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823641/; classtype:trojan-activity;sid:83686741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823640/; classtype:trojan-activity;sid:83686740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.207.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823639/; classtype:trojan-activity;sid:83686739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.154.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823637/; classtype:trojan-activity;sid:83686737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.247.65.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823638/; classtype:trojan-activity;sid:83686738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.72.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823636/; classtype:trojan-activity;sid:83686736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.49.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823635/; classtype:trojan-activity;sid:83686735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.60.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823634/; classtype:trojan-activity;sid:83686734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.45.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823632/; classtype:trojan-activity;sid:83686732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.202.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823633/; classtype:trojan-activity;sid:83686733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.86.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823631/; classtype:trojan-activity;sid:83686731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823630/; classtype:trojan-activity;sid:83686730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823629/; classtype:trojan-activity;sid:83686729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.60.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823628/; classtype:trojan-activity;sid:83686728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.105.177.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823627/; classtype:trojan-activity;sid:83686727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.220.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823626/; classtype:trojan-activity;sid:83686726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.156.78.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823625/; classtype:trojan-activity;sid:83686725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.208.160.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823623/; classtype:trojan-activity;sid:83686723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.11.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823624/; classtype:trojan-activity;sid:83686724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.207.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823622/; classtype:trojan-activity;sid:83686722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.236.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823621/; classtype:trojan-activity;sid:83686721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.64.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823620/; classtype:trojan-activity;sid:83686720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823619/; classtype:trojan-activity;sid:83686719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.122.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823618/; classtype:trojan-activity;sid:83686718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.129.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823617/; classtype:trojan-activity;sid:83686717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.45.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823616/; classtype:trojan-activity;sid:83686716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.194.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823615/; classtype:trojan-activity;sid:83686715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.61.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823614/; classtype:trojan-activity;sid:83686714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.64.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823613/; classtype:trojan-activity;sid:83686713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.211.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823612/; classtype:trojan-activity;sid:83686712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.225.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823611/; classtype:trojan-activity;sid:83686711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.239.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823610/; classtype:trojan-activity;sid:83686710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.181.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823609/; classtype:trojan-activity;sid:83686709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.223.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823608/; classtype:trojan-activity;sid:83686708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.15.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823607/; classtype:trojan-activity;sid:83686707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823606/; classtype:trojan-activity;sid:83686706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823605/; classtype:trojan-activity;sid:83686705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.179.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823604/; classtype:trojan-activity;sid:83686704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.42.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823603/; classtype:trojan-activity;sid:83686703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823602/; classtype:trojan-activity;sid:83686702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.71.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823601/; classtype:trojan-activity;sid:83686701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.215.220.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823599/; classtype:trojan-activity;sid:83686699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.191.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823600/; classtype:trojan-activity;sid:83686700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.29.9.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823598/; classtype:trojan-activity;sid:83686698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.38.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823597/; classtype:trojan-activity;sid:83686697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.99.221.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823596/; classtype:trojan-activity;sid:83686696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.23.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823595/; classtype:trojan-activity;sid:83686695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.11.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823594/; classtype:trojan-activity;sid:83686694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.250.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823593/; classtype:trojan-activity;sid:83686693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vre"; depth:4; endswith; nocase; http.host; content:"vjwmaster.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823592/; classtype:trojan-activity;sid:83686692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.133.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823591/; classtype:trojan-activity;sid:83686691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.211.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823590/; classtype:trojan-activity;sid:83686690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.225.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823588/; classtype:trojan-activity;sid:83686688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.38.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823589/; classtype:trojan-activity;sid:83686689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.91.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823587/; classtype:trojan-activity;sid:83686687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.250.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823586/; classtype:trojan-activity;sid:83686686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.99.221.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823585/; classtype:trojan-activity;sid:83686685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.239.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823584/; classtype:trojan-activity;sid:83686684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.32.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823583/; classtype:trojan-activity;sid:83686683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823581/; classtype:trojan-activity;sid:83686681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.121.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823582/; classtype:trojan-activity;sid:83686682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.23.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823580/; classtype:trojan-activity;sid:83686680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.225.152.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823579/; classtype:trojan-activity;sid:83686679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823578/; classtype:trojan-activity;sid:83686678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.196.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823577/; classtype:trojan-activity;sid:83686677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.228.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823576/; classtype:trojan-activity;sid:83686676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.59.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823575/; classtype:trojan-activity;sid:83686675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.98.12"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823574/; classtype:trojan-activity;sid:83686674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.91.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823573/; classtype:trojan-activity;sid:83686673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.32.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823572/; classtype:trojan-activity;sid:83686672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.74.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823571/; classtype:trojan-activity;sid:83686671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.142.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823570/; classtype:trojan-activity;sid:83686670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.84.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823569/; classtype:trojan-activity;sid:83686669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.227.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823568/; classtype:trojan-activity;sid:83686668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.210.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823567/; classtype:trojan-activity;sid:83686667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823566/; classtype:trojan-activity;sid:83686666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.206.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823565/; classtype:trojan-activity;sid:83686665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.56.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823564/; classtype:trojan-activity;sid:83686664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.210.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823563/; classtype:trojan-activity;sid:83686663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.233.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823562/; classtype:trojan-activity;sid:83686662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.39.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823561/; classtype:trojan-activity;sid:83686661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.16.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823560/; classtype:trojan-activity;sid:83686660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.167.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823559/; classtype:trojan-activity;sid:83686659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"zqp.register.arpsychotherapy.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823558/; classtype:trojan-activity;sid:83686658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"sapxk.anesthetics.biomedzglobal.com"; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823557/; classtype:trojan-activity;sid:83686657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.145.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823556/; classtype:trojan-activity;sid:83686656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823555/; classtype:trojan-activity;sid:83686655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823554/; classtype:trojan-activity;sid:83686654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823553/; classtype:trojan-activity;sid:83686653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.39.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823552/; classtype:trojan-activity;sid:83686652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823551/; classtype:trojan-activity;sid:83686651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.214.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823550/; classtype:trojan-activity;sid:83686650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.216.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823549/; classtype:trojan-activity;sid:83686649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823548/; classtype:trojan-activity;sid:83686648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.47.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823546/; classtype:trojan-activity;sid:83686646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.210.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823547/; classtype:trojan-activity;sid:83686647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.190.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823545/; classtype:trojan-activity;sid:83686645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.3.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823544/; classtype:trojan-activity;sid:83686644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.226.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823543/; classtype:trojan-activity;sid:83686643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823542/; classtype:trojan-activity;sid:83686642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.161.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823540/; classtype:trojan-activity;sid:83686640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.70.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823541/; classtype:trojan-activity;sid:83686641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.198.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823539/; classtype:trojan-activity;sid:83686639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.85.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823538/; classtype:trojan-activity;sid:83686638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.110.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823537/; classtype:trojan-activity;sid:83686637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.210.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823535/; classtype:trojan-activity;sid:83686635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823536/; classtype:trojan-activity;sid:83686636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823534/; classtype:trojan-activity;sid:83686634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.228.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823533/; classtype:trojan-activity;sid:83686633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.25.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823531/; classtype:trojan-activity;sid:83686631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823532/; classtype:trojan-activity;sid:83686632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.70.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823530/; classtype:trojan-activity;sid:83686630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.50.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823529/; classtype:trojan-activity;sid:83686629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.230.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823528/; classtype:trojan-activity;sid:83686628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.248.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823525/; classtype:trojan-activity;sid:83686625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.51.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823526/; classtype:trojan-activity;sid:83686626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.165.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823527/; classtype:trojan-activity;sid:83686627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.199.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823524/; classtype:trojan-activity;sid:83686624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.179.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823523/; classtype:trojan-activity;sid:83686623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.129.193.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823522/; classtype:trojan-activity;sid:83686622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.255.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823521/; classtype:trojan-activity;sid:83686621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.122.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823520/; classtype:trojan-activity;sid:83686620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.120.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823518/; classtype:trojan-activity;sid:83686618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.234.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823519/; classtype:trojan-activity;sid:83686619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.103.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823517/; classtype:trojan-activity;sid:83686617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.16.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823516/; classtype:trojan-activity;sid:83686616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.158.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823515/; classtype:trojan-activity;sid:83686615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.112.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823514/; classtype:trojan-activity;sid:83686614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.97.167.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823513/; classtype:trojan-activity;sid:83686613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.13.48.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823512/; classtype:trojan-activity;sid:83686612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.104.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823511/; classtype:trojan-activity;sid:83686611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.190.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823509/; classtype:trojan-activity;sid:83686609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.159.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823510/; classtype:trojan-activity;sid:83686610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823508/; classtype:trojan-activity;sid:83686608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.4.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823507/; classtype:trojan-activity;sid:83686607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823506/; classtype:trojan-activity;sid:83686606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.213.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823505/; classtype:trojan-activity;sid:83686605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.49.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823504/; classtype:trojan-activity;sid:83686604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/xx-lavacrypt-dfgs.exe"; depth:29; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823503/; classtype:trojan-activity;sid:83686603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823502/; classtype:trojan-activity;sid:83686602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823501/; classtype:trojan-activity;sid:83686601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.111.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823500/; classtype:trojan-activity;sid:83686600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.255.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823499/; classtype:trojan-activity;sid:83686599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.151.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823498/; classtype:trojan-activity;sid:83686598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.213.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823497/; classtype:trojan-activity;sid:83686597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.154.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823496/; classtype:trojan-activity;sid:83686596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.230.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823495/; classtype:trojan-activity;sid:83686595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.46.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823494/; classtype:trojan-activity;sid:83686594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.49.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823493/; classtype:trojan-activity;sid:83686593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.8.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823492/; classtype:trojan-activity;sid:83686592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.37.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823491/; classtype:trojan-activity;sid:83686591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.16.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823489/; classtype:trojan-activity;sid:83686589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.50.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823490/; classtype:trojan-activity;sid:83686590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.212.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823488/; classtype:trojan-activity;sid:83686588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.46.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823487/; classtype:trojan-activity;sid:83686587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.165.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823486/; classtype:trojan-activity;sid:83686586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.23.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823485/; classtype:trojan-activity;sid:83686585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.159.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823484/; classtype:trojan-activity;sid:83686584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.71.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823483/; classtype:trojan-activity;sid:83686583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.230.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823482/; classtype:trojan-activity;sid:83686582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.154.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823481/; classtype:trojan-activity;sid:83686581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823478/; classtype:trojan-activity;sid:83686578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823479/; classtype:trojan-activity;sid:83686579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823480/; classtype:trojan-activity;sid:83686580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pf"; depth:3; endswith; nocase; http.host; content:"107.189.5.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823477/; classtype:trojan-activity;sid:83686577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"107.189.5.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823476/; classtype:trojan-activity;sid:83686576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823475/; classtype:trojan-activity;sid:83686575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.92.244.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823473/; classtype:trojan-activity;sid:83686573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823474/; classtype:trojan-activity;sid:83686574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823470/; classtype:trojan-activity;sid:83686570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv6l"; depth:13; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823471/; classtype:trojan-activity;sid:83686571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823472/; classtype:trojan-activity;sid:83686572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sparc"; depth:12; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823468/; classtype:trojan-activity;sid:83686568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"109.120.132.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823469/; classtype:trojan-activity;sid:83686569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.ppc"; depth:10; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823466/; classtype:trojan-activity;sid:83686566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.m68k"; depth:11; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823467/; classtype:trojan-activity;sid:83686567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv5"; depth:12; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823465/; classtype:trojan-activity;sid:83686565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823464/; classtype:trojan-activity;sid:83686564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823460/; classtype:trojan-activity;sid:83686560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv4"; depth:12; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823461/; classtype:trojan-activity;sid:83686561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mipsel"; depth:13; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823462/; classtype:trojan-activity;sid:83686562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"141.98.7.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823463/; classtype:trojan-activity;sid:83686563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823456/; classtype:trojan-activity;sid:83686556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i586"; depth:11; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823457/; classtype:trojan-activity;sid:83686557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823458/; classtype:trojan-activity;sid:83686558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sh4"; depth:10; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823459/; classtype:trojan-activity;sid:83686559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823453/; classtype:trojan-activity;sid:83686553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823454/; classtype:trojan-activity;sid:83686554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823455/; classtype:trojan-activity;sid:83686555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823451/; classtype:trojan-activity;sid:83686551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mips"; depth:11; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823452/; classtype:trojan-activity;sid:83686552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823446/; classtype:trojan-activity;sid:83686546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823447/; classtype:trojan-activity;sid:83686547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823448/; classtype:trojan-activity;sid:83686548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.x86"; depth:10; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823449/; classtype:trojan-activity;sid:83686549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"2.58.95.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823450/; classtype:trojan-activity;sid:83686550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823443/; classtype:trojan-activity;sid:83686543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i686"; depth:11; endswith; nocase; http.host; content:"94.156.79.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823444/; classtype:trojan-activity;sid:83686544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823445/; classtype:trojan-activity;sid:83686545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823437/; classtype:trojan-activity;sid:83686537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823438/; classtype:trojan-activity;sid:83686538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823439/; classtype:trojan-activity;sid:83686539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823440/; classtype:trojan-activity;sid:83686540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823441/; classtype:trojan-activity;sid:83686541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823442/; classtype:trojan-activity;sid:83686542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823430/; classtype:trojan-activity;sid:83686530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823431/; classtype:trojan-activity;sid:83686531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823432/; classtype:trojan-activity;sid:83686532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823433/; classtype:trojan-activity;sid:83686533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823434/; classtype:trojan-activity;sid:83686534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823435/; classtype:trojan-activity;sid:83686535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823436/; classtype:trojan-activity;sid:83686536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"94.156.71.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823424/; classtype:trojan-activity;sid:83686524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823425/; classtype:trojan-activity;sid:83686525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823426/; classtype:trojan-activity;sid:83686526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823427/; classtype:trojan-activity;sid:83686527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823428/; classtype:trojan-activity;sid:83686528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_32"; depth:12; endswith; nocase; http.host; content:"141.98.7.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823429/; classtype:trojan-activity;sid:83686529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.145.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823423/; classtype:trojan-activity;sid:83686523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"jdap.register.arpsychotherapy.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823422/; classtype:trojan-activity;sid:83686522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.172.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823420/; classtype:trojan-activity;sid:83686520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.165.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823421/; classtype:trojan-activity;sid:83686521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.53.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823419/; classtype:trojan-activity;sid:83686519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.85.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823418/; classtype:trojan-activity;sid:83686518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.133.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823417/; classtype:trojan-activity;sid:83686517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.95.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823416/; classtype:trojan-activity;sid:83686516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.145.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823415/; classtype:trojan-activity;sid:83686515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.23.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823414/; classtype:trojan-activity;sid:83686514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823413/; classtype:trojan-activity;sid:83686513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"220.152.252.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823412/; classtype:trojan-activity;sid:83686512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.16.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823411/; classtype:trojan-activity;sid:83686511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.172.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823409/; classtype:trojan-activity;sid:83686509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.191.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823410/; classtype:trojan-activity;sid:83686510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.214.111.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823408/; classtype:trojan-activity;sid:83686508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.116.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823407/; classtype:trojan-activity;sid:83686507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.105.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823406/; classtype:trojan-activity;sid:83686506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.252.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823405/; classtype:trojan-activity;sid:83686505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.104.221.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823404/; classtype:trojan-activity;sid:83686504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.95.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823403/; classtype:trojan-activity;sid:83686503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.224.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823402/; classtype:trojan-activity;sid:83686502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.191.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823401/; classtype:trojan-activity;sid:83686501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823400/; classtype:trojan-activity;sid:83686500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xvcsgl5r1nbh"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823399/; classtype:trojan-activity;sid:83686499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.233.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823398/; classtype:trojan-activity;sid:83686498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.195.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823397/; classtype:trojan-activity;sid:83686497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.37.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823396/; classtype:trojan-activity;sid:83686496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.96.25.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823395/; classtype:trojan-activity;sid:83686495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghgjhjhgj.exe"; depth:14; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823393/; classtype:trojan-activity;sid:83686493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.16.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823394/; classtype:trojan-activity;sid:83686494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.34.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823392/; classtype:trojan-activity;sid:83686492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.182.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823391/; classtype:trojan-activity;sid:83686491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.91.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823390/; classtype:trojan-activity;sid:83686490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823389/; classtype:trojan-activity;sid:83686489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.49.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823387/; classtype:trojan-activity;sid:83686487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.209.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823388/; classtype:trojan-activity;sid:83686488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.137.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823386/; classtype:trojan-activity;sid:83686486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.153.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823385/; classtype:trojan-activity;sid:83686485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.147.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823384/; classtype:trojan-activity;sid:83686484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.124.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823383/; classtype:trojan-activity;sid:83686483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.224.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823382/; classtype:trojan-activity;sid:83686482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.176.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823381/; classtype:trojan-activity;sid:83686481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.32.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823380/; classtype:trojan-activity;sid:83686480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.144.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823379/; classtype:trojan-activity;sid:83686479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.153.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823378/; classtype:trojan-activity;sid:83686478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.0.92"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823377/; classtype:trojan-activity;sid:83686477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.52.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823375/; classtype:trojan-activity;sid:83686475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.238.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823376/; classtype:trojan-activity;sid:83686476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.29.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823373/; classtype:trojan-activity;sid:83686473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.176.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823374/; classtype:trojan-activity;sid:83686474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.209.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823372/; classtype:trojan-activity;sid:83686472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.212.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823371/; classtype:trojan-activity;sid:83686471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.87.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823370/; classtype:trojan-activity;sid:83686470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.102.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823369/; classtype:trojan-activity;sid:83686469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823368/; classtype:trojan-activity;sid:83686468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.190.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823366/; classtype:trojan-activity;sid:83686466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.230.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823367/; classtype:trojan-activity;sid:83686467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.59.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823365/; classtype:trojan-activity;sid:83686465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.253.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823364/; classtype:trojan-activity;sid:83686464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.144.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823363/; classtype:trojan-activity;sid:83686463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.153.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823361/; classtype:trojan-activity;sid:83686461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.84.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823362/; classtype:trojan-activity;sid:83686462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.93.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823360/; classtype:trojan-activity;sid:83686460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.4.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823358/; classtype:trojan-activity;sid:83686458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.250.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823359/; classtype:trojan-activity;sid:83686459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.248.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823357/; classtype:trojan-activity;sid:83686457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823356/; classtype:trojan-activity;sid:83686456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.206.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823355/; classtype:trojan-activity;sid:83686455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.111.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823354/; classtype:trojan-activity;sid:83686454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.238.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823353/; classtype:trojan-activity;sid:83686453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823352/; classtype:trojan-activity;sid:83686452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.201.143.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823351/; classtype:trojan-activity;sid:83686451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.147.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823349/; classtype:trojan-activity;sid:83686449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.5.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823350/; classtype:trojan-activity;sid:83686450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823347/; classtype:trojan-activity;sid:83686447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.212.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823348/; classtype:trojan-activity;sid:83686448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.168.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823346/; classtype:trojan-activity;sid:83686446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.102.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823345/; classtype:trojan-activity;sid:83686445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.234.189.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823342/; classtype:trojan-activity;sid:83686442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.226.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823343/; classtype:trojan-activity;sid:83686443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.89.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823344/; classtype:trojan-activity;sid:83686444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823340/; classtype:trojan-activity;sid:83686440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.129.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823341/; classtype:trojan-activity;sid:83686441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.32.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823339/; classtype:trojan-activity;sid:83686439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.249.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823338/; classtype:trojan-activity;sid:83686438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.45.175.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823337/; classtype:trojan-activity;sid:83686437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xyydaudpeyeh"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823336/; classtype:trojan-activity;sid:83686436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.203.132.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823335/; classtype:trojan-activity;sid:83686435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.99.221.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823334/; classtype:trojan-activity;sid:83686434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.72.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823333/; classtype:trojan-activity;sid:83686433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.236.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823332/; classtype:trojan-activity;sid:83686432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.88.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823330/; classtype:trojan-activity;sid:83686430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.145.234.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823331/; classtype:trojan-activity;sid:83686431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.52.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823328/; classtype:trojan-activity;sid:83686428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.226.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823329/; classtype:trojan-activity;sid:83686429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.126.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823327/; classtype:trojan-activity;sid:83686427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823326/; classtype:trojan-activity;sid:83686426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.39.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823324/; classtype:trojan-activity;sid:83686424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ustqj.anesthetics.biomedzglobal.com"; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823325/; classtype:trojan-activity;sid:83686425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.249.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823323/; classtype:trojan-activity;sid:83686423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.60.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823322/; classtype:trojan-activity;sid:83686422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.146.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823321/; classtype:trojan-activity;sid:83686421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823320/; classtype:trojan-activity;sid:83686420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.46.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823319/; classtype:trojan-activity;sid:83686419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.11.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823318/; classtype:trojan-activity;sid:83686418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.184.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823317/; classtype:trojan-activity;sid:83686417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.180.149.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823316/; classtype:trojan-activity;sid:83686416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823315/; classtype:trojan-activity;sid:83686415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668875205|3f|hash=xjwrcg5nix1z6cuhnanrzn92unvgese7t1vmzzlhglz|7c|26|7c|dl=azb0xmsaucbenp6tneupfzu670idugmosjhhfunejx0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823314/; classtype:trojan-activity;sid:83686414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668875162|3f|hash=auuk5lovn1ujwkz5pjnhjvvjjcscmn7l6kztsvqjed8|7c|26|7c|dl=j8laqzrupqzmazbqskdvkqpv9qrz3v3mlxduml14x44|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823313/; classtype:trojan-activity;sid:83686413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.243.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823312/; classtype:trojan-activity;sid:83686412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.58.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823311/; classtype:trojan-activity;sid:83686411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.60.70.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823310/; classtype:trojan-activity;sid:83686410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823309/; classtype:trojan-activity;sid:83686409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.243.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823308/; classtype:trojan-activity;sid:83686408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.140.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823307/; classtype:trojan-activity;sid:83686407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823306/; classtype:trojan-activity;sid:83686406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823305/; classtype:trojan-activity;sid:83686405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.70.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823303/; classtype:trojan-activity;sid:83686403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.209.208.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823304/; classtype:trojan-activity;sid:83686404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.41.82.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823302/; classtype:trojan-activity;sid:83686402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.133.237.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823301/; classtype:trojan-activity;sid:83686401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/current.exe"; depth:12; endswith; nocase; http.host; content:"tulips4change.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823300/; classtype:trojan-activity;sid:83686400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.200.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823299/; classtype:trojan-activity;sid:83686399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.140.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823298/; classtype:trojan-activity;sid:83686398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.162.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823297/; classtype:trojan-activity;sid:83686397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.232.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823296/; classtype:trojan-activity;sid:83686396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.196.142.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823295/; classtype:trojan-activity;sid:83686395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.66.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823294/; classtype:trojan-activity;sid:83686394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.179.120.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823293/; classtype:trojan-activity;sid:83686393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.144.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823292/; classtype:trojan-activity;sid:83686392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.140.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823291/; classtype:trojan-activity;sid:83686391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.49.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823290/; classtype:trojan-activity;sid:83686390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.250.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823288/; classtype:trojan-activity;sid:83686388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.158.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823289/; classtype:trojan-activity;sid:83686389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.90.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823287/; classtype:trojan-activity;sid:83686387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.228.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823286/; classtype:trojan-activity;sid:83686386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.5.176"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823285/; classtype:trojan-activity;sid:83686385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acestream.apk"; depth:14; endswith; nocase; http.host; content:"sportvision.app"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823284/; classtype:trojan-activity;sid:83686384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.13.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823282/; classtype:trojan-activity;sid:83686382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.123.71.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823281/; classtype:trojan-activity;sid:83686381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.250.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823280/; classtype:trojan-activity;sid:83686380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668872603|3f|hash=dwipxbn6xk4ksjg7lmawspg8cdff0wo7tezfzejn0vl|7c|26|7c|dl=igmqzzehtp9so9vcoetgk9unyogtucwosbqnvcfgb1p|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823279/; classtype:trojan-activity;sid:83686379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.113.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823278/; classtype:trojan-activity;sid:83686378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imtoken-v02.apk"; depth:16; endswith; nocase; http.host; content:"d2.tokendl001.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823277/; classtype:trojan-activity;sid:83686377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.81.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823276/; classtype:trojan-activity;sid:83686376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.141.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823275/; classtype:trojan-activity;sid:83686375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.49.198.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823273/; classtype:trojan-activity;sid:83686373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.113.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823274/; classtype:trojan-activity;sid:83686374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823272/; classtype:trojan-activity;sid:83686372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.13.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823271/; classtype:trojan-activity;sid:83686371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823270/; classtype:trojan-activity;sid:83686370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.64.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823269/; classtype:trojan-activity;sid:83686369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823268/; classtype:trojan-activity;sid:83686368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.244.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823265/; classtype:trojan-activity;sid:83686365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.16.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823266/; classtype:trojan-activity;sid:83686366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.134.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823267/; classtype:trojan-activity;sid:83686367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823264/; classtype:trojan-activity;sid:83686364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imtoken-v2.apk"; depth:15; endswith; nocase; http.host; content:"imtokenn.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823262/; classtype:trojan-activity;sid:83686362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saat.apk"; depth:9; endswith; nocase; http.host; content:"91.92.246.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823261/; classtype:trojan-activity;sid:83686361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gco.txt"; depth:8; endswith; nocase; http.host; content:"194.163.130.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823258/; classtype:trojan-activity;sid:83686358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gco_recovery.txt"; depth:17; endswith; nocase; http.host; content:"194.163.130.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823259/; classtype:trojan-activity;sid:83686359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gco_backup.txt"; depth:15; endswith; nocase; http.host; content:"194.163.130.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823260/; classtype:trojan-activity;sid:83686360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imtoken-v2.apk"; depth:15; endswith; nocase; http.host; content:"imtoken8.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823257/; classtype:trojan-activity;sid:83686357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imtoken.apk"; depth:12; endswith; nocase; http.host; content:"imtoken8.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823256/; classtype:trojan-activity;sid:83686356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imtoken.apk"; depth:12; endswith; nocase; http.host; content:"www.imtokerrn.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823255/; classtype:trojan-activity;sid:83686355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.207.191.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823254/; classtype:trojan-activity;sid:83686354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668870506|3f|hash=ztiwbaeyttliw7nb9vup7mp3tcphpzfk8uiprmiqmpg|7c|26|7c|dl=mhexoqwhbnz3ty9pjfzi5icagqza3amgmvr0y1quuks|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823253/; classtype:trojan-activity;sid:83686353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xzcqo6genfvf"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823251/; classtype:trojan-activity;sid:83686351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xui8pqhlxexl"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823252/; classtype:trojan-activity;sid:83686352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/velociraptor.apk"; depth:17; endswith; nocase; http.host; content:"91.92.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823250/; classtype:trojan-activity;sid:83686350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/line.rar"; depth:9; endswith; nocase; http.host; content:"91.92.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823248/; classtype:trojan-activity;sid:83686348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/line.apk"; depth:9; endswith; nocase; http.host; content:"91.92.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823249/; classtype:trojan-activity;sid:83686349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rehana%20tanoli/line.apk"; depth:25; endswith; nocase; http.host; content:"91.92.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823247/; classtype:trojan-activity;sid:83686347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.161.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823246/; classtype:trojan-activity;sid:83686346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whatsappsecure.apk"; depth:19; endswith; nocase; http.host; content:"91.92.243.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823245/; classtype:trojan-activity;sid:83686345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klever_0x0003010422ef5b6.exe"; depth:29; endswith; nocase; http.host; content:"94.156.71.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823244/; classtype:trojan-activity;sid:83686344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meduz04ka3_0x0001a1946624f10.exe"; depth:33; endswith; nocase; http.host; content:"94.156.71.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823243/; classtype:trojan-activity;sid:83686343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mou3_0x0001a1946624f10.exe"; depth:27; endswith; nocase; http.host; content:"94.156.71.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823242/; classtype:trojan-activity;sid:83686342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.38.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823241/; classtype:trojan-activity;sid:83686341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"qeobm.pool.hjdeboer.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823240/; classtype:trojan-activity;sid:83686340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.159.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823239/; classtype:trojan-activity;sid:83686339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.12.185.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823238/; classtype:trojan-activity;sid:83686338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.129.58.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823237/; classtype:trojan-activity;sid:83686337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.20.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823236/; classtype:trojan-activity;sid:83686336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.233.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823235/; classtype:trojan-activity;sid:83686335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.222.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823234/; classtype:trojan-activity;sid:83686334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823233/; classtype:trojan-activity;sid:83686333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823232/; classtype:trojan-activity;sid:83686332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.199.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823231/; classtype:trojan-activity;sid:83686331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.117.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823230/; classtype:trojan-activity;sid:83686330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.x86"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823224/; classtype:trojan-activity;sid:83686324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.mpsl"; depth:11; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823225/; classtype:trojan-activity;sid:83686325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.arm5"; depth:11; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823226/; classtype:trojan-activity;sid:83686326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.sh4"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823227/; classtype:trojan-activity;sid:83686327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.arm6"; depth:11; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823228/; classtype:trojan-activity;sid:83686328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.mips"; depth:11; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823229/; classtype:trojan-activity;sid:83686329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.m68k"; depth:11; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823221/; classtype:trojan-activity;sid:83686321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.ppc"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823222/; classtype:trojan-activity;sid:83686322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.spc"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823223/; classtype:trojan-activity;sid:83686323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.ps1"; depth:6; endswith; nocase; http.host; content:"209.126.87.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823220/; classtype:trojan-activity;sid:83686320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.bat"; depth:9; endswith; nocase; http.host; content:"209.126.87.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823217/; classtype:trojan-activity;sid:83686317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iz.exe"; depth:7; endswith; nocase; http.host; content:"209.126.87.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823218/; classtype:trojan-activity;sid:83686318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iz.ps1"; depth:7; endswith; nocase; http.host; content:"209.126.87.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823219/; classtype:trojan-activity;sid:83686319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rename.lnk"; depth:11; endswith; nocase; http.host; content:"209.126.87.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823214/; classtype:trojan-activity;sid:83686314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/track.pdf"; depth:10; endswith; nocase; http.host; content:"209.126.87.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823215/; classtype:trojan-activity;sid:83686315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.ps1"; depth:11; endswith; nocase; http.host; content:"209.126.87.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823216/; classtype:trojan-activity;sid:83686316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iz.ps1"; depth:7; endswith; nocase; http.host; content:"209.126.87.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823213/; classtype:trojan-activity;sid:83686313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invoice-098263.lnk"; depth:19; endswith; nocase; http.host; content:"209.126.87.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823211/; classtype:trojan-activity;sid:83686311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.bat"; depth:9; endswith; nocase; http.host; content:"209.126.87.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823212/; classtype:trojan-activity;sid:83686312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.146.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823210/; classtype:trojan-activity;sid:83686310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823209/; classtype:trojan-activity;sid:83686309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.172.49.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823208/; classtype:trojan-activity;sid:83686308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.42.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823207/; classtype:trojan-activity;sid:83686307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.35.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823205/; classtype:trojan-activity;sid:83686305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.70.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823206/; classtype:trojan-activity;sid:83686306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668862025|3f|hash=rzatnkz8jzd7e9ukub7jzzstkxzgecmtxg0oxazukh8|7c|26|7c|dl=bnaa6o9el06ipd5hktoyzje7wj7gz8etcbmrplo0zog|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823204/; classtype:trojan-activity;sid:83686304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668866315|3f|hash=rkfzjjmdejbgyz4czujlabp2xga5pmnpfhnfphmkhhl|7c|26|7c|dl=pmvpykcizkmusrmmwk7ccobruehsdjzrre4e1itg7ic|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823203/; classtype:trojan-activity;sid:83686303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.231.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823202/; classtype:trojan-activity;sid:83686302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.228.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823199/; classtype:trojan-activity;sid:83686299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.101.247.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823200/; classtype:trojan-activity;sid:83686300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.45.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823201/; classtype:trojan-activity;sid:83686301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.103.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823198/; classtype:trojan-activity;sid:83686298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823197/; classtype:trojan-activity;sid:83686297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.190.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823196/; classtype:trojan-activity;sid:83686296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.167.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823195/; classtype:trojan-activity;sid:83686295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.236.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823194/; classtype:trojan-activity;sid:83686294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.52.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823193/; classtype:trojan-activity;sid:83686293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.arm7"; depth:11; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823191/; classtype:trojan-activity;sid:83686291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdsfl.arm"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823192/; classtype:trojan-activity;sid:83686292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.61.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823190/; classtype:trojan-activity;sid:83686290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xfvaw4egtvfu"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823189/; classtype:trojan-activity;sid:83686289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"88.245.251.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823188/; classtype:trojan-activity;sid:83686288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823187/; classtype:trojan-activity;sid:83686287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.144.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823186/; classtype:trojan-activity;sid:83686286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.107.8.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823185/; classtype:trojan-activity;sid:83686285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.142.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823183/; classtype:trojan-activity;sid:83686283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.113.22.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823184/; classtype:trojan-activity;sid:83686284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.234.222.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823182/; classtype:trojan-activity;sid:83686282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.46.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823181/; classtype:trojan-activity;sid:83686281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.37.237.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823180/; classtype:trojan-activity;sid:83686280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823179/; classtype:trojan-activity;sid:83686279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.80.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823178/; classtype:trojan-activity;sid:83686278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steamworks.exe"; depth:15; endswith; nocase; http.host; content:"m1744435.096096.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823177/; classtype:trojan-activity;sid:83686277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"206.189.49.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823175/; classtype:trojan-activity;sid:83686275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"206.189.49.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823176/; classtype:trojan-activity;sid:83686276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.42.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823174/; classtype:trojan-activity;sid:83686274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.210.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823173/; classtype:trojan-activity;sid:83686273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.202.236.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823172/; classtype:trojan-activity;sid:83686272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.74.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823171/; classtype:trojan-activity;sid:83686271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.86.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823170/; classtype:trojan-activity;sid:83686270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adminn.scr"; depth:11; endswith; nocase; http.host; content:"dukeenergyltd.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823169/; classtype:trojan-activity;sid:83686269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.188.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823168/; classtype:trojan-activity;sid:83686268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.5.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823166/; classtype:trojan-activity;sid:83686266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.72.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823167/; classtype:trojan-activity;sid:83686267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823159/; classtype:trojan-activity;sid:83686259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823160/; classtype:trojan-activity;sid:83686260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823161/; classtype:trojan-activity;sid:83686261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823162/; classtype:trojan-activity;sid:83686262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823163/; classtype:trojan-activity;sid:83686263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823164/; classtype:trojan-activity;sid:83686264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823165/; classtype:trojan-activity;sid:83686265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823155/; classtype:trojan-activity;sid:83686255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823156/; classtype:trojan-activity;sid:83686256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823157/; classtype:trojan-activity;sid:83686257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823158/; classtype:trojan-activity;sid:83686258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.245.251.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823154/; classtype:trojan-activity;sid:83686254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.49.192.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823153/; classtype:trojan-activity;sid:83686253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.8.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823152/; classtype:trojan-activity;sid:83686252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.144.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823151/; classtype:trojan-activity;sid:83686251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y-steamworks.exe"; depth:17; endswith; nocase; http.host; content:"117.50.194.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.122.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823149/; classtype:trojan-activity;sid:83686249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823148/; classtype:trojan-activity;sid:83686248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823147/; classtype:trojan-activity;sid:83686247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.11.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823146/; classtype:trojan-activity;sid:83686246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.11.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823145/; classtype:trojan-activity;sid:83686245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/1128/steamworks.exe"; depth:22; endswith; nocase; http.host; content:"by.haory.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823144/; classtype:trojan-activity;sid:83686244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steamworks.exe"; depth:15; endswith; nocase; http.host; content:"m1744435.096096.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823143/; classtype:trojan-activity;sid:83686243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.235.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823142/; classtype:trojan-activity;sid:83686242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.67.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823141/; classtype:trojan-activity;sid:83686241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.74.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823140/; classtype:trojan-activity;sid:83686240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.248.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823139/; classtype:trojan-activity;sid:83686239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.19.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823138/; classtype:trojan-activity;sid:83686238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823137/; classtype:trojan-activity;sid:83686237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.29.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823135/; classtype:trojan-activity;sid:83686235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.98.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823136/; classtype:trojan-activity;sid:83686236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/arm-linux-gnueabi"; depth:32; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823129/; classtype:trojan-activity;sid:83686229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/mips64el-linux-gnuabi64"; depth:38; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823130/; classtype:trojan-activity;sid:83686230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/powerpc-linux-gnu"; depth:32; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823131/; classtype:trojan-activity;sid:83686231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/mipsel-linux-gnu"; depth:31; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823132/; classtype:trojan-activity;sid:83686232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/mips-linux-gnu"; depth:29; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823133/; classtype:trojan-activity;sid:83686233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/sparc64-linux-gnu"; depth:32; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823134/; classtype:trojan-activity;sid:83686234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/arm-linux-gnueabihf"; depth:34; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823117/; classtype:trojan-activity;sid:83686217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/riscv64-linux-gnu"; depth:32; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823118/; classtype:trojan-activity;sid:83686218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/s390x-linux-gnu"; depth:30; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823119/; classtype:trojan-activity;sid:83686219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/mips64-linux-gnuabi64"; depth:36; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823120/; classtype:trojan-activity;sid:83686220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/sh4-linux-gnu"; depth:28; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823121/; classtype:trojan-activity;sid:83686221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/x86-64-linux-gnu"; depth:31; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823122/; classtype:trojan-activity;sid:83686222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/powerpc64-linux-gnu"; depth:34; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823123/; classtype:trojan-activity;sid:83686223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/powerpc64le-linux-gnu"; depth:36; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823124/; classtype:trojan-activity;sid:83686224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/i686-linux-gnu"; depth:29; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823125/; classtype:trojan-activity;sid:83686225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/alpha-linux-gnu"; depth:30; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823126/; classtype:trojan-activity;sid:83686226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/hppa-linux-gnu"; depth:29; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823127/; classtype:trojan-activity;sid:83686227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper/linux/aarch64-linux-gnu"; depth:32; endswith; nocase; http.host; content:"94.228.168.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823128/; classtype:trojan-activity;sid:83686228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.93.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823116/; classtype:trojan-activity;sid:83686216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.149.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823115/; classtype:trojan-activity;sid:83686215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.131.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823114/; classtype:trojan-activity;sid:83686214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.140.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823113/; classtype:trojan-activity;sid:83686213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.61.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823112/; classtype:trojan-activity;sid:83686212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.189.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823111/; classtype:trojan-activity;sid:83686211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823110/; classtype:trojan-activity;sid:83686210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.194.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823107/; classtype:trojan-activity;sid:83686207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%2477xmrig.exe"; depth:15; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823108/; classtype:trojan-activity;sid:83686208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%2477tor.exe"; depth:13; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823109/; classtype:trojan-activity;sid:83686209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.41.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823106/; classtype:trojan-activity;sid:83686206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libstdc%2b%2b-6.dll"; depth:20; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823105/; classtype:trojan-activity;sid:83686205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.exe"; depth:12; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823103/; classtype:trojan-activity;sid:83686203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libgcc_s_dw2-1.dll"; depth:19; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823104/; classtype:trojan-activity;sid:83686204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.224.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823102/; classtype:trojan-activity;sid:83686202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.vbs"; depth:11; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823101/; classtype:trojan-activity;sid:83686201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winring0x64.sys"; depth:16; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823099/; classtype:trojan-activity;sid:83686199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net.vbs"; depth:8; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823100/; classtype:trojan-activity;sid:83686200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%2477system.vbs"; depth:16; endswith; nocase; http.host; content:"45.88.90.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823098/; classtype:trojan-activity;sid:83686198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.209.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823097/; classtype:trojan-activity;sid:83686197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.191.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823096/; classtype:trojan-activity;sid:83686196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.200.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823095/; classtype:trojan-activity;sid:83686195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptonrat.exe"; depth:15; endswith; nocase; http.host; content:"87.120.84.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823094/; classtype:trojan-activity;sid:83686194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sig.exe"; depth:8; endswith; nocase; http.host; content:"87.120.84.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823093/; classtype:trojan-activity;sid:83686193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yk.exe"; depth:7; endswith; nocase; http.host; content:"87.120.84.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823092/; classtype:trojan-activity;sid:83686192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.208.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823091/; classtype:trojan-activity;sid:83686191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.140.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823090/; classtype:trojan-activity;sid:83686190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.180.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823089/; classtype:trojan-activity;sid:83686189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.230.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823088/; classtype:trojan-activity;sid:83686188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.73.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823087/; classtype:trojan-activity;sid:83686187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.63.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823086/; classtype:trojan-activity;sid:83686186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823085/; classtype:trojan-activity;sid:83686185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.210.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823084/; classtype:trojan-activity;sid:83686184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfekrthdtjivs63.bin"; depth:20; endswith; nocase; http.host; content:"172.93.222.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823083/; classtype:trojan-activity;sid:83686183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227169762392674387/1231867622568493086/ikacvgbsewoudhywk67.bin|3f|ex=66388520|7c|26|7c|is=66261020|7c|26|7c|hm=f34c77f087823f58b3b1922bdaa3a36b36cb979addb0f5a026be3f7860ec35d8|7c|26|7c|"; depth:199; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823082/; classtype:trojan-activity;sid:83686182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.149.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823081/; classtype:trojan-activity;sid:83686181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.157.100.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823080/; classtype:trojan-activity;sid:83686180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823079/; classtype:trojan-activity;sid:83686179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.252.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823078/; classtype:trojan-activity;sid:83686178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.236.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823077/; classtype:trojan-activity;sid:83686177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.72.149.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823076/; classtype:trojan-activity;sid:83686176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.191.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823075/; classtype:trojan-activity;sid:83686175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823074/; classtype:trojan-activity;sid:83686174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.186.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823073/; classtype:trojan-activity;sid:83686173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.61.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823072/; classtype:trojan-activity;sid:83686172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.215.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823071/; classtype:trojan-activity;sid:83686171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823070/; classtype:trojan-activity;sid:83686170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//tester.sh"; depth:11; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823069/; classtype:trojan-activity;sid:83686169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823068/; classtype:trojan-activity;sid:83686168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.235.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823067/; classtype:trojan-activity;sid:83686167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.230.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823066/; classtype:trojan-activity;sid:83686166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.69.152.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823065/; classtype:trojan-activity;sid:83686165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823064/; classtype:trojan-activity;sid:83686164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.149.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823063/; classtype:trojan-activity;sid:83686163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.96.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823062/; classtype:trojan-activity;sid:83686162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.189.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823061/; classtype:trojan-activity;sid:83686161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.40.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823060/; classtype:trojan-activity;sid:83686160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823059/; classtype:trojan-activity;sid:83686159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.236.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823058/; classtype:trojan-activity;sid:83686158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823057/; classtype:trojan-activity;sid:83686157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.61.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823056/; classtype:trojan-activity;sid:83686156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.235.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823055/; classtype:trojan-activity;sid:83686155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.217.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823054/; classtype:trojan-activity;sid:83686154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.228.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823053/; classtype:trojan-activity;sid:83686153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823052/; classtype:trojan-activity;sid:83686152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.205.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823051/; classtype:trojan-activity;sid:83686151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.72.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823050/; classtype:trojan-activity;sid:83686150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.71.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823049/; classtype:trojan-activity;sid:83686149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.205.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823048/; classtype:trojan-activity;sid:83686148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.185.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823047/; classtype:trojan-activity;sid:83686147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.25.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823046/; classtype:trojan-activity;sid:83686146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.138.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823044/; classtype:trojan-activity;sid:83686144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.184.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823045/; classtype:trojan-activity;sid:83686145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.156.71.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823043/; classtype:trojan-activity;sid:83686143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.56.88.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823042/; classtype:trojan-activity;sid:83686142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.138.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823041/; classtype:trojan-activity;sid:83686141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.188.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823040/; classtype:trojan-activity;sid:83686140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.34.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823038/; classtype:trojan-activity;sid:83686138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.60.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823039/; classtype:trojan-activity;sid:83686139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.57.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823037/; classtype:trojan-activity;sid:83686137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.57.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823036/; classtype:trojan-activity;sid:83686136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.251.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823035/; classtype:trojan-activity;sid:83686135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.56.88.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823034/; classtype:trojan-activity;sid:83686134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.57.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823032/; classtype:trojan-activity;sid:83686132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.148.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823033/; classtype:trojan-activity;sid:83686133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.113.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823031/; classtype:trojan-activity;sid:83686131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.86.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823030/; classtype:trojan-activity;sid:83686130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823029/; classtype:trojan-activity;sid:83686129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.180.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823028/; classtype:trojan-activity;sid:83686128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.102.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823026/; classtype:trojan-activity;sid:83686126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.175.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823027/; classtype:trojan-activity;sid:83686127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.120.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823024/; classtype:trojan-activity;sid:83686124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.64.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823025/; classtype:trojan-activity;sid:83686125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb52cf952e86d4b/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"89.105.201.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823023/; classtype:trojan-activity;sid:83686123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb52cf952e86d4b/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"89.105.201.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823022/; classtype:trojan-activity;sid:83686122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb52cf952e86d4b/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"89.105.201.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823018/; classtype:trojan-activity;sid:83686118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb52cf952e86d4b/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"89.105.201.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823019/; classtype:trojan-activity;sid:83686119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb52cf952e86d4b/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"89.105.201.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823020/; classtype:trojan-activity;sid:83686120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb52cf952e86d4b/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"89.105.201.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823021/; classtype:trojan-activity;sid:83686121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb52cf952e86d4b/nss3.dll"; depth:26; endswith; nocase; http.host; content:"89.105.201.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823017/; classtype:trojan-activity;sid:83686117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.72.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823016/; classtype:trojan-activity;sid:83686116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.x86"; depth:8; endswith; nocase; http.host; content:"staub660.vps.ho.ua"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823015/; classtype:trojan-activity;sid:83686115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"94.156.71.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823013/; classtype:trojan-activity;sid:83686113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.156.71.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823014/; classtype:trojan-activity;sid:83686114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.37.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823012/; classtype:trojan-activity;sid:83686112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.187.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823011/; classtype:trojan-activity;sid:83686111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.234.189.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823010/; classtype:trojan-activity;sid:83686110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.180.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823009/; classtype:trojan-activity;sid:83686109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823008/; classtype:trojan-activity;sid:83686108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.188.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823007/; classtype:trojan-activity;sid:83686107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823006/; classtype:trojan-activity;sid:83686106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.34.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823005/; classtype:trojan-activity;sid:83686105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.113.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823004/; classtype:trojan-activity;sid:83686104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.235.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823003/; classtype:trojan-activity;sid:83686103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.86.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823002/; classtype:trojan-activity;sid:83686102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.102.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823001/; classtype:trojan-activity;sid:83686101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823000/; classtype:trojan-activity;sid:83686100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.83.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822999/; classtype:trojan-activity;sid:83686099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.125.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822998/; classtype:trojan-activity;sid:83686098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.120.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822997/; classtype:trojan-activity;sid:83686097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.91.108.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822995/; classtype:trojan-activity;sid:83686095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.194.35.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822996/; classtype:trojan-activity;sid:83686096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.35.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822994/; classtype:trojan-activity;sid:83686094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.4.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822993/; classtype:trojan-activity;sid:83686093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.86.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822988/; classtype:trojan-activity;sid:83686088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.148.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822989/; classtype:trojan-activity;sid:83686089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.13.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822990/; classtype:trojan-activity;sid:83686090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.75.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822991/; classtype:trojan-activity;sid:83686091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.72.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822992/; classtype:trojan-activity;sid:83686092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.91.108.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822987/; classtype:trojan-activity;sid:83686087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.188.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822986/; classtype:trojan-activity;sid:83686086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822985/; classtype:trojan-activity;sid:83686085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822984/; classtype:trojan-activity;sid:83686084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.59.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822983/; classtype:trojan-activity;sid:83686083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro6x2.sh"; depth:12; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822979/; classtype:trojan-activity;sid:83686079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro6x.sh"; depth:11; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822980/; classtype:trojan-activity;sid:83686080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro.sh"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822981/; classtype:trojan-activity;sid:83686081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydro6x1.sh"; depth:12; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822982/; classtype:trojan-activity;sid:83686082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.arm5"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822974/; classtype:trojan-activity;sid:83686074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.x86_64"; depth:11; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822975/; classtype:trojan-activity;sid:83686075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.mips"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822976/; classtype:trojan-activity;sid:83686076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.arm7"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822977/; classtype:trojan-activity;sid:83686077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd"; depth:4; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822978/; classtype:trojan-activity;sid:83686078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.x86"; depth:8; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822973/; classtype:trojan-activity;sid:83686073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.i686"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822971/; classtype:trojan-activity;sid:83686071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.arm"; depth:8; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822972/; classtype:trojan-activity;sid:83686072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.arm6"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822970/; classtype:trojan-activity;sid:83686070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.m68k"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822968/; classtype:trojan-activity;sid:83686068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.mpsl"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822969/; classtype:trojan-activity;sid:83686069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.arm4"; depth:9; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822963/; classtype:trojan-activity;sid:83686063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.arc"; depth:8; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822964/; classtype:trojan-activity;sid:83686064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.spc"; depth:8; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822965/; classtype:trojan-activity;sid:83686065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.ppc"; depth:8; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822966/; classtype:trojan-activity;sid:83686066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyd.sh4"; depth:8; endswith; nocase; http.host; content:"91.228.147.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822967/; classtype:trojan-activity;sid:83686067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.55.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822962/; classtype:trojan-activity;sid:83686062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.67.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822961/; classtype:trojan-activity;sid:83686061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.59.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822960/; classtype:trojan-activity;sid:83686060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.162.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822959/; classtype:trojan-activity;sid:83686059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.60.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822958/; classtype:trojan-activity;sid:83686058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822945/; classtype:trojan-activity;sid:83686045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822946/; classtype:trojan-activity;sid:83686046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nut"; depth:4; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822947/; classtype:trojan-activity;sid:83686047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822948/; classtype:trojan-activity;sid:83686048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822949/; classtype:trojan-activity;sid:83686049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822950/; classtype:trojan-activity;sid:83686050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822951/; classtype:trojan-activity;sid:83686051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822952/; classtype:trojan-activity;sid:83686052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822953/; classtype:trojan-activity;sid:83686053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822954/; classtype:trojan-activity;sid:83686054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822955/; classtype:trojan-activity;sid:83686055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822956/; classtype:trojan-activity;sid:83686056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822957/; classtype:trojan-activity;sid:83686057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"194.99.21.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822944/; classtype:trojan-activity;sid:83686044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.143.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822943/; classtype:trojan-activity;sid:83686043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822941/; classtype:trojan-activity;sid:83686041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822942/; classtype:trojan-activity;sid:83686042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822940/; classtype:trojan-activity;sid:83686040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822938/; classtype:trojan-activity;sid:83686038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822939/; classtype:trojan-activity;sid:83686039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822937/; classtype:trojan-activity;sid:83686037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822934/; classtype:trojan-activity;sid:83686034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822935/; classtype:trojan-activity;sid:83686035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822936/; classtype:trojan-activity;sid:83686036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822927/; classtype:trojan-activity;sid:83686027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822928/; classtype:trojan-activity;sid:83686028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822929/; classtype:trojan-activity;sid:83686029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822930/; classtype:trojan-activity;sid:83686030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822931/; classtype:trojan-activity;sid:83686031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822932/; classtype:trojan-activity;sid:83686032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822933/; classtype:trojan-activity;sid:83686033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822919/; classtype:trojan-activity;sid:83686019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822920/; classtype:trojan-activity;sid:83686020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822921/; classtype:trojan-activity;sid:83686021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822922/; classtype:trojan-activity;sid:83686022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822923/; classtype:trojan-activity;sid:83686023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822924/; classtype:trojan-activity;sid:83686024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822925/; classtype:trojan-activity;sid:83686025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822926/; classtype:trojan-activity;sid:83686026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822918/; classtype:trojan-activity;sid:83686018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.4.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822917/; classtype:trojan-activity;sid:83686017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.222.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822916/; classtype:trojan-activity;sid:83686016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.246.207.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822915/; classtype:trojan-activity;sid:83686015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822914/; classtype:trojan-activity;sid:83686014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.35.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822912/; classtype:trojan-activity;sid:83686012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822913/; classtype:trojan-activity;sid:83686013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.143.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822911/; classtype:trojan-activity;sid:83686011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.150.253.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822910/; classtype:trojan-activity;sid:83686010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.89.188.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.30.85.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.159.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.162.233.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822905/; classtype:trojan-activity;sid:83686005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.43.6.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822906/; classtype:trojan-activity;sid:83686006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.50.148.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822890/; classtype:trojan-activity;sid:83685990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.28.58.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822891/; classtype:trojan-activity;sid:83685991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.241.94.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822892/; classtype:trojan-activity;sid:83685992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"112.120.173.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822893/; classtype:trojan-activity;sid:83685993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.136.240.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822894/; classtype:trojan-activity;sid:83685994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.252.66.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822895/; classtype:trojan-activity;sid:83685995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.28.160.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822896/; classtype:trojan-activity;sid:83685996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.193.33.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822897/; classtype:trojan-activity;sid:83685997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"173.215.77.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822898/; classtype:trojan-activity;sid:83685998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.18.223.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822899/; classtype:trojan-activity;sid:83685999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"139.255.78.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822900/; classtype:trojan-activity;sid:83686000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.111.183.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822901/; classtype:trojan-activity;sid:83686001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.38.60.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822902/; classtype:trojan-activity;sid:83686002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.188.48.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822903/; classtype:trojan-activity;sid:83686003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"70.119.172.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822904/; classtype:trojan-activity;sid:83686004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.242.124.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822885/; classtype:trojan-activity;sid:83685985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.92.222.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822886/; classtype:trojan-activity;sid:83685986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.30.245.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822887/; classtype:trojan-activity;sid:83685987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.69.219.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822888/; classtype:trojan-activity;sid:83685988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.244.120.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822889/; classtype:trojan-activity;sid:83685989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.154.131.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.141.135.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.150.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822883/; classtype:trojan-activity;sid:83685983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"96.95.55.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822884/; classtype:trojan-activity;sid:83685984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.53.164.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822879/; classtype:trojan-activity;sid:83685979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.140.156.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822880/; classtype:trojan-activity;sid:83685980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.116.219.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822875/; classtype:trojan-activity;sid:83685975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.76.195.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.13.221.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822877/; classtype:trojan-activity;sid:83685977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"153.19.169.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822878/; classtype:trojan-activity;sid:83685978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"141.105.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822864/; classtype:trojan-activity;sid:83685964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"12.148.208.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822865/; classtype:trojan-activity;sid:83685965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.254.173.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822866/; classtype:trojan-activity;sid:83685966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.65.15.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.215.163.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822868/; classtype:trojan-activity;sid:83685968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.114.137.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822869/; classtype:trojan-activity;sid:83685969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.184.84.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822870/; classtype:trojan-activity;sid:83685970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.4.247.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822871/; classtype:trojan-activity;sid:83685971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"141.101.226.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822872/; classtype:trojan-activity;sid:83685972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.148.20.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.120.179.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822874/; classtype:trojan-activity;sid:83685974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.125.13.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822850/; classtype:trojan-activity;sid:83685950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.127.76.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822851/; classtype:trojan-activity;sid:83685951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.111.182.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822852/; classtype:trojan-activity;sid:83685952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.126.230.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822853/; classtype:trojan-activity;sid:83685953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.222.134.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822854/; classtype:trojan-activity;sid:83685954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.20.63.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822855/; classtype:trojan-activity;sid:83685955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.123.169.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822856/; classtype:trojan-activity;sid:83685956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.48.58.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822857/; classtype:trojan-activity;sid:83685957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.143.174.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822858/; classtype:trojan-activity;sid:83685958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"137.119.38.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822859/; classtype:trojan-activity;sid:83685959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.241.113.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822860/; classtype:trojan-activity;sid:83685960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.189.172.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822861/; classtype:trojan-activity;sid:83685961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.128.195.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.77.74.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.16.195.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822842/; classtype:trojan-activity;sid:83685942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.152.129.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822843/; classtype:trojan-activity;sid:83685943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.81.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822844/; classtype:trojan-activity;sid:83685944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"75.183.98.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822845/; classtype:trojan-activity;sid:83685945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.67.251.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822846/; classtype:trojan-activity;sid:83685946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.242.139.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.170.118.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822848/; classtype:trojan-activity;sid:83685948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"70.166.80.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822849/; classtype:trojan-activity;sid:83685949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"163.53.205.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822839/; classtype:trojan-activity;sid:83685939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.150.128.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822840/; classtype:trojan-activity;sid:83685940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.50.7.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822841/; classtype:trojan-activity;sid:83685941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.212.52.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822837/; classtype:trojan-activity;sid:83685937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.20.234.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822838/; classtype:trojan-activity;sid:83685938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.188.248.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822836/; classtype:trojan-activity;sid:83685936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.151.92.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822835/; classtype:trojan-activity;sid:83685935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.253.241.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822833/; classtype:trojan-activity;sid:83685933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.154.187.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"101.161.231.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822820/; classtype:trojan-activity;sid:83685920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.210.217.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822821/; classtype:trojan-activity;sid:83685921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.113.225.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822822/; classtype:trojan-activity;sid:83685922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.88.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.227.118.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822824/; classtype:trojan-activity;sid:83685924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.94.245.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.170.168.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822826/; classtype:trojan-activity;sid:83685926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.18.145.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822827/; classtype:trojan-activity;sid:83685927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"122.201.25.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.87.236.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822829/; classtype:trojan-activity;sid:83685929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"167.250.193.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822830/; classtype:trojan-activity;sid:83685930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.23.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822831/; classtype:trojan-activity;sid:83685931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.57.128.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822832/; classtype:trojan-activity;sid:83685932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.254.223.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822808/; classtype:trojan-activity;sid:83685908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.116.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.201.184.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822810/; classtype:trojan-activity;sid:83685910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.200.72.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.89.11.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822812/; classtype:trojan-activity;sid:83685912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.234.251.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822813/; classtype:trojan-activity;sid:83685913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.34.20.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822814/; classtype:trojan-activity;sid:83685914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.189.125.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822815/; classtype:trojan-activity;sid:83685915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.5.36.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822816/; classtype:trojan-activity;sid:83685916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.117.177.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822817/; classtype:trojan-activity;sid:83685917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"67.78.106.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822818/; classtype:trojan-activity;sid:83685918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.114.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.196.97.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822801/; classtype:trojan-activity;sid:83685901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.96.214.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822802/; classtype:trojan-activity;sid:83685902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.249.179.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822803/; classtype:trojan-activity;sid:83685903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.250.206.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822804/; classtype:trojan-activity;sid:83685904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"67.174.143.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822805/; classtype:trojan-activity;sid:83685905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.116.68.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822806/; classtype:trojan-activity;sid:83685906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.70.31.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822807/; classtype:trojan-activity;sid:83685907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.235.21.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822795/; classtype:trojan-activity;sid:83685895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.57.32.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822796/; classtype:trojan-activity;sid:83685896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.131.81.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.201.7.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822798/; classtype:trojan-activity;sid:83685898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.133.4.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822799/; classtype:trojan-activity;sid:83685899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.69.88.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822800/; classtype:trojan-activity;sid:83685900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822793/; classtype:trojan-activity;sid:83685893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.72.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.176.137.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822778/; classtype:trojan-activity;sid:83685878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.228.223.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822779/; classtype:trojan-activity;sid:83685879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822780/; classtype:trojan-activity;sid:83685880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.158.175.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822781/; classtype:trojan-activity;sid:83685881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.154.135.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.91.37.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822783/; classtype:trojan-activity;sid:83685883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.237.174.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822784/; classtype:trojan-activity;sid:83685884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.202.83.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822785/; classtype:trojan-activity;sid:83685885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.255.163.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822786/; classtype:trojan-activity;sid:83685886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.41.91.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822787/; classtype:trojan-activity;sid:83685887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.136.69.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822788/; classtype:trojan-activity;sid:83685888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.120.179.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822789/; classtype:trojan-activity;sid:83685889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.227.118.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822790/; classtype:trojan-activity;sid:83685890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.101.130.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822791/; classtype:trojan-activity;sid:83685891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.78.201.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.201.136.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822769/; classtype:trojan-activity;sid:83685869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.252.66.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822770/; classtype:trojan-activity;sid:83685870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.236.218.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822771/; classtype:trojan-activity;sid:83685871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.210.50.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.67.150.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822773/; classtype:trojan-activity;sid:83685873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.5.61.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.188.121.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822775/; classtype:trojan-activity;sid:83685875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.0.251.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822776/; classtype:trojan-activity;sid:83685876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.31.189.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822777/; classtype:trojan-activity;sid:83685877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"139.60.191.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822762/; classtype:trojan-activity;sid:83685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.246.177.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822764/; classtype:trojan-activity;sid:83685864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"71.42.105.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822765/; classtype:trojan-activity;sid:83685865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.188.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822766/; classtype:trojan-activity;sid:83685866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.77.14.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822767/; classtype:trojan-activity;sid:83685867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.34.7.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.83.178.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822758/; classtype:trojan-activity;sid:83685858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.153.148.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822759/; classtype:trojan-activity;sid:83685859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"42.113.121.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822760/; classtype:trojan-activity;sid:83685860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.245.165.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822761/; classtype:trojan-activity;sid:83685861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.203.92.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822756/; classtype:trojan-activity;sid:83685856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.244.112.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.175.223.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.1.157.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.42.201.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.11.95.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822752/; classtype:trojan-activity;sid:83685852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.216.125.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822753/; classtype:trojan-activity;sid:83685853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.130.102.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822745/; classtype:trojan-activity;sid:83685845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.190.142.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822746/; classtype:trojan-activity;sid:83685846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.58.21.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822747/; classtype:trojan-activity;sid:83685847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.131.121.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822748/; classtype:trojan-activity;sid:83685848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.25.107.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822749/; classtype:trojan-activity;sid:83685849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.172.84.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822750/; classtype:trojan-activity;sid:83685850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.28.58.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.21.223.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.63.242.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822736/; classtype:trojan-activity;sid:83685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.242.106.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822737/; classtype:trojan-activity;sid:83685837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.225.114.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822738/; classtype:trojan-activity;sid:83685838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"96.92.116.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822739/; classtype:trojan-activity;sid:83685839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"168.228.6.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.150.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822741/; classtype:trojan-activity;sid:83685841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.207.209.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822742/; classtype:trojan-activity;sid:83685842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.7.153.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822743/; classtype:trojan-activity;sid:83685843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.184.231.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"138.19.251.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822727/; classtype:trojan-activity;sid:83685827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.75.222.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822728/; classtype:trojan-activity;sid:83685828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.199.42.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822729/; classtype:trojan-activity;sid:83685829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"196.202.194.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822730/; classtype:trojan-activity;sid:83685830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.101.239.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822731/; classtype:trojan-activity;sid:83685831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.51.168.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822732/; classtype:trojan-activity;sid:83685832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.70.242.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822733/; classtype:trojan-activity;sid:83685833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.68.17.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822717/; classtype:trojan-activity;sid:83685817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.205.90.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822718/; classtype:trojan-activity;sid:83685818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.216.69.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822719/; classtype:trojan-activity;sid:83685819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.128.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822720/; classtype:trojan-activity;sid:83685820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.193.120.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822722/; classtype:trojan-activity;sid:83685822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.208.49.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822723/; classtype:trojan-activity;sid:83685823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.124.5.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822725/; classtype:trojan-activity;sid:83685825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"196.41.63.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"168.205.53.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822714/; classtype:trojan-activity;sid:83685814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.159.8.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822715/; classtype:trojan-activity;sid:83685815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.49.193.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822716/; classtype:trojan-activity;sid:83685816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.46.58.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822713/; classtype:trojan-activity;sid:83685813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.229.139.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"50.202.219.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822712/; classtype:trojan-activity;sid:83685812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.215.61.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.57.121.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822707/; classtype:trojan-activity;sid:83685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.142.158.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822708/; classtype:trojan-activity;sid:83685808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"38.137.248.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822709/; classtype:trojan-activity;sid:83685809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.92.233.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822710/; classtype:trojan-activity;sid:83685810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.228.135.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822696/; classtype:trojan-activity;sid:83685796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.71.191.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822697/; classtype:trojan-activity;sid:83685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"98.103.171.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.236.114.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822699/; classtype:trojan-activity;sid:83685799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.112.124.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822700/; classtype:trojan-activity;sid:83685800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.52.158.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822701/; classtype:trojan-activity;sid:83685801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.238.132.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822702/; classtype:trojan-activity;sid:83685802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.113.155.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822703/; classtype:trojan-activity;sid:83685803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.91.171.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.52.164.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.122.180.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822683/; classtype:trojan-activity;sid:83685783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.182.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.191.16.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822685/; classtype:trojan-activity;sid:83685785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"170.247.1.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822686/; classtype:trojan-activity;sid:83685786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.188.174.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822687/; classtype:trojan-activity;sid:83685787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.224.100.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822688/; classtype:trojan-activity;sid:83685788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.43.201.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822689/; classtype:trojan-activity;sid:83685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.173.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822690/; classtype:trojan-activity;sid:83685790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.129.106.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.111.182.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822692/; classtype:trojan-activity;sid:83685792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.27.204.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822693/; classtype:trojan-activity;sid:83685793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"64.140.105.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822694/; classtype:trojan-activity;sid:83685794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.49.4.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822676/; classtype:trojan-activity;sid:83685776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.76.195.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822677/; classtype:trojan-activity;sid:83685777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.212.109.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822678/; classtype:trojan-activity;sid:83685778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.99.5.210"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822679/; classtype:trojan-activity;sid:83685779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822680/; classtype:trojan-activity;sid:83685780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.196.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822681/; classtype:trojan-activity;sid:83685781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.115.254.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822682/; classtype:trojan-activity;sid:83685782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.156.46.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822674/; classtype:trojan-activity;sid:83685774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.81.56.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822675/; classtype:trojan-activity;sid:83685775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"164.215.113.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822673/; classtype:trojan-activity;sid:83685773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.197.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.171.120.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822672/; classtype:trojan-activity;sid:83685772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.58.78.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.33.2.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822665/; classtype:trojan-activity;sid:83685765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.119.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822666/; classtype:trojan-activity;sid:83685766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"191.103.217.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822667/; classtype:trojan-activity;sid:83685767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.174.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822668/; classtype:trojan-activity;sid:83685768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.151.82.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822669/; classtype:trojan-activity;sid:83685769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.55.247.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822661/; classtype:trojan-activity;sid:83685761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.114.152.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822662/; classtype:trojan-activity;sid:83685762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.42.121.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822663/; classtype:trojan-activity;sid:83685763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.130.22.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822664/; classtype:trojan-activity;sid:83685764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.19.172.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.93.245.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822647/; classtype:trojan-activity;sid:83685747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.36.80.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822648/; classtype:trojan-activity;sid:83685748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.70.204.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822649/; classtype:trojan-activity;sid:83685749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.129.2.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"65.132.139.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822651/; classtype:trojan-activity;sid:83685751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.99.201.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822652/; classtype:trojan-activity;sid:83685752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.120.98.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822653/; classtype:trojan-activity;sid:83685753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.111.210.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822654/; classtype:trojan-activity;sid:83685754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.247.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822655/; classtype:trojan-activity;sid:83685755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.72.77.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822656/; classtype:trojan-activity;sid:83685756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.100.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822657/; classtype:trojan-activity;sid:83685757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.218.50.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822658/; classtype:trojan-activity;sid:83685758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.74.144.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822659/; classtype:trojan-activity;sid:83685759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.172.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822660/; classtype:trojan-activity;sid:83685760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.12.76.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822635/; classtype:trojan-activity;sid:83685735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.24.167.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822636/; classtype:trojan-activity;sid:83685736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.204.177.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822637/; classtype:trojan-activity;sid:83685737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.183.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.86.123.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822639/; classtype:trojan-activity;sid:83685739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.240.163.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822640/; classtype:trojan-activity;sid:83685740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.230.159.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822641/; classtype:trojan-activity;sid:83685741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.165.36.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822642/; classtype:trojan-activity;sid:83685742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.102.18.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822643/; classtype:trojan-activity;sid:83685743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.110.151.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822644/; classtype:trojan-activity;sid:83685744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.249.178.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822645/; classtype:trojan-activity;sid:83685745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.227.22.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822632/; classtype:trojan-activity;sid:83685732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.78.118.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822633/; classtype:trojan-activity;sid:83685733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.171.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822634/; classtype:trojan-activity;sid:83685734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.61.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822629/; classtype:trojan-activity;sid:83685729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.125.14.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822630/; classtype:trojan-activity;sid:83685730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.39.116.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822631/; classtype:trojan-activity;sid:83685731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.221.136.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822628/; classtype:trojan-activity;sid:83685728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"162.212.204.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822626/; classtype:trojan-activity;sid:83685726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"101.255.103.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822627/; classtype:trojan-activity;sid:83685727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.195.160.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822618/; classtype:trojan-activity;sid:83685718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.154.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.129.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.89.129.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822621/; classtype:trojan-activity;sid:83685721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.25.214.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822622/; classtype:trojan-activity;sid:83685722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.172.144.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822623/; classtype:trojan-activity;sid:83685723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.74.243.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822624/; classtype:trojan-activity;sid:83685724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.220.87.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822625/; classtype:trojan-activity;sid:83685725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.249.179.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822599/; classtype:trojan-activity;sid:83685699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.236.113.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822600/; classtype:trojan-activity;sid:83685700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.94.29.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.150.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822602/; classtype:trojan-activity;sid:83685702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.113.141.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822603/; classtype:trojan-activity;sid:83685703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.156.169.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822604/; classtype:trojan-activity;sid:83685704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.245.131.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822605/; classtype:trojan-activity;sid:83685705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.216.100.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822606/; classtype:trojan-activity;sid:83685706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.49.214.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822607/; classtype:trojan-activity;sid:83685707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.42.98.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822608/; classtype:trojan-activity;sid:83685708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.159.0.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822609/; classtype:trojan-activity;sid:83685709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.153.161.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822610/; classtype:trojan-activity;sid:83685710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.34.22.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822611/; classtype:trojan-activity;sid:83685711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"63.78.214.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.245.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822613/; classtype:trojan-activity;sid:83685713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.131.240.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822614/; classtype:trojan-activity;sid:83685714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.20.254.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822615/; classtype:trojan-activity;sid:83685715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.109.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.188.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822617/; classtype:trojan-activity;sid:83685717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.22.48.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"69.71.167.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822591/; classtype:trojan-activity;sid:83685691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.211.252.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.115.150.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822593/; classtype:trojan-activity;sid:83685693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.208.99.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822594/; classtype:trojan-activity;sid:83685694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.210.198.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822595/; classtype:trojan-activity;sid:83685695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"64.140.99.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822596/; classtype:trojan-activity;sid:83685696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.69.89.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822597/; classtype:trojan-activity;sid:83685697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.98.68.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822598/; classtype:trojan-activity;sid:83685698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.188.62.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822589/; classtype:trojan-activity;sid:83685689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.4.222.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822575/; classtype:trojan-activity;sid:83685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822576/; classtype:trojan-activity;sid:83685676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.77.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822577/; classtype:trojan-activity;sid:83685677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.175.134.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.203.92.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822579/; classtype:trojan-activity;sid:83685679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.43.59.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822580/; classtype:trojan-activity;sid:83685680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.171.80.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.135.140.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822582/; classtype:trojan-activity;sid:83685682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.245.10.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.207.249.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822584/; classtype:trojan-activity;sid:83685684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.89.199.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"144.48.169.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822586/; classtype:trojan-activity;sid:83685686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.179.41.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822587/; classtype:trojan-activity;sid:83685687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.201.160.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822588/; classtype:trojan-activity;sid:83685688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.212.51.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822565/; classtype:trojan-activity;sid:83685665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.104.195.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822566/; classtype:trojan-activity;sid:83685666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822567/; classtype:trojan-activity;sid:83685667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.150.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822568/; classtype:trojan-activity;sid:83685668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.95.124.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822569/; classtype:trojan-activity;sid:83685669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.5.19.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.249.140.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822571/; classtype:trojan-activity;sid:83685671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.115.174.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822572/; classtype:trojan-activity;sid:83685672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.128.231.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822573/; classtype:trojan-activity;sid:83685673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"147.91.249.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822574/; classtype:trojan-activity;sid:83685674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.71.46.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822555/; classtype:trojan-activity;sid:83685655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"209.42.55.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822556/; classtype:trojan-activity;sid:83685656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.41.225.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822557/; classtype:trojan-activity;sid:83685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.143.124.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822558/; classtype:trojan-activity;sid:83685658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.9.192.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822559/; classtype:trojan-activity;sid:83685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.192.33.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822560/; classtype:trojan-activity;sid:83685660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"107.1.208.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822561/; classtype:trojan-activity;sid:83685661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.70.30.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822562/; classtype:trojan-activity;sid:83685662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.176.7.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822563/; classtype:trojan-activity;sid:83685663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.249.52.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822564/; classtype:trojan-activity;sid:83685664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"98.124.87.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822551/; classtype:trojan-activity;sid:83685651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.202.9.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822552/; classtype:trojan-activity;sid:83685652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.0.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.34.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822554/; classtype:trojan-activity;sid:83685654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.73.70.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.92.82.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.254.255.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.94.37.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822550/; classtype:trojan-activity;sid:83685650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.53.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"139.255.17.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822545/; classtype:trojan-activity;sid:83685645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.69.219.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822546/; classtype:trojan-activity;sid:83685646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.228.134.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822536/; classtype:trojan-activity;sid:83685636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822537/; classtype:trojan-activity;sid:83685637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"66.181.166.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822538/; classtype:trojan-activity;sid:83685638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.61.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822539/; classtype:trojan-activity;sid:83685639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.1.93.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822540/; classtype:trojan-activity;sid:83685640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"73.157.192.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822541/; classtype:trojan-activity;sid:83685641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.190.109.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822542/; classtype:trojan-activity;sid:83685642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.119.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822534/; classtype:trojan-activity;sid:83685634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.105.226.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822535/; classtype:trojan-activity;sid:83685635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.167.25.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822523/; classtype:trojan-activity;sid:83685623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.136.195.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822524/; classtype:trojan-activity;sid:83685624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.232.241.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822525/; classtype:trojan-activity;sid:83685625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"90.182.214.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822526/; classtype:trojan-activity;sid:83685626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.102.53.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822527/; classtype:trojan-activity;sid:83685627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.136.69.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822528/; classtype:trojan-activity;sid:83685628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822529/; classtype:trojan-activity;sid:83685629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.64.96.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.242.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822531/; classtype:trojan-activity;sid:83685631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"64.140.100.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822532/; classtype:trojan-activity;sid:83685632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.120.241.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822533/; classtype:trojan-activity;sid:83685633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.124.33.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.111.183.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822519/; classtype:trojan-activity;sid:83685619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.115.143.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822520/; classtype:trojan-activity;sid:83685620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.102.18.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822521/; classtype:trojan-activity;sid:83685621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.140.32.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.12.6.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.182.90.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822513/; classtype:trojan-activity;sid:83685613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"136.169.119.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.248.145.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822515/; classtype:trojan-activity;sid:83685615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.239.22.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822516/; classtype:trojan-activity;sid:83685616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.66.105.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.116.1.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822511/; classtype:trojan-activity;sid:83685611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.232.188.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822506/; classtype:trojan-activity;sid:83685606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.141.122.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822507/; classtype:trojan-activity;sid:83685607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.184.86.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822508/; classtype:trojan-activity;sid:83685608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.16.45.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822509/; classtype:trojan-activity;sid:83685609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.67.251.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822510/; classtype:trojan-activity;sid:83685610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.189.188.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822501/; classtype:trojan-activity;sid:83685601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.133.58.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822502/; classtype:trojan-activity;sid:83685602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.19.224.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822503/; classtype:trojan-activity;sid:83685603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.205.37.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822504/; classtype:trojan-activity;sid:83685604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.219.119.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822505/; classtype:trojan-activity;sid:83685605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.80.242.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822498/; classtype:trojan-activity;sid:83685598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.126.238.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822499/; classtype:trojan-activity;sid:83685599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.235.185.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822500/; classtype:trojan-activity;sid:83685600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.28.123.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.33.114.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822496/; classtype:trojan-activity;sid:83685596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.184.249.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822497/; classtype:trojan-activity;sid:83685597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.84.131.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822493/; classtype:trojan-activity;sid:83685593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.253.154.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822494/; classtype:trojan-activity;sid:83685594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.211.153.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822490/; classtype:trojan-activity;sid:83685590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.176.138.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822491/; classtype:trojan-activity;sid:83685591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.58.127.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822492/; classtype:trojan-activity;sid:83685592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.149.143.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822486/; classtype:trojan-activity;sid:83685586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.124.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822487/; classtype:trojan-activity;sid:83685587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.187.82.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.252.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822489/; classtype:trojan-activity;sid:83685589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.200.106.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.31.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822479/; classtype:trojan-activity;sid:83685579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.16.195.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822480/; classtype:trojan-activity;sid:83685580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.224.243.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822481/; classtype:trojan-activity;sid:83685581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.216.28.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.11.94.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822483/; classtype:trojan-activity;sid:83685583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.99.230.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822484/; classtype:trojan-activity;sid:83685584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.134.42.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.188.190.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822465/; classtype:trojan-activity;sid:83685565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.160.3.5"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822466/; classtype:trojan-activity;sid:83685566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.126.186.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.91.144.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.79.114.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822469/; classtype:trojan-activity;sid:83685569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.130.41.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822470/; classtype:trojan-activity;sid:83685570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.2.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.63.108.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822472/; classtype:trojan-activity;sid:83685572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"42.98.254.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822473/; classtype:trojan-activity;sid:83685573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.4.110.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822474/; classtype:trojan-activity;sid:83685574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.71.250.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.115.114.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822476/; classtype:trojan-activity;sid:83685576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.5.50.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.28.86.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822457/; classtype:trojan-activity;sid:83685557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.43.49.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822458/; classtype:trojan-activity;sid:83685558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822459/; classtype:trojan-activity;sid:83685559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.69.79.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.152.23.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822461/; classtype:trojan-activity;sid:83685561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.61.163.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.133.154.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822463/; classtype:trojan-activity;sid:83685563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.112.153.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822464/; classtype:trojan-activity;sid:83685564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.130.70.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822455/; classtype:trojan-activity;sid:83685555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.167.196.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822456/; classtype:trojan-activity;sid:83685556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.219.187.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822452/; classtype:trojan-activity;sid:83685552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.106.27.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822453/; classtype:trojan-activity;sid:83685553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"67.78.106.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822454/; classtype:trojan-activity;sid:83685554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"98.175.32.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822450/; classtype:trojan-activity;sid:83685550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.214.241.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.40.54.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822448/; classtype:trojan-activity;sid:83685548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.59.90.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822449/; classtype:trojan-activity;sid:83685549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.222.45.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822435/; classtype:trojan-activity;sid:83685535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"90.182.214.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822436/; classtype:trojan-activity;sid:83685536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.218.249.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822437/; classtype:trojan-activity;sid:83685537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.7.203.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822438/; classtype:trojan-activity;sid:83685538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.114.109.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822439/; classtype:trojan-activity;sid:83685539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"67.209.193.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822440/; classtype:trojan-activity;sid:83685540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.90.207.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822441/; classtype:trojan-activity;sid:83685541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"71.83.248.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822442/; classtype:trojan-activity;sid:83685542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.237.4.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.199.42.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822444/; classtype:trojan-activity;sid:83685544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.93.177.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822445/; classtype:trojan-activity;sid:83685545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.230.159.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822446/; classtype:trojan-activity;sid:83685546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.95.35.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822447/; classtype:trojan-activity;sid:83685547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.193.97.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822424/; classtype:trojan-activity;sid:83685524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.12.55.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822425/; classtype:trojan-activity;sid:83685525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.228.134.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822426/; classtype:trojan-activity;sid:83685526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.102.58.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822427/; classtype:trojan-activity;sid:83685527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"38.137.248.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822428/; classtype:trojan-activity;sid:83685528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.92.94.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822429/; classtype:trojan-activity;sid:83685529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.112.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822430/; classtype:trojan-activity;sid:83685530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.18.197.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822431/; classtype:trojan-activity;sid:83685531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.71.69.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.211.107.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822433/; classtype:trojan-activity;sid:83685533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.60.215.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822434/; classtype:trojan-activity;sid:83685534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.6.74.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.15.92.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.92.98.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822418/; classtype:trojan-activity;sid:83685518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.68.50.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822419/; classtype:trojan-activity;sid:83685519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"143.208.36.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822420/; classtype:trojan-activity;sid:83685520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.43.34.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822421/; classtype:trojan-activity;sid:83685521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.184.140.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822422/; classtype:trojan-activity;sid:83685522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.54.15.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822423/; classtype:trojan-activity;sid:83685523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.111.14.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822411/; classtype:trojan-activity;sid:83685511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.4.18.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822412/; classtype:trojan-activity;sid:83685512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.0.54.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822413/; classtype:trojan-activity;sid:83685513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.7.158.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822414/; classtype:trojan-activity;sid:83685514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.193.118.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822415/; classtype:trojan-activity;sid:83685515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"149.255.10.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822410/; classtype:trojan-activity;sid:83685510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.140.176.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822409/; classtype:trojan-activity;sid:83685509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.10.211.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822406/; classtype:trojan-activity;sid:83685506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.106.58.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.183.45.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822408/; classtype:trojan-activity;sid:83685508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.77.128.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822398/; classtype:trojan-activity;sid:83685498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"216.155.93.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822399/; classtype:trojan-activity;sid:83685499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822400/; classtype:trojan-activity;sid:83685500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.189.222.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.36.229.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822402/; classtype:trojan-activity;sid:83685502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.120.245.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822403/; classtype:trojan-activity;sid:83685503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.91.171.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822404/; classtype:trojan-activity;sid:83685504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.157.212.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.148.18.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822386/; classtype:trojan-activity;sid:83685486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.93.53.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822387/; classtype:trojan-activity;sid:83685487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.252.69.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.7.27.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.119.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822390/; classtype:trojan-activity;sid:83685490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.62.237.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822391/; classtype:trojan-activity;sid:83685491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.235.234.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822392/; classtype:trojan-activity;sid:83685492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.122.28.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822393/; classtype:trojan-activity;sid:83685493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.89.178.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822394/; classtype:trojan-activity;sid:83685494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.50.169.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.125.15.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822397/; classtype:trojan-activity;sid:83685497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.101.81.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"158.181.34.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822378/; classtype:trojan-activity;sid:83685478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.14.11.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822379/; classtype:trojan-activity;sid:83685479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.174.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822380/; classtype:trojan-activity;sid:83685480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.70.125.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822381/; classtype:trojan-activity;sid:83685481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.217.148.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822382/; classtype:trojan-activity;sid:83685482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.40.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822383/; classtype:trojan-activity;sid:83685483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.113.124.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.114.200.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.226.157.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822370/; classtype:trojan-activity;sid:83685470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.108.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.84.212.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.97.190.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822373/; classtype:trojan-activity;sid:83685473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"64.140.100.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.250.202.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822375/; classtype:trojan-activity;sid:83685475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.147.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822376/; classtype:trojan-activity;sid:83685476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.252.167.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822369/; classtype:trojan-activity;sid:83685469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.88.244.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"211.223.178.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822368/; classtype:trojan-activity;sid:83685468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"64.91.76.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822366/; classtype:trojan-activity;sid:83685466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"39.174.238.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822365/; classtype:trojan-activity;sid:83685465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.143.133.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"139.255.67.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822357/; classtype:trojan-activity;sid:83685457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.190.76.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822358/; classtype:trojan-activity;sid:83685458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.162.70.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822359/; classtype:trojan-activity;sid:83685459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.161.230.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822360/; classtype:trojan-activity;sid:83685460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"66.198.199.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822361/; classtype:trojan-activity;sid:83685461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822362/; classtype:trojan-activity;sid:83685462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.176.113.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.211.197.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.111.213.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822350/; classtype:trojan-activity;sid:83685450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"73.88.104.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822351/; classtype:trojan-activity;sid:83685451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"104.192.201.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822352/; classtype:trojan-activity;sid:83685452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.29.14.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.99.218.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822354/; classtype:trojan-activity;sid:83685454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.127.105.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.58.145.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822343/; classtype:trojan-activity;sid:83685443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.14.24.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822344/; classtype:trojan-activity;sid:83685444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.200.203.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822345/; classtype:trojan-activity;sid:83685445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.117.197.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822346/; classtype:trojan-activity;sid:83685446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"210.56.21.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822347/; classtype:trojan-activity;sid:83685447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.68.79.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822348/; classtype:trojan-activity;sid:83685448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.2.213.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822349/; classtype:trojan-activity;sid:83685449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.79.233.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822336/; classtype:trojan-activity;sid:83685436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.68.95.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.111.182.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822338/; classtype:trojan-activity;sid:83685438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.57.219.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822339/; classtype:trojan-activity;sid:83685439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.115.107.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822340/; classtype:trojan-activity;sid:83685440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.239.218.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822341/; classtype:trojan-activity;sid:83685441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.111.116.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822342/; classtype:trojan-activity;sid:83685442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"131.108.39.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822331/; classtype:trojan-activity;sid:83685431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.29.162.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822332/; classtype:trojan-activity;sid:83685432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.193.70.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822333/; classtype:trojan-activity;sid:83685433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.207.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.123.142.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822335/; classtype:trojan-activity;sid:83685435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.46.28.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822326/; classtype:trojan-activity;sid:83685426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.201.160.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822327/; classtype:trojan-activity;sid:83685427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.148.18.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822328/; classtype:trojan-activity;sid:83685428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.193.88.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822329/; classtype:trojan-activity;sid:83685429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.161.217.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822330/; classtype:trojan-activity;sid:83685430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.198.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822324/; classtype:trojan-activity;sid:83685424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.193.62.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"66.198.193.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822318/; classtype:trojan-activity;sid:83685418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.151.142.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822319/; classtype:trojan-activity;sid:83685419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"108.162.187.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822320/; classtype:trojan-activity;sid:83685420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.175.42.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.234.218.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822322/; classtype:trojan-activity;sid:83685422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.240.37.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822323/; classtype:trojan-activity;sid:83685423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.218.142.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822314/; classtype:trojan-activity;sid:83685414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.115.232.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822315/; classtype:trojan-activity;sid:83685415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.73.242.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.102.18.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822317/; classtype:trojan-activity;sid:83685417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.158.68.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822311/; classtype:trojan-activity;sid:83685411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.118.104.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822312/; classtype:trojan-activity;sid:83685412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.124.76.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822313/; classtype:trojan-activity;sid:83685413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.106.15.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822309/; classtype:trojan-activity;sid:83685409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.186.115.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822310/; classtype:trojan-activity;sid:83685410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.66.164.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822303/; classtype:trojan-activity;sid:83685403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.28.11.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.89.118.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822305/; classtype:trojan-activity;sid:83685405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.181.44.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822306/; classtype:trojan-activity;sid:83685406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.212.1.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822307/; classtype:trojan-activity;sid:83685407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.245.112.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.97.202.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822296/; classtype:trojan-activity;sid:83685396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.67.251.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822297/; classtype:trojan-activity;sid:83685397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"66.18.162.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822298/; classtype:trojan-activity;sid:83685398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822299/; classtype:trojan-activity;sid:83685399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.52.48.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822300/; classtype:trojan-activity;sid:83685400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.76.80.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822301/; classtype:trojan-activity;sid:83685401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.73.49.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.29.19.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822288/; classtype:trojan-activity;sid:83685388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.209.164.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822289/; classtype:trojan-activity;sid:83685389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.185.49.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822290/; classtype:trojan-activity;sid:83685390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.239.120.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822291/; classtype:trojan-activity;sid:83685391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.115.101.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822292/; classtype:trojan-activity;sid:83685392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.63.213.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822293/; classtype:trojan-activity;sid:83685393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"75.136.50.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.0.131.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.197.209.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822282/; classtype:trojan-activity;sid:83685382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.207.203.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822283/; classtype:trojan-activity;sid:83685383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"173.235.65.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822284/; classtype:trojan-activity;sid:83685384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.10.159.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822285/; classtype:trojan-activity;sid:83685385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.237.250.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.236.46.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.43.16.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822274/; classtype:trojan-activity;sid:83685374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.131.244.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.205.35.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822276/; classtype:trojan-activity;sid:83685376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.234.151.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822277/; classtype:trojan-activity;sid:83685377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.212.49.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822278/; classtype:trojan-activity;sid:83685378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.81.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822279/; classtype:trojan-activity;sid:83685379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.210.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.202.63.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822281/; classtype:trojan-activity;sid:83685381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.174.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822273/; classtype:trojan-activity;sid:83685373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.120.28.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822272/; classtype:trojan-activity;sid:83685372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.117.133.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822266/; classtype:trojan-activity;sid:83685366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"120.31.135.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822267/; classtype:trojan-activity;sid:83685367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.122.96.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.70.147.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822269/; classtype:trojan-activity;sid:83685369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.90.207.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822270/; classtype:trojan-activity;sid:83685370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.38.45.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822271/; classtype:trojan-activity;sid:83685371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.172.170.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822262/; classtype:trojan-activity;sid:83685362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.228.64.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.214.112.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822264/; classtype:trojan-activity;sid:83685364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.199.144.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822265/; classtype:trojan-activity;sid:83685365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.102.53.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822254/; classtype:trojan-activity;sid:83685354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.159.74.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.191.143.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822256/; classtype:trojan-activity;sid:83685356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.57.135.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822257/; classtype:trojan-activity;sid:83685357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.237.174.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822258/; classtype:trojan-activity;sid:83685358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.90.207.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.205.35.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822260/; classtype:trojan-activity;sid:83685360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.54.237.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822261/; classtype:trojan-activity;sid:83685361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"23.236.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822247/; classtype:trojan-activity;sid:83685347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.50.146.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822248/; classtype:trojan-activity;sid:83685348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.215.23.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.117.210.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822251/; classtype:trojan-activity;sid:83685351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.123.37.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822252/; classtype:trojan-activity;sid:83685352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.83.245.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822253/; classtype:trojan-activity;sid:83685353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.229.92.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822238/; classtype:trojan-activity;sid:83685338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.193.97.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822239/; classtype:trojan-activity;sid:83685339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.28.58.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.102.53.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822241/; classtype:trojan-activity;sid:83685341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.218.172.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822242/; classtype:trojan-activity;sid:83685342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.177.251.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822243/; classtype:trojan-activity;sid:83685343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.7.160.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822244/; classtype:trojan-activity;sid:83685344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.196.120.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822245/; classtype:trojan-activity;sid:83685345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.224.5.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822246/; classtype:trojan-activity;sid:83685346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.6.37.37"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822235/; classtype:trojan-activity;sid:83685335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.24.131.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822236/; classtype:trojan-activity;sid:83685336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.202.245.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822237/; classtype:trojan-activity;sid:83685337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"38.137.250.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822232/; classtype:trojan-activity;sid:83685332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.75.49.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822233/; classtype:trojan-activity;sid:83685333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.193.118.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822234/; classtype:trojan-activity;sid:83685334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.246.214.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822225/; classtype:trojan-activity;sid:83685325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.189.199.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822226/; classtype:trojan-activity;sid:83685326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.155.64.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.17.248.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822228/; classtype:trojan-activity;sid:83685328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"208.89.168.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822229/; classtype:trojan-activity;sid:83685329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.254.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822230/; classtype:trojan-activity;sid:83685330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.46.57.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822231/; classtype:trojan-activity;sid:83685331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.229.82.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822216/; classtype:trojan-activity;sid:83685316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.36.80.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822217/; classtype:trojan-activity;sid:83685317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.214.31.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822218/; classtype:trojan-activity;sid:83685318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.153.22.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822219/; classtype:trojan-activity;sid:83685319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.52.67.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822220/; classtype:trojan-activity;sid:83685320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.165.192.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822221/; classtype:trojan-activity;sid:83685321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.70.115.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822222/; classtype:trojan-activity;sid:83685322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"165.165.183.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822223/; classtype:trojan-activity;sid:83685323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.202.206.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822224/; classtype:trojan-activity;sid:83685324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.5.52.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822210/; classtype:trojan-activity;sid:83685310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.93.83.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822211/; classtype:trojan-activity;sid:83685311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.17.61.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822212/; classtype:trojan-activity;sid:83685312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.141.29.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822213/; classtype:trojan-activity;sid:83685313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.217.148.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822214/; classtype:trojan-activity;sid:83685314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.237.112.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822215/; classtype:trojan-activity;sid:83685315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.152.17.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822201/; classtype:trojan-activity;sid:83685301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822202/; classtype:trojan-activity;sid:83685302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.86.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822203/; classtype:trojan-activity;sid:83685303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.157.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.188.254.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822205/; classtype:trojan-activity;sid:83685305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.152.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822206/; classtype:trojan-activity;sid:83685306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.244.169.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.183.186.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822208/; classtype:trojan-activity;sid:83685308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"73.190.86.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822209/; classtype:trojan-activity;sid:83685309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.40.84.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.186.54.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.163.57.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.52.94.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822199/; classtype:trojan-activity;sid:83685299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.211.154.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822200/; classtype:trojan-activity;sid:83685300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.199.123.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822193/; classtype:trojan-activity;sid:83685293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.254.192.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822194/; classtype:trojan-activity;sid:83685294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.150.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822195/; classtype:trojan-activity;sid:83685295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.255.164.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.84.237.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822191/; classtype:trojan-activity;sid:83685291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.107.231.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822185/; classtype:trojan-activity;sid:83685285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.168.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822186/; classtype:trojan-activity;sid:83685286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.211.169.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822187/; classtype:trojan-activity;sid:83685287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.246.141.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822188/; classtype:trojan-activity;sid:83685288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.145.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.162.113.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822182/; classtype:trojan-activity;sid:83685282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.53.192.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822183/; classtype:trojan-activity;sid:83685283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.187.151.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.172.187.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822172/; classtype:trojan-activity;sid:83685272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.177.98.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822174/; classtype:trojan-activity;sid:83685274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.38.40.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822175/; classtype:trojan-activity;sid:83685275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.237.197.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822176/; classtype:trojan-activity;sid:83685276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"61.9.53.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822177/; classtype:trojan-activity;sid:83685277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.60.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.92.132.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822179/; classtype:trojan-activity;sid:83685279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.212.51.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822180/; classtype:trojan-activity;sid:83685280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.241.19.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.4.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822160/; classtype:trojan-activity;sid:83685260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.159.4.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822161/; classtype:trojan-activity;sid:83685261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.62.233.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822162/; classtype:trojan-activity;sid:83685262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.250.160.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.227.116.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822164/; classtype:trojan-activity;sid:83685264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"211.186.82.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.136.151.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822166/; classtype:trojan-activity;sid:83685266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.173.173.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.190.20.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.34.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.93.219.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822170/; classtype:trojan-activity;sid:83685270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.159.28.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822171/; classtype:trojan-activity;sid:83685271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.222.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822157/; classtype:trojan-activity;sid:83685257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.15.62.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822158/; classtype:trojan-activity;sid:83685258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.66.105.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822159/; classtype:trojan-activity;sid:83685259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.30.113.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822152/; classtype:trojan-activity;sid:83685252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.52.86.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.53.91.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822154/; classtype:trojan-activity;sid:83685254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.18.223.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.91.186.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822156/; classtype:trojan-activity;sid:83685256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.142.73.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822147/; classtype:trojan-activity;sid:83685247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.129.195.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822148/; classtype:trojan-activity;sid:83685248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.129.2.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822149/; classtype:trojan-activity;sid:83685249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.246.165.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822150/; classtype:trojan-activity;sid:83685250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.218.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822151/; classtype:trojan-activity;sid:83685251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.44.110.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.16.195.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822143/; classtype:trojan-activity;sid:83685243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.0.4.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822144/; classtype:trojan-activity;sid:83685244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.215.69.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822145/; classtype:trojan-activity;sid:83685245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.1.241.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822146/; classtype:trojan-activity;sid:83685246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.66.195.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822139/; classtype:trojan-activity;sid:83685239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.211.8.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.141.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822141/; classtype:trojan-activity;sid:83685241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.191.123.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.107.205.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.21.132.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822130/; classtype:trojan-activity;sid:83685230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.162.141.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.129.202.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.154.84.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822133/; classtype:trojan-activity;sid:83685233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.89.240.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822134/; classtype:trojan-activity;sid:83685234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.43.98.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822135/; classtype:trojan-activity;sid:83685235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.24.13.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822136/; classtype:trojan-activity;sid:83685236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.174.152.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822137/; classtype:trojan-activity;sid:83685237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.17.23.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822125/; classtype:trojan-activity;sid:83685225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.105.205.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822126/; classtype:trojan-activity;sid:83685226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.200.63.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822127/; classtype:trojan-activity;sid:83685227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822128/; classtype:trojan-activity;sid:83685228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.115.254.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822116/; classtype:trojan-activity;sid:83685216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.7.20.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822117/; classtype:trojan-activity;sid:83685217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.91.150.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822118/; classtype:trojan-activity;sid:83685218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.226.199.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822119/; classtype:trojan-activity;sid:83685219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"101.255.103.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822120/; classtype:trojan-activity;sid:83685220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.247.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.113.122.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822122/; classtype:trojan-activity;sid:83685222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.92.143.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.237.162.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822124/; classtype:trojan-activity;sid:83685224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.18.28.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822108/; classtype:trojan-activity;sid:83685208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.234.253.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822109/; classtype:trojan-activity;sid:83685209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.90.124.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822110/; classtype:trojan-activity;sid:83685210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.204.218.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822111/; classtype:trojan-activity;sid:83685211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.150.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822112/; classtype:trojan-activity;sid:83685212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.199.179.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822113/; classtype:trojan-activity;sid:83685213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.101.187.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822114/; classtype:trojan-activity;sid:83685214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.255.90.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822115/; classtype:trojan-activity;sid:83685215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.203.247.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822099/; classtype:trojan-activity;sid:83685199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.147.93.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822100/; classtype:trojan-activity;sid:83685200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.65.35.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"138.122.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.150.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822103/; classtype:trojan-activity;sid:83685203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.175.205.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822104/; classtype:trojan-activity;sid:83685204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.19.119.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822105/; classtype:trojan-activity;sid:83685205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.174.99.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822106/; classtype:trojan-activity;sid:83685206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.241.77.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.10.183.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822098/; classtype:trojan-activity;sid:83685198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.127.49.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822097/; classtype:trojan-activity;sid:83685197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.158.238.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822094/; classtype:trojan-activity;sid:83685194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.69.71.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822095/; classtype:trojan-activity;sid:83685195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.28.58.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822096/; classtype:trojan-activity;sid:83685196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.162.70.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822083/; classtype:trojan-activity;sid:83685183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.20.51.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822084/; classtype:trojan-activity;sid:83685184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"174.7.42.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822085/; classtype:trojan-activity;sid:83685185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.118.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822086/; classtype:trojan-activity;sid:83685186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822087/; classtype:trojan-activity;sid:83685187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.122.210.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822088/; classtype:trojan-activity;sid:83685188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.145.239.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822089/; classtype:trojan-activity;sid:83685189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.148.112.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822090/; classtype:trojan-activity;sid:83685190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.62.179.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.70.204.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822092/; classtype:trojan-activity;sid:83685192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"64.89.206.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822093/; classtype:trojan-activity;sid:83685193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.121.161.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822073/; classtype:trojan-activity;sid:83685173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.52.72.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822074/; classtype:trojan-activity;sid:83685174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.180.176.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822075/; classtype:trojan-activity;sid:83685175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.115.254.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822076/; classtype:trojan-activity;sid:83685176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.4.44.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.7.203.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822078/; classtype:trojan-activity;sid:83685178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.65.235.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822079/; classtype:trojan-activity;sid:83685179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.199.144.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822080/; classtype:trojan-activity;sid:83685180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.205.74.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822081/; classtype:trojan-activity;sid:83685181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.46.38.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822082/; classtype:trojan-activity;sid:83685182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.29.147.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822065/; classtype:trojan-activity;sid:83685165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.173.163.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822066/; classtype:trojan-activity;sid:83685166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.203.218.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.97.143.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822068/; classtype:trojan-activity;sid:83685168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"69.142.178.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822069/; classtype:trojan-activity;sid:83685169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.26.180.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822070/; classtype:trojan-activity;sid:83685170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.209.255.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822071/; classtype:trojan-activity;sid:83685171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"174.78.254.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.65.50.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822061/; classtype:trojan-activity;sid:83685161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.153.126.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822062/; classtype:trojan-activity;sid:83685162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.221.254.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822063/; classtype:trojan-activity;sid:83685163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.187.151.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.137.36.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.13.143.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822059/; classtype:trojan-activity;sid:83685159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.171.55.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822060/; classtype:trojan-activity;sid:83685160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.0.129.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.80.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822055/; classtype:trojan-activity;sid:83685155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.152.168.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822056/; classtype:trojan-activity;sid:83685156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"106.41.71.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822057/; classtype:trojan-activity;sid:83685157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.73.121.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.93.84.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822049/; classtype:trojan-activity;sid:83685149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.164.18.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822050/; classtype:trojan-activity;sid:83685150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.40.149.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822051/; classtype:trojan-activity;sid:83685151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.69.88.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822052/; classtype:trojan-activity;sid:83685152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.140.36.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822053/; classtype:trojan-activity;sid:83685153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.113.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.108.154.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822043/; classtype:trojan-activity;sid:83685143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.180.54.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822045/; classtype:trojan-activity;sid:83685145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.175.189.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822046/; classtype:trojan-activity;sid:83685146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.29.249.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.4.117.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822029/; classtype:trojan-activity;sid:83685129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.190.191.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822030/; classtype:trojan-activity;sid:83685130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.120.179.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822031/; classtype:trojan-activity;sid:83685131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.115.254.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822032/; classtype:trojan-activity;sid:83685132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.38.182.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822033/; classtype:trojan-activity;sid:83685133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.220.157.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822034/; classtype:trojan-activity;sid:83685134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.208.145.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822035/; classtype:trojan-activity;sid:83685135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.54.179.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822036/; classtype:trojan-activity;sid:83685136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.12.60.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822037/; classtype:trojan-activity;sid:83685137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.165.21.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822038/; classtype:trojan-activity;sid:83685138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.48.119.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.114.97.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822040/; classtype:trojan-activity;sid:83685140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.115.103.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.98.13.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822020/; classtype:trojan-activity;sid:83685120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"64.64.152.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822021/; classtype:trojan-activity;sid:83685121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.186.22.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822022/; classtype:trojan-activity;sid:83685122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.84.143.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822023/; classtype:trojan-activity;sid:83685123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.4.147.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822024/; classtype:trojan-activity;sid:83685124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"216.188.216.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822025/; classtype:trojan-activity;sid:83685125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.33.225.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822026/; classtype:trojan-activity;sid:83685126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.100.241.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822027/; classtype:trojan-activity;sid:83685127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.100.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822028/; classtype:trojan-activity;sid:83685128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.127.8.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822016/; classtype:trojan-activity;sid:83685116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.194.25.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822017/; classtype:trojan-activity;sid:83685117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.192.78.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822018/; classtype:trojan-activity;sid:83685118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.73.244.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822019/; classtype:trojan-activity;sid:83685119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"69.70.215.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822013/; classtype:trojan-activity;sid:83685113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.119.95.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.244.26.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822015/; classtype:trojan-activity;sid:83685115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.213.157.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822010/; classtype:trojan-activity;sid:83685110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.237.157.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822011/; classtype:trojan-activity;sid:83685111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.207.209.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822012/; classtype:trojan-activity;sid:83685112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.122.211.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.205.131.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822008/; classtype:trojan-activity;sid:83685108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.95.48.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822009/; classtype:trojan-activity;sid:83685109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.230.158.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.153.61.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821997/; classtype:trojan-activity;sid:83685097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.29.162.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821998/; classtype:trojan-activity;sid:83685098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.234.202.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821999/; classtype:trojan-activity;sid:83685099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.174.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822000/; classtype:trojan-activity;sid:83685100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.101.130.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822001/; classtype:trojan-activity;sid:83685101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.179.233.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822002/; classtype:trojan-activity;sid:83685102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.38.171.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822003/; classtype:trojan-activity;sid:83685103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.251.5.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.223.44.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822005/; classtype:trojan-activity;sid:83685105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.89.245.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.249.179.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821992/; classtype:trojan-activity;sid:83685092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"206.108.130.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821993/; classtype:trojan-activity;sid:83685093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.15.233.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821994/; classtype:trojan-activity;sid:83685094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.196.180.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821995/; classtype:trojan-activity;sid:83685095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.58.83.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"134.249.186.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821982/; classtype:trojan-activity;sid:83685082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.242.106.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821983/; classtype:trojan-activity;sid:83685083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.109.168.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821984/; classtype:trojan-activity;sid:83685084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.17.36.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821985/; classtype:trojan-activity;sid:83685085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.171.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821986/; classtype:trojan-activity;sid:83685086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.120.179.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821987/; classtype:trojan-activity;sid:83685087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.76.80.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821988/; classtype:trojan-activity;sid:83685088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.204.141.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821989/; classtype:trojan-activity;sid:83685089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.191.218.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821990/; classtype:trojan-activity;sid:83685090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.60.207.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821991/; classtype:trojan-activity;sid:83685091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.237.242.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821973/; classtype:trojan-activity;sid:83685073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"183.108.106.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821974/; classtype:trojan-activity;sid:83685074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.70.30.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821975/; classtype:trojan-activity;sid:83685075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.188.30.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.68.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.196.122.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821978/; classtype:trojan-activity;sid:83685078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.94.100.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821979/; classtype:trojan-activity;sid:83685079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.32.86.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.248.41.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821971/; classtype:trojan-activity;sid:83685071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.234.218.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821972/; classtype:trojan-activity;sid:83685072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.189.218.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821966/; classtype:trojan-activity;sid:83685066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.73.75.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821967/; classtype:trojan-activity;sid:83685067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.93.92.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821968/; classtype:trojan-activity;sid:83685068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.34.22.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821969/; classtype:trojan-activity;sid:83685069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.247.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.93.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.104.223.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821962/; classtype:trojan-activity;sid:83685062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.204.154.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.77.150.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821964/; classtype:trojan-activity;sid:83685064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.108.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821965/; classtype:trojan-activity;sid:83685065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.254.23.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821958/; classtype:trojan-activity;sid:83685058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.151.56.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.133.95.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.125.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821956/; classtype:trojan-activity;sid:83685056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.0.69.42"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821957/; classtype:trojan-activity;sid:83685057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.4.143.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821950/; classtype:trojan-activity;sid:83685050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.121.80.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821951/; classtype:trojan-activity;sid:83685051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.139.153.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.231.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821953/; classtype:trojan-activity;sid:83685053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.71.131.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821954/; classtype:trojan-activity;sid:83685054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.66.125.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821955/; classtype:trojan-activity;sid:83685055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.56.164.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821941/; classtype:trojan-activity;sid:83685041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.76.195.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.52.34.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821943/; classtype:trojan-activity;sid:83685043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.177.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"191.103.250.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821945/; classtype:trojan-activity;sid:83685045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.212.237.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821946/; classtype:trojan-activity;sid:83685046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.23.24.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821947/; classtype:trojan-activity;sid:83685047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.11.95.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821948/; classtype:trojan-activity;sid:83685048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.0.129.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.30.234.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821929/; classtype:trojan-activity;sid:83685029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.16.143.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821930/; classtype:trojan-activity;sid:83685030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.2.23.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821931/; classtype:trojan-activity;sid:83685031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.105.249.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821932/; classtype:trojan-activity;sid:83685032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.70.37.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821933/; classtype:trojan-activity;sid:83685033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.53.164.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.127.112.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.208.68.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821936/; classtype:trojan-activity;sid:83685036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.18.148.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821937/; classtype:trojan-activity;sid:83685037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.67.4.139"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821938/; classtype:trojan-activity;sid:83685038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.193.59.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.98.86.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821940/; classtype:trojan-activity;sid:83685040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.238.118.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821922/; classtype:trojan-activity;sid:83685022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.254.46.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821923/; classtype:trojan-activity;sid:83685023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.55.98.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821924/; classtype:trojan-activity;sid:83685024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.111.119.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"210.4.69.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821926/; classtype:trojan-activity;sid:83685026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.184.86.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821927/; classtype:trojan-activity;sid:83685027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.195.191.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821917/; classtype:trojan-activity;sid:83685017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.126.195.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821918/; classtype:trojan-activity;sid:83685018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.16.75.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821919/; classtype:trojan-activity;sid:83685019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.21.192.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821920/; classtype:trojan-activity;sid:83685020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.115.107.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821921/; classtype:trojan-activity;sid:83685021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.102.53.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821916/; classtype:trojan-activity;sid:83685016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.242.149.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821913/; classtype:trojan-activity;sid:83685013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.101.187.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821914/; classtype:trojan-activity;sid:83685014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.43.228.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.150.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821910/; classtype:trojan-activity;sid:83685010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"120.50.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"112.166.244.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821912/; classtype:trojan-activity;sid:83685012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.104.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821909/; classtype:trojan-activity;sid:83685009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.59.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821908/; classtype:trojan-activity;sid:83685008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821907/; classtype:trojan-activity;sid:83685007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.7.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821906/; classtype:trojan-activity;sid:83685006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821905/; classtype:trojan-activity;sid:83685005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.76.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821904/; classtype:trojan-activity;sid:83685004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.106.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821901/; classtype:trojan-activity;sid:83685001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.148.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821902/; classtype:trojan-activity;sid:83685002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.64.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821903/; classtype:trojan-activity;sid:83685003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.44.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821899/; classtype:trojan-activity;sid:83684999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.215.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821900/; classtype:trojan-activity;sid:83685000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.143.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821896/; classtype:trojan-activity;sid:83684996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.162.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821897/; classtype:trojan-activity;sid:83684997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.67.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821898/; classtype:trojan-activity;sid:83684998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.109.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821894/; classtype:trojan-activity;sid:83684994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.89.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821895/; classtype:trojan-activity;sid:83684995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"83.224.159.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821893/; classtype:trojan-activity;sid:83684993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"170.0.54.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821892/; classtype:trojan-activity;sid:83684992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.146.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821891/; classtype:trojan-activity;sid:83684991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.180.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821890/; classtype:trojan-activity;sid:83684990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"211.251.10.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821889/; classtype:trojan-activity;sid:83684989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668851548|3f|hash=4m5uxn08fvzzsz5erj0em8qvkawty8jex2ib2yka6o8|7c|26|7c|dl=53zxgmojk5fngdyg9melkyk5wazplnsyojjidvmkfs8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821888/; classtype:trojan-activity;sid:83684988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.108.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821887/; classtype:trojan-activity;sid:83684987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.74.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821886/; classtype:trojan-activity;sid:83684986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.89.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821885/; classtype:trojan-activity;sid:83684985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.17"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821884/; classtype:trojan-activity;sid:83684984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.212.159.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821883/; classtype:trojan-activity;sid:83684983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821882/; classtype:trojan-activity;sid:83684982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.0.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821881/; classtype:trojan-activity;sid:83684981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.180.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821879/; classtype:trojan-activity;sid:83684979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821880/; classtype:trojan-activity;sid:83684980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.122.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821878/; classtype:trojan-activity;sid:83684978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821877/; classtype:trojan-activity;sid:83684977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.104.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821876/; classtype:trojan-activity;sid:83684976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.235.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821875/; classtype:trojan-activity;sid:83684975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821874/; classtype:trojan-activity;sid:83684974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.31.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821873/; classtype:trojan-activity;sid:83684973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.6.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821872/; classtype:trojan-activity;sid:83684972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.196.97.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821871/; classtype:trojan-activity;sid:83684971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.19.119.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821870/; classtype:trojan-activity;sid:83684970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.220.157.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821868/; classtype:trojan-activity;sid:83684968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.184.249.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821869/; classtype:trojan-activity;sid:83684969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.174.238.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821865/; classtype:trojan-activity;sid:83684965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.38.45.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821866/; classtype:trojan-activity;sid:83684966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.131.121.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821867/; classtype:trojan-activity;sid:83684967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.4.222.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821863/; classtype:trojan-activity;sid:83684963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.95.124.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821864/; classtype:trojan-activity;sid:83684964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.189.188.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821857/; classtype:trojan-activity;sid:83684957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.10.211.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821858/; classtype:trojan-activity;sid:83684958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.53.205.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821859/; classtype:trojan-activity;sid:83684959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.148.18.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821860/; classtype:trojan-activity;sid:83684960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.29.162.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821861/; classtype:trojan-activity;sid:83684961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.0.251.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821862/; classtype:trojan-activity;sid:83684962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.245.165.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821852/; classtype:trojan-activity;sid:83684952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.49.193.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821853/; classtype:trojan-activity;sid:83684953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.43.228.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.162.70.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821855/; classtype:trojan-activity;sid:83684955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.251.10.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821856/; classtype:trojan-activity;sid:83684956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.4.18.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821848/; classtype:trojan-activity;sid:83684948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821849/; classtype:trojan-activity;sid:83684949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.114.137.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821850/; classtype:trojan-activity;sid:83684950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.182.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.211.153.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821839/; classtype:trojan-activity;sid:83684939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.59.90.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821840/; classtype:trojan-activity;sid:83684940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.69.219.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821841/; classtype:trojan-activity;sid:83684941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.166.220.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821842/; classtype:trojan-activity;sid:83684942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.246.165.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821843/; classtype:trojan-activity;sid:83684943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.162.70.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821844/; classtype:trojan-activity;sid:83684944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.191.16.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821845/; classtype:trojan-activity;sid:83684945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.116.1.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821846/; classtype:trojan-activity;sid:83684946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.150.128.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821847/; classtype:trojan-activity;sid:83684947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821833/; classtype:trojan-activity;sid:83684933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.183.186.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821834/; classtype:trojan-activity;sid:83684934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.222.134.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821835/; classtype:trojan-activity;sid:83684935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"145.255.30.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821837/; classtype:trojan-activity;sid:83684937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.155.64.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.34.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821827/; classtype:trojan-activity;sid:83684927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.95.254.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821828/; classtype:trojan-activity;sid:83684928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.148.20.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.212.51.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821830/; classtype:trojan-activity;sid:83684930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.19.183.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821831/; classtype:trojan-activity;sid:83684931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.202.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821832/; classtype:trojan-activity;sid:83684932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.14.24.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821824/; classtype:trojan-activity;sid:83684924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.196.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821825/; classtype:trojan-activity;sid:83684925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.190.57.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821826/; classtype:trojan-activity;sid:83684926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821816/; classtype:trojan-activity;sid:83684916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.193.33.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821817/; classtype:trojan-activity;sid:83684917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.0.131.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.218.50.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821819/; classtype:trojan-activity;sid:83684919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.36.80.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821820/; classtype:trojan-activity;sid:83684920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.195.191.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821821/; classtype:trojan-activity;sid:83684921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.14.11.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821822/; classtype:trojan-activity;sid:83684922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.37.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821823/; classtype:trojan-activity;sid:83684923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.129.2.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821811/; classtype:trojan-activity;sid:83684911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.133.4.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821812/; classtype:trojan-activity;sid:83684912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.77.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821813/; classtype:trojan-activity;sid:83684913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.136.69.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821814/; classtype:trojan-activity;sid:83684914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821815/; classtype:trojan-activity;sid:83684915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.9.53.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821805/; classtype:trojan-activity;sid:83684905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.0.129.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.148.18.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821807/; classtype:trojan-activity;sid:83684907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821808/; classtype:trojan-activity;sid:83684908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.231.181.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821809/; classtype:trojan-activity;sid:83684909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.113.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821810/; classtype:trojan-activity;sid:83684910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.7.223.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821799/; classtype:trojan-activity;sid:83684899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.41.63.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.193.62.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.159.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.159.8.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821803/; classtype:trojan-activity;sid:83684903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.185.119.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.130.102.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821792/; classtype:trojan-activity;sid:83684892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.147.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821793/; classtype:trojan-activity;sid:83684893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.187.149.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821794/; classtype:trojan-activity;sid:83684894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.122.28.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821795/; classtype:trojan-activity;sid:83684895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821796/; classtype:trojan-activity;sid:83684896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.164.132.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821797/; classtype:trojan-activity;sid:83684897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.76.80.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821798/; classtype:trojan-activity;sid:83684898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.0.54.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821786/; classtype:trojan-activity;sid:83684886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.7.158.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821787/; classtype:trojan-activity;sid:83684887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.63.213.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821788/; classtype:trojan-activity;sid:83684888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.7.20.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821789/; classtype:trojan-activity;sid:83684889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"75.136.50.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.81.56.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821791/; classtype:trojan-activity;sid:83684891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.66.125.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821782/; classtype:trojan-activity;sid:83684882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.149.127.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821783/; classtype:trojan-activity;sid:83684883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.201.160.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821784/; classtype:trojan-activity;sid:83684884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.248.41.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821785/; classtype:trojan-activity;sid:83684885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.175.134.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.55.98.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.212.49.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821778/; classtype:trojan-activity;sid:83684878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.75.49.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821779/; classtype:trojan-activity;sid:83684879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.235.234.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821780/; classtype:trojan-activity;sid:83684880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.66.105.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821781/; classtype:trojan-activity;sid:83684881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.252.29.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821771/; classtype:trojan-activity;sid:83684871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.236.46.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.197.209.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821773/; classtype:trojan-activity;sid:83684873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.226.157.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821774/; classtype:trojan-activity;sid:83684874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.124.76.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821775/; classtype:trojan-activity;sid:83684875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.226.199.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821767/; classtype:trojan-activity;sid:83684867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.105.249.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821768/; classtype:trojan-activity;sid:83684868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.124.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821769/; classtype:trojan-activity;sid:83684869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.34.20.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821770/; classtype:trojan-activity;sid:83684870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.190.20.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821765/; classtype:trojan-activity;sid:83684865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.162.197.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821766/; classtype:trojan-activity;sid:83684866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.113.122.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821763/; classtype:trojan-activity;sid:83684863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.124.33.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.96.214.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821759/; classtype:trojan-activity;sid:83684859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.72.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821761/; classtype:trojan-activity;sid:83684861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.129.2.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.29.162.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821752/; classtype:trojan-activity;sid:83684852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"173.235.65.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821753/; classtype:trojan-activity;sid:83684853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.129.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.211.252.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.237.162.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821756/; classtype:trojan-activity;sid:83684856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.103.217.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821757/; classtype:trojan-activity;sid:83684857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.204.218.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821758/; classtype:trojan-activity;sid:83684858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.2.23.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821747/; classtype:trojan-activity;sid:83684847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.109.113.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821748/; classtype:trojan-activity;sid:83684848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.239.120.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821749/; classtype:trojan-activity;sid:83684849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.25.107.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821750/; classtype:trojan-activity;sid:83684850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.18.223.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.151.143.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"158.181.34.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821741/; classtype:trojan-activity;sid:83684841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.152.129.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821742/; classtype:trojan-activity;sid:83684842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.205.131.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821743/; classtype:trojan-activity;sid:83684843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.126.195.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821744/; classtype:trojan-activity;sid:83684844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.104.195.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821745/; classtype:trojan-activity;sid:83684845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.46.28.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821746/; classtype:trojan-activity;sid:83684846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.4.44.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.100.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821736/; classtype:trojan-activity;sid:83684836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.188.30.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.150.253.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821738/; classtype:trojan-activity;sid:83684838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.31.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821739/; classtype:trojan-activity;sid:83684839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.53.164.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.57.135.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821730/; classtype:trojan-activity;sid:83684830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.33.2.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821731/; classtype:trojan-activity;sid:83684831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.154.187.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.33.114.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821733/; classtype:trojan-activity;sid:83684833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.59.133.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821734/; classtype:trojan-activity;sid:83684834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.159.4.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821721/; classtype:trojan-activity;sid:83684821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.5.19.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.115.103.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.167.13.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821724/; classtype:trojan-activity;sid:83684824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.188.248.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821725/; classtype:trojan-activity;sid:83684825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"147.91.249.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821726/; classtype:trojan-activity;sid:83684826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.86.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821727/; classtype:trojan-activity;sid:83684827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.199.179.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821728/; classtype:trojan-activity;sid:83684828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.202.194.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821720/; classtype:trojan-activity;sid:83684820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.83.178.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821717/; classtype:trojan-activity;sid:83684817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"149.255.10.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821718/; classtype:trojan-activity;sid:83684818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821719/; classtype:trojan-activity;sid:83684819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.126.178.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821714/; classtype:trojan-activity;sid:83684814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.245.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821715/; classtype:trojan-activity;sid:83684815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.254.23.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821716/; classtype:trojan-activity;sid:83684816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.237.4.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.161.230.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821707/; classtype:trojan-activity;sid:83684807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.66.195.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821708/; classtype:trojan-activity;sid:83684808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.204.212.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821709/; classtype:trojan-activity;sid:83684809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.117.210.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.173.173.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.13.133.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821712/; classtype:trojan-activity;sid:83684812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.209.71.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821713/; classtype:trojan-activity;sid:83684813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.84.237.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821701/; classtype:trojan-activity;sid:83684801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.71.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821702/; classtype:trojan-activity;sid:83684802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.93.245.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821703/; classtype:trojan-activity;sid:83684803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.91.137.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821704/; classtype:trojan-activity;sid:83684804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.52.72.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821705/; classtype:trojan-activity;sid:83684805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.246.177.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821690/; classtype:trojan-activity;sid:83684790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.193.97.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821691/; classtype:trojan-activity;sid:83684791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.159.0.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821692/; classtype:trojan-activity;sid:83684792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.50.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.54.237.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821694/; classtype:trojan-activity;sid:83684794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.241.94.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821695/; classtype:trojan-activity;sid:83684795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.121.80.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821696/; classtype:trojan-activity;sid:83684796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.106.58.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.108.130.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821698/; classtype:trojan-activity;sid:83684798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.186.82.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.224.243.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821700/; classtype:trojan-activity;sid:83684800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.63.242.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821679/; classtype:trojan-activity;sid:83684779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.224.242.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821680/; classtype:trojan-activity;sid:83684780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.136.195.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821681/; classtype:trojan-activity;sid:83684781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.246.141.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821682/; classtype:trojan-activity;sid:83684782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.207.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821683/; classtype:trojan-activity;sid:83684783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.179.167.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821684/; classtype:trojan-activity;sid:83684784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.86.123.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821685/; classtype:trojan-activity;sid:83684785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.184.140.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821686/; classtype:trojan-activity;sid:83684786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.228.6.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.158.238.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821688/; classtype:trojan-activity;sid:83684788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.0.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.212.52.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821675/; classtype:trojan-activity;sid:83684775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.0.129.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.184.231.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.190.109.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821678/; classtype:trojan-activity;sid:83684778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.205.35.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821672/; classtype:trojan-activity;sid:83684772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.129.147.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821673/; classtype:trojan-activity;sid:83684773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.199.123.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821674/; classtype:trojan-activity;sid:83684774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.22.237.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821669/; classtype:trojan-activity;sid:83684769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.137.36.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.61.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821671/; classtype:trojan-activity;sid:83684771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.57.32.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821668/; classtype:trojan-activity;sid:83684768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.219.163.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821667/; classtype:trojan-activity;sid:83684767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.133.154.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821666/; classtype:trojan-activity;sid:83684766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.211.169.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821665/; classtype:trojan-activity;sid:83684765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.236.218.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821664/; classtype:trojan-activity;sid:83684764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.18.197.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821663/; classtype:trojan-activity;sid:83684763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.247.1.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821661/; classtype:trojan-activity;sid:83684761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.117.133.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821662/; classtype:trojan-activity;sid:83684762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.200.106.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.242.106.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821656/; classtype:trojan-activity;sid:83684756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.78.201.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.184.86.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821658/; classtype:trojan-activity;sid:83684758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.109.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.27.204.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821655/; classtype:trojan-activity;sid:83684755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.28.86.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821652/; classtype:trojan-activity;sid:83684752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.99.230.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821653/; classtype:trojan-activity;sid:83684753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.248.145.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821654/; classtype:trojan-activity;sid:83684754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.254.46.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821647/; classtype:trojan-activity;sid:83684747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.205.53.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821648/; classtype:trojan-activity;sid:83684748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.225.114.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821649/; classtype:trojan-activity;sid:83684749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.20.254.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821650/; classtype:trojan-activity;sid:83684750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.56.21.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821651/; classtype:trojan-activity;sid:83684751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.170.118.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821645/; classtype:trojan-activity;sid:83684745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.252.66.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.193.59.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821640/; classtype:trojan-activity;sid:83684740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821641/; classtype:trojan-activity;sid:83684741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.130.22.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821642/; classtype:trojan-activity;sid:83684742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.205.125.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821643/; classtype:trojan-activity;sid:83684743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.57.128.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821644/; classtype:trojan-activity;sid:83684744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.214.112.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821628/; classtype:trojan-activity;sid:83684728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.12.6.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.25.1.25"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821630/; classtype:trojan-activity;sid:83684730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.125.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821631/; classtype:trojan-activity;sid:83684731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.196.122.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821632/; classtype:trojan-activity;sid:83684732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.94.245.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.65.35.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.189.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821635/; classtype:trojan-activity;sid:83684735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.158.95.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821636/; classtype:trojan-activity;sid:83684736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.201.160.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821637/; classtype:trojan-activity;sid:83684737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.177.98.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821638/; classtype:trojan-activity;sid:83684738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.61.163.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.15.176.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821620/; classtype:trojan-activity;sid:83684720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.48.58.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821621/; classtype:trojan-activity;sid:83684721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.207.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.15.233.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821623/; classtype:trojan-activity;sid:83684723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.52.158.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821624/; classtype:trojan-activity;sid:83684724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.237.250.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.228.223.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821626/; classtype:trojan-activity;sid:83684726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"167.250.193.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821627/; classtype:trojan-activity;sid:83684727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.214.56.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821615/; classtype:trojan-activity;sid:83684715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.2.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.208.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.128.231.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821618/; classtype:trojan-activity;sid:83684718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.128.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821610/; classtype:trojan-activity;sid:83684710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.16.143.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821611/; classtype:trojan-activity;sid:83684711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.33.204.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821612/; classtype:trojan-activity;sid:83684712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.92.222.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821613/; classtype:trojan-activity;sid:83684713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.185.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821614/; classtype:trojan-activity;sid:83684714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.97.143.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821607/; classtype:trojan-activity;sid:83684707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.117.177.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821608/; classtype:trojan-activity;sid:83684708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.211.154.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821609/; classtype:trojan-activity;sid:83684709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.129.202.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.220.87.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821598/; classtype:trojan-activity;sid:83684698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.68.95.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.46.58.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821600/; classtype:trojan-activity;sid:83684700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.152.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821601/; classtype:trojan-activity;sid:83684701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.38.182.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821602/; classtype:trojan-activity;sid:83684702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.42.98.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821603/; classtype:trojan-activity;sid:83684703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.208.49.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821604/; classtype:trojan-activity;sid:83684704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"165.90.16.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821605/; classtype:trojan-activity;sid:83684705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.111.184.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821606/; classtype:trojan-activity;sid:83684706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.165.168.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821590/; classtype:trojan-activity;sid:83684690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.215.163.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821591/; classtype:trojan-activity;sid:83684691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821592/; classtype:trojan-activity;sid:83684692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.205.74.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821593/; classtype:trojan-activity;sid:83684693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.196.120.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821594/; classtype:trojan-activity;sid:83684694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.134.42.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.143.220.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821596/; classtype:trojan-activity;sid:83684696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.234.251.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821586/; classtype:trojan-activity;sid:83684686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.184.54.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821587/; classtype:trojan-activity;sid:83684687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.145.239.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821588/; classtype:trojan-activity;sid:83684688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.129.137.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821589/; classtype:trojan-activity;sid:83684689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.66.105.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821583/; classtype:trojan-activity;sid:83684683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821584/; classtype:trojan-activity;sid:83684684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.167.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821585/; classtype:trojan-activity;sid:83684685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.6.37.37"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821581/; classtype:trojan-activity;sid:83684681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821582/; classtype:trojan-activity;sid:83684682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.101.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821580/; classtype:trojan-activity;sid:83684680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.55.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821579/; classtype:trojan-activity;sid:83684679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.sh4"; depth:14; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821573/; classtype:trojan-activity;sid:83684673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.mpsl"; depth:15; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821574/; classtype:trojan-activity;sid:83684674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.ppc"; depth:14; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821575/; classtype:trojan-activity;sid:83684675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.x86"; depth:14; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821576/; classtype:trojan-activity;sid:83684676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.arm6"; depth:15; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821577/; classtype:trojan-activity;sid:83684677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.mips"; depth:15; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821578/; classtype:trojan-activity;sid:83684678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.arm5"; depth:15; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821570/; classtype:trojan-activity;sid:83684670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.arm"; depth:14; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821571/; classtype:trojan-activity;sid:83684671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.spc"; depth:14; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821572/; classtype:trojan-activity;sid:83684672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.22.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821569/; classtype:trojan-activity;sid:83684669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.247.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821568/; classtype:trojan-activity;sid:83684668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.0.41"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821566/; classtype:trojan-activity;sid:83684666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.190.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821567/; classtype:trojan-activity;sid:83684667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.18.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821565/; classtype:trojan-activity;sid:83684665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.52.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821564/; classtype:trojan-activity;sid:83684664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.224.109.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821563/; classtype:trojan-activity;sid:83684663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821562/; classtype:trojan-activity;sid:83684662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821561/; classtype:trojan-activity;sid:83684661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821560/; classtype:trojan-activity;sid:83684660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821559/; classtype:trojan-activity;sid:83684659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//adb2.sh"; depth:9; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821558/; classtype:trojan-activity;sid:83684658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu.sh"; depth:8; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821555/; classtype:trojan-activity;sid:83684655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb1.sh"; depth:8; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821556/; classtype:trojan-activity;sid:83684656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb3.sh"; depth:8; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821557/; classtype:trojan-activity;sid:83684657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.59.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821554/; classtype:trojan-activity;sid:83684654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.60.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821553/; classtype:trojan-activity;sid:83684653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.122"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821552/; classtype:trojan-activity;sid:83684652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.249.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821550/; classtype:trojan-activity;sid:83684650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.190.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821551/; classtype:trojan-activity;sid:83684651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.227.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821549/; classtype:trojan-activity;sid:83684649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.235.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821548/; classtype:trojan-activity;sid:83684648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821547/; classtype:trojan-activity;sid:83684647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821546/; classtype:trojan-activity;sid:83684646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.53.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821545/; classtype:trojan-activity;sid:83684645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.208.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821544/; classtype:trojan-activity;sid:83684644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.31.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821543/; classtype:trojan-activity;sid:83684643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821542/; classtype:trojan-activity;sid:83684642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.22.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821541/; classtype:trojan-activity;sid:83684641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821540/; classtype:trojan-activity;sid:83684640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.52.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821539/; classtype:trojan-activity;sid:83684639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.55.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821537/; classtype:trojan-activity;sid:83684637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.18.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821538/; classtype:trojan-activity;sid:83684638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.230.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821536/; classtype:trojan-activity;sid:83684636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.191.177.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821533/; classtype:trojan-activity;sid:83684633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.202.91.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821534/; classtype:trojan-activity;sid:83684634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.132.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821535/; classtype:trojan-activity;sid:83684635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.95.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821531/; classtype:trojan-activity;sid:83684631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.140.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821532/; classtype:trojan-activity;sid:83684632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.140.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821529/; classtype:trojan-activity;sid:83684629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.185.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821530/; classtype:trojan-activity;sid:83684630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.180.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821528/; classtype:trojan-activity;sid:83684628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821526/; classtype:trojan-activity;sid:83684626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.68.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821527/; classtype:trojan-activity;sid:83684627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.11.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821525/; classtype:trojan-activity;sid:83684625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.71.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821524/; classtype:trojan-activity;sid:83684624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.60.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821523/; classtype:trojan-activity;sid:83684623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821522/; classtype:trojan-activity;sid:83684622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821519/; classtype:trojan-activity;sid:83684619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.214.38.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821520/; classtype:trojan-activity;sid:83684620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.17.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821521/; classtype:trojan-activity;sid:83684621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.176.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821518/; classtype:trojan-activity;sid:83684618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821517/; classtype:trojan-activity;sid:83684617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/test.exe"; depth:15; endswith; nocase; http.host; content:"77.221.151.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821516/; classtype:trojan-activity;sid:83684616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821509/; classtype:trojan-activity;sid:83684609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821510/; classtype:trojan-activity;sid:83684610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821511/; classtype:trojan-activity;sid:83684611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821512/; classtype:trojan-activity;sid:83684612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/accounts_ledger.exe"; depth:26; endswith; nocase; http.host; content:"77.221.151.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821513/; classtype:trojan-activity;sid:83684613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821514/; classtype:trojan-activity;sid:83684614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"45.144.214.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821515/; classtype:trojan-activity;sid:83684615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d%e1%bb%8ach%20v%e1%bb%a4%20c%c3%94ng.apk"; depth:42; endswith; nocase; http.host; content:"vnviet.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821508/; classtype:trojan-activity;sid:83684608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.242.46.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821507/; classtype:trojan-activity;sid:83684607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.124.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821506/; classtype:trojan-activity;sid:83684606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.109.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821505/; classtype:trojan-activity;sid:83684605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.140.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821504/; classtype:trojan-activity;sid:83684604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.55.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821503/; classtype:trojan-activity;sid:83684603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.119.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821502/; classtype:trojan-activity;sid:83684602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821501/; classtype:trojan-activity;sid:83684601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.91.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821500/; classtype:trojan-activity;sid:83684600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.46.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821498/; classtype:trojan-activity;sid:83684598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.67.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821499/; classtype:trojan-activity;sid:83684599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.11.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821497/; classtype:trojan-activity;sid:83684597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.17.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821496/; classtype:trojan-activity;sid:83684596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.2.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821495/; classtype:trojan-activity;sid:83684595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.68.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821494/; classtype:trojan-activity;sid:83684594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.86.160.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821493/; classtype:trojan-activity;sid:83684593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.143.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821492/; classtype:trojan-activity;sid:83684592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821491/; classtype:trojan-activity;sid:83684591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.243.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821490/; classtype:trojan-activity;sid:83684590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.208.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821489/; classtype:trojan-activity;sid:83684589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.228.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821488/; classtype:trojan-activity;sid:83684588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.211.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821487/; classtype:trojan-activity;sid:83684587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.206.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821486/; classtype:trojan-activity;sid:83684586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.12.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821485/; classtype:trojan-activity;sid:83684585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.38.194.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821484/; classtype:trojan-activity;sid:83684584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.91.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821483/; classtype:trojan-activity;sid:83684583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.168.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821482/; classtype:trojan-activity;sid:83684582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.195.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821481/; classtype:trojan-activity;sid:83684581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.33.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821480/; classtype:trojan-activity;sid:83684580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.237.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821479/; classtype:trojan-activity;sid:83684579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821475/; classtype:trojan-activity;sid:83684575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821476/; classtype:trojan-activity;sid:83684576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821477/; classtype:trojan-activity;sid:83684577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821478/; classtype:trojan-activity;sid:83684578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed.exe"; depth:7; endswith; nocase; http.host; content:"mfmedia.id"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821474/; classtype:trojan-activity;sid:83684574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821473/; classtype:trojan-activity;sid:83684573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/toolspub1.exe"; depth:24; endswith; nocase; http.host; content:"file-file-file2.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821472/; classtype:trojan-activity;sid:83684572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"91.92.250.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821471/; classtype:trojan-activity;sid:83684571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/windowsgamebar.exe"; depth:25; endswith; nocase; http.host; content:"77.221.151.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821470/; classtype:trojan-activity;sid:83684570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/hatthgola.vmp.dll"; depth:24; endswith; nocase; http.host; content:"77.221.151.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821469/; classtype:trojan-activity;sid:83684569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hdaw.exe"; depth:9; endswith; nocase; http.host; content:"rajflowers.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821467/; classtype:trojan-activity;sid:83684567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/mmfd.exe"; depth:14; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821468/; classtype:trojan-activity;sid:83684568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.12.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821466/; classtype:trojan-activity;sid:83684566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"154.201.89.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821464/; classtype:trojan-activity;sid:83684564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/app.exe"; depth:13; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821465/; classtype:trojan-activity;sid:83684565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/dirtquire.exe"; depth:19; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821462/; classtype:trojan-activity;sid:83684562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9a0456996101b7b380b0241a917ce089/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821463/; classtype:trojan-activity;sid:83684563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cost/rules.exe"; depth:15; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821461/; classtype:trojan-activity;sid:83684561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.2.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821460/; classtype:trojan-activity;sid:83684560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.83.33"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821459/; classtype:trojan-activity;sid:83684559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821458/; classtype:trojan-activity;sid:83684558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.86.160.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821457/; classtype:trojan-activity;sid:83684557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.230.168.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821456/; classtype:trojan-activity;sid:83684556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.116.151.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821455/; classtype:trojan-activity;sid:83684555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.208.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821454/; classtype:trojan-activity;sid:83684554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.154.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821453/; classtype:trojan-activity;sid:83684553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.6.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821452/; classtype:trojan-activity;sid:83684552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821451/; classtype:trojan-activity;sid:83684551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.35.50.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821450/; classtype:trojan-activity;sid:83684550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821449/; classtype:trojan-activity;sid:83684549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.145.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821448/; classtype:trojan-activity;sid:83684548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.206.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821446/; classtype:trojan-activity;sid:83684546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.250.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821447/; classtype:trojan-activity;sid:83684547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821445/; classtype:trojan-activity;sid:83684545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.21.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821444/; classtype:trojan-activity;sid:83684544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821443/; classtype:trojan-activity;sid:83684543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.70.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821442/; classtype:trojan-activity;sid:83684542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.215.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821441/; classtype:trojan-activity;sid:83684541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821439/; classtype:trojan-activity;sid:83684539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.87.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821440/; classtype:trojan-activity;sid:83684540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.45.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821438/; classtype:trojan-activity;sid:83684538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821437/; classtype:trojan-activity;sid:83684537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.63.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821436/; classtype:trojan-activity;sid:83684536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.71.236.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821435/; classtype:trojan-activity;sid:83684535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.81.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821434/; classtype:trojan-activity;sid:83684534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.208.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821433/; classtype:trojan-activity;sid:83684533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821432/; classtype:trojan-activity;sid:83684532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.104.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821431/; classtype:trojan-activity;sid:83684531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.194.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821430/; classtype:trojan-activity;sid:83684530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.183.11.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821429/; classtype:trojan-activity;sid:83684529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.240.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821428/; classtype:trojan-activity;sid:83684528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.51.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821427/; classtype:trojan-activity;sid:83684527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.161.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821426/; classtype:trojan-activity;sid:83684526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.215.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821425/; classtype:trojan-activity;sid:83684525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.87.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821424/; classtype:trojan-activity;sid:83684524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.12.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821423/; classtype:trojan-activity;sid:83684523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821422/; classtype:trojan-activity;sid:83684522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821421/; classtype:trojan-activity;sid:83684521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.53.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821420/; classtype:trojan-activity;sid:83684520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.81.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821419/; classtype:trojan-activity;sid:83684519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.171.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821418/; classtype:trojan-activity;sid:83684518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.34.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821417/; classtype:trojan-activity;sid:83684517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.84.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821416/; classtype:trojan-activity;sid:83684516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.188.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821415/; classtype:trojan-activity;sid:83684515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.14.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821414/; classtype:trojan-activity;sid:83684514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.32.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821413/; classtype:trojan-activity;sid:83684513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.51.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821412/; classtype:trojan-activity;sid:83684512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.195.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821411/; classtype:trojan-activity;sid:83684511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.104.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821410/; classtype:trojan-activity;sid:83684510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.205.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821409/; classtype:trojan-activity;sid:83684509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.129.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821408/; classtype:trojan-activity;sid:83684508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.68.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821407/; classtype:trojan-activity;sid:83684507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.164.233.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821406/; classtype:trojan-activity;sid:83684506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.32.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821405/; classtype:trojan-activity;sid:83684505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.153.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821404/; classtype:trojan-activity;sid:83684504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.80.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821403/; classtype:trojan-activity;sid:83684503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"24.53.142.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821402/; classtype:trojan-activity;sid:83684502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.230.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821401/; classtype:trojan-activity;sid:83684501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.191.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821400/; classtype:trojan-activity;sid:83684500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.84.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821399/; classtype:trojan-activity;sid:83684499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.63.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821398/; classtype:trojan-activity;sid:83684498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.7.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821396/; classtype:trojan-activity;sid:83684496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.111.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821397/; classtype:trojan-activity;sid:83684497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.164.233.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821395/; classtype:trojan-activity;sid:83684495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.230.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821394/; classtype:trojan-activity;sid:83684494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.185.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821393/; classtype:trojan-activity;sid:83684493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.53.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821392/; classtype:trojan-activity;sid:83684492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morningfilewiththisisacompletetestedfilewhichtrulyworkedwellwithentireprocesscreatedgreatthingswithme__iamthegreatalwaysbefrabk.doc"; depth:132; endswith; nocase; http.host; content:"192.3.216.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821391/; classtype:trojan-activity;sid:83684491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.191.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821390/; classtype:trojan-activity;sid:83684490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"75.32.190.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821388/; classtype:trojan-activity;sid:83684488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.49.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821389/; classtype:trojan-activity;sid:83684489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821387/; classtype:trojan-activity;sid:83684487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.227.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821386/; classtype:trojan-activity;sid:83684486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.4.160.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821385/; classtype:trojan-activity;sid:83684485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.215.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821384/; classtype:trojan-activity;sid:83684484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821383/; classtype:trojan-activity;sid:83684483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.243.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821382/; classtype:trojan-activity;sid:83684482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.252.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821381/; classtype:trojan-activity;sid:83684481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.156.71.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821380/; classtype:trojan-activity;sid:83684480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.18.66.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821379/; classtype:trojan-activity;sid:83684479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.174.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821378/; classtype:trojan-activity;sid:83684478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821377/; classtype:trojan-activity;sid:83684477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.121.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821376/; classtype:trojan-activity;sid:83684476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/6625dc41120a1492a7b822c5"; depth:34; endswith; nocase; http.host; content:"api.discreetshare.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821375/; classtype:trojan-activity;sid:83684475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.159.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821374/; classtype:trojan-activity;sid:83684474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.243.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821373/; classtype:trojan-activity;sid:83684473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.37.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821372/; classtype:trojan-activity;sid:83684472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.62.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821371/; classtype:trojan-activity;sid:83684471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.5.9"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821370/; classtype:trojan-activity;sid:83684470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.136.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821369/; classtype:trojan-activity;sid:83684469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.233.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821368/; classtype:trojan-activity;sid:83684468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821367/; classtype:trojan-activity;sid:83684467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.87.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821366/; classtype:trojan-activity;sid:83684466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.235.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821365/; classtype:trojan-activity;sid:83684465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.121.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821363/; classtype:trojan-activity;sid:83684463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.243.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821364/; classtype:trojan-activity;sid:83684464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.159.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821362/; classtype:trojan-activity;sid:83684462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.6.211.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821361/; classtype:trojan-activity;sid:83684461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.1.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821360/; classtype:trojan-activity;sid:83684460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.245.77.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821359/; classtype:trojan-activity;sid:83684459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.104.221.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821358/; classtype:trojan-activity;sid:83684458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.151.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821357/; classtype:trojan-activity;sid:83684457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.136.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821355/; classtype:trojan-activity;sid:83684455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.62.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821356/; classtype:trojan-activity;sid:83684456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821354/; classtype:trojan-activity;sid:83684454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.70.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821353/; classtype:trojan-activity;sid:83684453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.50.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821352/; classtype:trojan-activity;sid:83684452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821350/; classtype:trojan-activity;sid:83684450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.86.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821351/; classtype:trojan-activity;sid:83684451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.34.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821349/; classtype:trojan-activity;sid:83684449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.15.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821348/; classtype:trojan-activity;sid:83684448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.37.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821347/; classtype:trojan-activity;sid:83684447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.126.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821346/; classtype:trojan-activity;sid:83684446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.27.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821345/; classtype:trojan-activity;sid:83684445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.177.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821344/; classtype:trojan-activity;sid:83684444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.209.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821343/; classtype:trojan-activity;sid:83684443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.45.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821342/; classtype:trojan-activity;sid:83684442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.196.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821341/; classtype:trojan-activity;sid:83684441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.54.98.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821340/; classtype:trojan-activity;sid:83684440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data-package/neh4rcfw/download"; depth:31; endswith; nocase; http.host; content:"filetransfer.io"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821339/; classtype:trojan-activity;sid:83684439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.112.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821338/; classtype:trojan-activity;sid:83684438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821337/; classtype:trojan-activity;sid:83684437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.10.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821336/; classtype:trojan-activity;sid:83684436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.176.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821335/; classtype:trojan-activity;sid:83684435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.234.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821334/; classtype:trojan-activity;sid:83684434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821333/; classtype:trojan-activity;sid:83684433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.145.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821332/; classtype:trojan-activity;sid:83684432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821331/; classtype:trojan-activity;sid:83684431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.192.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821330/; classtype:trojan-activity;sid:83684430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.209.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821329/; classtype:trojan-activity;sid:83684429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.205.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821328/; classtype:trojan-activity;sid:83684428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.142.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821327/; classtype:trojan-activity;sid:83684427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.10.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821326/; classtype:trojan-activity;sid:83684426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.123.145.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821325/; classtype:trojan-activity;sid:83684425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.18.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821324/; classtype:trojan-activity;sid:83684424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.196.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821323/; classtype:trojan-activity;sid:83684423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.24.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821322/; classtype:trojan-activity;sid:83684422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.234.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821321/; classtype:trojan-activity;sid:83684421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.215.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821320/; classtype:trojan-activity;sid:83684420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.159.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821319/; classtype:trojan-activity;sid:83684419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.176.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821318/; classtype:trojan-activity;sid:83684418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.66.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821317/; classtype:trojan-activity;sid:83684417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.166.98.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821316/; classtype:trojan-activity;sid:83684416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821315/; classtype:trojan-activity;sid:83684415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.37.237.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821314/; classtype:trojan-activity;sid:83684414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.142.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821312/; classtype:trojan-activity;sid:83684412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.205.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821313/; classtype:trojan-activity;sid:83684413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821308/; classtype:trojan-activity;sid:83684408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mips"; depth:11; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821309/; classtype:trojan-activity;sid:83684409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86_64"; depth:13; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821310/; classtype:trojan-activity;sid:83684410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821311/; classtype:trojan-activity;sid:83684411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm7"; depth:11; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821307/; classtype:trojan-activity;sid:83684407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821301/; classtype:trojan-activity;sid:83684401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv6l"; depth:13; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821302/; classtype:trojan-activity;sid:83684402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821303/; classtype:trojan-activity;sid:83684403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm"; depth:10; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821304/; classtype:trojan-activity;sid:83684404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86"; depth:10; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821305/; classtype:trojan-activity;sid:83684405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821306/; classtype:trojan-activity;sid:83684406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mipsel"; depth:13; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821295/; classtype:trojan-activity;sid:83684395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sparc"; depth:12; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821296/; classtype:trojan-activity;sid:83684396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm6"; depth:11; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821297/; classtype:trojan-activity;sid:83684397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv5"; depth:12; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821298/; classtype:trojan-activity;sid:83684398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm5"; depth:11; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821299/; classtype:trojan-activity;sid:83684399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821300/; classtype:trojan-activity;sid:83684400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.m68k"; depth:11; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821294/; classtype:trojan-activity;sid:83684394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i586"; depth:11; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821290/; classtype:trojan-activity;sid:83684390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv4"; depth:12; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821291/; classtype:trojan-activity;sid:83684391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mips"; depth:11; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821292/; classtype:trojan-activity;sid:83684392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821293/; classtype:trojan-activity;sid:83684393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.ppc"; depth:10; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821285/; classtype:trojan-activity;sid:83684385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821286/; classtype:trojan-activity;sid:83684386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821287/; classtype:trojan-activity;sid:83684387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm"; depth:12; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821288/; classtype:trojan-activity;sid:83684388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.x86"; depth:10; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821289/; classtype:trojan-activity;sid:83684389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"93.123.85.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821277/; classtype:trojan-activity;sid:83684377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.ppc"; depth:10; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821278/; classtype:trojan-activity;sid:83684378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821279/; classtype:trojan-activity;sid:83684379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mpsl"; depth:11; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821280/; classtype:trojan-activity;sid:83684380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821281/; classtype:trojan-activity;sid:83684381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.m68k"; depth:11; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821282/; classtype:trojan-activity;sid:83684382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i686"; depth:11; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821283/; classtype:trojan-activity;sid:83684383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sh4"; depth:10; endswith; nocase; http.host; content:"91.92.245.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821284/; classtype:trojan-activity;sid:83684384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.spc"; depth:10; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821275/; classtype:trojan-activity;sid:83684375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.sh4"; depth:10; endswith; nocase; http.host; content:"14.225.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821276/; classtype:trojan-activity;sid:83684376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ssh4"; depth:6; endswith; nocase; http.host; content:"93.123.85.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821273/; classtype:trojan-activity;sid:83684373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821274/; classtype:trojan-activity;sid:83684374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821271/; classtype:trojan-activity;sid:83684371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821272/; classtype:trojan-activity;sid:83684372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821269/; classtype:trojan-activity;sid:83684369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821270/; classtype:trojan-activity;sid:83684370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821268/; classtype:trojan-activity;sid:83684368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821267/; classtype:trojan-activity;sid:83684367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821265/; classtype:trojan-activity;sid:83684365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm5"; depth:13; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821266/; classtype:trojan-activity;sid:83684366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.43.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821264/; classtype:trojan-activity;sid:83684364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.190.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821263/; classtype:trojan-activity;sid:83684363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.149.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821262/; classtype:trojan-activity;sid:83684362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.135.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821260/; classtype:trojan-activity;sid:83684360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.180.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821261/; classtype:trojan-activity;sid:83684361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.248.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821259/; classtype:trojan-activity;sid:83684359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.81.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821258/; classtype:trojan-activity;sid:83684358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.68.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821257/; classtype:trojan-activity;sid:83684357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.24.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821256/; classtype:trojan-activity;sid:83684356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.115.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821255/; classtype:trojan-activity;sid:83684355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821254/; classtype:trojan-activity;sid:83684354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.216.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821253/; classtype:trojan-activity;sid:83684353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.215.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821252/; classtype:trojan-activity;sid:83684352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.239.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821251/; classtype:trojan-activity;sid:83684351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.2.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821250/; classtype:trojan-activity;sid:83684350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.49.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821249/; classtype:trojan-activity;sid:83684349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.54.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821247/; classtype:trojan-activity;sid:83684347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.235.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821248/; classtype:trojan-activity;sid:83684348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.159.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821245/; classtype:trojan-activity;sid:83684345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.43.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821246/; classtype:trojan-activity;sid:83684346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.54.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821244/; classtype:trojan-activity;sid:83684344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.36.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821243/; classtype:trojan-activity;sid:83684343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.79.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821242/; classtype:trojan-activity;sid:83684342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.167.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821241/; classtype:trojan-activity;sid:83684341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.102.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821240/; classtype:trojan-activity;sid:83684340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.186.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821239/; classtype:trojan-activity;sid:83684339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"218.79.116.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821238/; classtype:trojan-activity;sid:83684338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821237/; classtype:trojan-activity;sid:83684337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.167.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821236/; classtype:trojan-activity;sid:83684336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.24.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821235/; classtype:trojan-activity;sid:83684335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.239.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821234/; classtype:trojan-activity;sid:83684334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.102.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821233/; classtype:trojan-activity;sid:83684333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.53.142.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821232/; classtype:trojan-activity;sid:83684332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.24.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821231/; classtype:trojan-activity;sid:83684331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.37.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821230/; classtype:trojan-activity;sid:83684330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.150.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821229/; classtype:trojan-activity;sid:83684329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.167.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821228/; classtype:trojan-activity;sid:83684328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.123.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821227/; classtype:trojan-activity;sid:83684327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.101.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821226/; classtype:trojan-activity;sid:83684326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821225/; classtype:trojan-activity;sid:83684325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.188.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821224/; classtype:trojan-activity;sid:83684324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.156.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821223/; classtype:trojan-activity;sid:83684323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.96.25.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821222/; classtype:trojan-activity;sid:83684322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821221/; classtype:trojan-activity;sid:83684321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.228.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821219/; classtype:trojan-activity;sid:83684319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.180.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821220/; classtype:trojan-activity;sid:83684320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.1.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821218/; classtype:trojan-activity;sid:83684318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/near/boom.exe"; depth:14; endswith; nocase; http.host; content:"147.45.47.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821217/; classtype:trojan-activity;sid:83684317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.132.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821216/; classtype:trojan-activity;sid:83684316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.57.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821215/; classtype:trojan-activity;sid:83684315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.37.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821214/; classtype:trojan-activity;sid:83684314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.23.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821213/; classtype:trojan-activity;sid:83684313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.180.172.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821212/; classtype:trojan-activity;sid:83684312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.68.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821211/; classtype:trojan-activity;sid:83684311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821210/; classtype:trojan-activity;sid:83684310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821209/; classtype:trojan-activity;sid:83684309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821208/; classtype:trojan-activity;sid:83684308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.3.87.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821207/; classtype:trojan-activity;sid:83684307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.23.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821206/; classtype:trojan-activity;sid:83684306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.172.30.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821205/; classtype:trojan-activity;sid:83684305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.132.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821204/; classtype:trojan-activity;sid:83684304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.3.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821203/; classtype:trojan-activity;sid:83684303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.27.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821202/; classtype:trojan-activity;sid:83684302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.57.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821201/; classtype:trojan-activity;sid:83684301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.91.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821200/; classtype:trojan-activity;sid:83684300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.69.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821199/; classtype:trojan-activity;sid:83684299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.150.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821198/; classtype:trojan-activity;sid:83684298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.68.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821197/; classtype:trojan-activity;sid:83684297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.82.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821196/; classtype:trojan-activity;sid:83684296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.36.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821195/; classtype:trojan-activity;sid:83684295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.197.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821194/; classtype:trojan-activity;sid:83684294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.4.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821192/; classtype:trojan-activity;sid:83684292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.172.30.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821193/; classtype:trojan-activity;sid:83684293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821191/; classtype:trojan-activity;sid:83684291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821190/; classtype:trojan-activity;sid:83684290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.199.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821189/; classtype:trojan-activity;sid:83684289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821188/; classtype:trojan-activity;sid:83684288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.114.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821187/; classtype:trojan-activity;sid:83684287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821186/; classtype:trojan-activity;sid:83684286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821185/; classtype:trojan-activity;sid:83684285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.186.192.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821184/; classtype:trojan-activity;sid:83684284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.208.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821183/; classtype:trojan-activity;sid:83684283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.36.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821182/; classtype:trojan-activity;sid:83684282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.66.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821181/; classtype:trojan-activity;sid:83684281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821180/; classtype:trojan-activity;sid:83684280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.150.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821179/; classtype:trojan-activity;sid:83684279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.3.87.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821178/; classtype:trojan-activity;sid:83684278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.236.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821177/; classtype:trojan-activity;sid:83684277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.246.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821176/; classtype:trojan-activity;sid:83684276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.220.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821175/; classtype:trojan-activity;sid:83684275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.187.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821174/; classtype:trojan-activity;sid:83684274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.52.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821173/; classtype:trojan-activity;sid:83684273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.12.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821172/; classtype:trojan-activity;sid:83684272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.135.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821171/; classtype:trojan-activity;sid:83684271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.50.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821170/; classtype:trojan-activity;sid:83684270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.210.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821169/; classtype:trojan-activity;sid:83684269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.1.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821168/; classtype:trojan-activity;sid:83684268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.186.192.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821167/; classtype:trojan-activity;sid:83684267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.222.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821166/; classtype:trojan-activity;sid:83684266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.40.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821165/; classtype:trojan-activity;sid:83684265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.128.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821163/; classtype:trojan-activity;sid:83684263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.56.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821164/; classtype:trojan-activity;sid:83684264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.208.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821162/; classtype:trojan-activity;sid:83684262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.12.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821161/; classtype:trojan-activity;sid:83684261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/milka/sutra.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821160/; classtype:trojan-activity;sid:83684260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.1.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821159/; classtype:trojan-activity;sid:83684259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.81.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821158/; classtype:trojan-activity;sid:83684258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821157/; classtype:trojan-activity;sid:83684257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821156/; classtype:trojan-activity;sid:83684256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.133.237.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821155/; classtype:trojan-activity;sid:83684255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668821187|3f|hash=zpzczvl2dg07k8ksboferpdhhvo7yxr5yvbz5zfmolt|7c|26|7c|dl=eetlstwajqz1mglqs8avifedczr73fwmh1xo3v3ryrw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821154/; classtype:trojan-activity;sid:83684254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.210.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821151/; classtype:trojan-activity;sid:83684251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.118.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821152/; classtype:trojan-activity;sid:83684252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.87.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821153/; classtype:trojan-activity;sid:83684253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.224.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821150/; classtype:trojan-activity;sid:83684250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821149/; classtype:trojan-activity;sid:83684249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.135.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821148/; classtype:trojan-activity;sid:83684248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.236.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821147/; classtype:trojan-activity;sid:83684247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.203.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821146/; classtype:trojan-activity;sid:83684246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.43.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821144/; classtype:trojan-activity;sid:83684244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.138.118.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821145/; classtype:trojan-activity;sid:83684245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.86.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821143/; classtype:trojan-activity;sid:83684243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.246.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821142/; classtype:trojan-activity;sid:83684242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.161.3.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821141/; classtype:trojan-activity;sid:83684241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.151.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821140/; classtype:trojan-activity;sid:83684240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821139/; classtype:trojan-activity;sid:83684239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.115.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821138/; classtype:trojan-activity;sid:83684238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.8.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821137/; classtype:trojan-activity;sid:83684237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.87.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821136/; classtype:trojan-activity;sid:83684236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.172.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821135/; classtype:trojan-activity;sid:83684235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.211"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821134/; classtype:trojan-activity;sid:83684234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.203.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821133/; classtype:trojan-activity;sid:83684233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.17.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821132/; classtype:trojan-activity;sid:83684232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.71.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821131/; classtype:trojan-activity;sid:83684231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.246.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821130/; classtype:trojan-activity;sid:83684230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.169.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821129/; classtype:trojan-activity;sid:83684229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.172.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821128/; classtype:trojan-activity;sid:83684228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.17.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821127/; classtype:trojan-activity;sid:83684227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.144.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821126/; classtype:trojan-activity;sid:83684226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.87.43.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821122/; classtype:trojan-activity;sid:83684222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.138.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821123/; classtype:trojan-activity;sid:83684223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.152.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821124/; classtype:trojan-activity;sid:83684224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.249.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821125/; classtype:trojan-activity;sid:83684225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.87.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821121/; classtype:trojan-activity;sid:83684221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.91.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821120/; classtype:trojan-activity;sid:83684220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.26.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821119/; classtype:trojan-activity;sid:83684219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.143.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821118/; classtype:trojan-activity;sid:83684218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.23.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821117/; classtype:trojan-activity;sid:83684217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.151.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821116/; classtype:trojan-activity;sid:83684216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821115/; classtype:trojan-activity;sid:83684215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.117.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821114/; classtype:trojan-activity;sid:83684214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821113/; classtype:trojan-activity;sid:83684213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.91.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821112/; classtype:trojan-activity;sid:83684212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.184.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821111/; classtype:trojan-activity;sid:83684211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.86.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821110/; classtype:trojan-activity;sid:83684210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.211"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821109/; classtype:trojan-activity;sid:83684209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.145.234.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821108/; classtype:trojan-activity;sid:83684208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.97.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821107/; classtype:trojan-activity;sid:83684207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.246.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821104/; classtype:trojan-activity;sid:83684204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.7.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821105/; classtype:trojan-activity;sid:83684205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.232.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821106/; classtype:trojan-activity;sid:83684206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.174.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821103/; classtype:trojan-activity;sid:83684203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.198.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821102/; classtype:trojan-activity;sid:83684202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.218.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821101/; classtype:trojan-activity;sid:83684201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821099/; classtype:trojan-activity;sid:83684199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.182.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821100/; classtype:trojan-activity;sid:83684200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.89.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821098/; classtype:trojan-activity;sid:83684198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.68.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821097/; classtype:trojan-activity;sid:83684197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.184.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821096/; classtype:trojan-activity;sid:83684196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.12.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821095/; classtype:trojan-activity;sid:83684195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.91.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821094/; classtype:trojan-activity;sid:83684194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.11.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821093/; classtype:trojan-activity;sid:83684193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.199.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821092/; classtype:trojan-activity;sid:83684192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.97.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821091/; classtype:trojan-activity;sid:83684191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.7.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821090/; classtype:trojan-activity;sid:83684190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.232.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821089/; classtype:trojan-activity;sid:83684189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.128.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821088/; classtype:trojan-activity;sid:83684188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.163.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821087/; classtype:trojan-activity;sid:83684187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.92.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821086/; classtype:trojan-activity;sid:83684186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821085/; classtype:trojan-activity;sid:83684185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.95.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821084/; classtype:trojan-activity;sid:83684184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.110.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821082/; classtype:trojan-activity;sid:83684182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.84.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821083/; classtype:trojan-activity;sid:83684183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.100.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821080/; classtype:trojan-activity;sid:83684180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.8.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821081/; classtype:trojan-activity;sid:83684181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821079/; classtype:trojan-activity;sid:83684179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821078/; classtype:trojan-activity;sid:83684178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.181.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821077/; classtype:trojan-activity;sid:83684177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.1.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821076/; classtype:trojan-activity;sid:83684176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.6.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821075/; classtype:trojan-activity;sid:83684175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821074/; classtype:trojan-activity;sid:83684174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.163.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821073/; classtype:trojan-activity;sid:83684173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.41.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821072/; classtype:trojan-activity;sid:83684172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.12.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821071/; classtype:trojan-activity;sid:83684171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.218.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821070/; classtype:trojan-activity;sid:83684170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821069/; classtype:trojan-activity;sid:83684169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.199.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821068/; classtype:trojan-activity;sid:83684168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.187.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821067/; classtype:trojan-activity;sid:83684167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.100.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821066/; classtype:trojan-activity;sid:83684166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.230.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821065/; classtype:trojan-activity;sid:83684165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.151.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821064/; classtype:trojan-activity;sid:83684164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.191.177.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821062/; classtype:trojan-activity;sid:83684162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.149.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821063/; classtype:trojan-activity;sid:83684163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668841850|3f|hash=zldlhzbqeefeiukrxezpn2rscv3h9hs113lkedoyy3k|7c|26|7c|dl=dynv0q6fwp0vkc0q2i8rhzefz5ztpmtwxdiihonaabs|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821061/; classtype:trojan-activity;sid:83684161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh4"; depth:9; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821055/; classtype:trojan-activity;sid:83684155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.dbg"; depth:9; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821056/; classtype:trojan-activity;sid:83684156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821057/; classtype:trojan-activity;sid:83684157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm7"; depth:10; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821058/; classtype:trojan-activity;sid:83684158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821059/; classtype:trojan-activity;sid:83684159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821060/; classtype:trojan-activity;sid:83684160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.spc"; depth:9; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821052/; classtype:trojan-activity;sid:83684152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821053/; classtype:trojan-activity;sid:83684153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821054/; classtype:trojan-activity;sid:83684154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821050/; classtype:trojan-activity;sid:83684150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm"; depth:9; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821051/; classtype:trojan-activity;sid:83684151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.m68k"; depth:10; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821048/; classtype:trojan-activity;sid:83684148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.80.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821049/; classtype:trojan-activity;sid:83684149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/active.sh"; depth:10; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821046/; classtype:trojan-activity;sid:83684146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"93.123.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821047/; classtype:trojan-activity;sid:83684147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.77.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821045/; classtype:trojan-activity;sid:83684145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.160.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821044/; classtype:trojan-activity;sid:83684144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.230.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821043/; classtype:trojan-activity;sid:83684143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.80.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821042/; classtype:trojan-activity;sid:83684142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.83.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821041/; classtype:trojan-activity;sid:83684141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.132.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821040/; classtype:trojan-activity;sid:83684140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.81.137.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821039/; classtype:trojan-activity;sid:83684139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.24.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821038/; classtype:trojan-activity;sid:83684138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.124.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821037/; classtype:trojan-activity;sid:83684137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.208.166.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821036/; classtype:trojan-activity;sid:83684136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.80.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821035/; classtype:trojan-activity;sid:83684135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.169.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821034/; classtype:trojan-activity;sid:83684134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.11.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821033/; classtype:trojan-activity;sid:83684133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.250.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821032/; classtype:trojan-activity;sid:83684132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.126.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821030/; classtype:trojan-activity;sid:83684130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.83.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821031/; classtype:trojan-activity;sid:83684131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821029/; classtype:trojan-activity;sid:83684129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.153.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821028/; classtype:trojan-activity;sid:83684128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.83.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821027/; classtype:trojan-activity;sid:83684127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.132.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821026/; classtype:trojan-activity;sid:83684126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.193.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821025/; classtype:trojan-activity;sid:83684125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.53.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821024/; classtype:trojan-activity;sid:83684124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.227.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821022/; classtype:trojan-activity;sid:83684122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.124.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821023/; classtype:trojan-activity;sid:83684123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821021/; classtype:trojan-activity;sid:83684121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.235.44.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821020/; classtype:trojan-activity;sid:83684120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.169.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821019/; classtype:trojan-activity;sid:83684119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.250.5.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821018/; classtype:trojan-activity;sid:83684118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.6.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821017/; classtype:trojan-activity;sid:83684117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.80.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821016/; classtype:trojan-activity;sid:83684116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.78.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821015/; classtype:trojan-activity;sid:83684115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.130.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821013/; classtype:trojan-activity;sid:83684113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.208.166.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821014/; classtype:trojan-activity;sid:83684114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.153.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821012/; classtype:trojan-activity;sid:83684112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.193.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821011/; classtype:trojan-activity;sid:83684111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.11.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821009/; classtype:trojan-activity;sid:83684109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.18.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821010/; classtype:trojan-activity;sid:83684110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.11.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821008/; classtype:trojan-activity;sid:83684108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821007/; classtype:trojan-activity;sid:83684107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821006/; classtype:trojan-activity;sid:83684106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.228.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821005/; classtype:trojan-activity;sid:83684105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821004/; classtype:trojan-activity;sid:83684104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821003/; classtype:trojan-activity;sid:83684103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821002/; classtype:trojan-activity;sid:83684102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820996/; classtype:trojan-activity;sid:83684096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820997/; classtype:trojan-activity;sid:83684097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820998/; classtype:trojan-activity;sid:83684098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820999/; classtype:trojan-activity;sid:83684099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821000/; classtype:trojan-activity;sid:83684100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2821001/; classtype:trojan-activity;sid:83684101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_aarch64"; depth:14; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820995/; classtype:trojan-activity;sid:83684095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"154.12.85.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820994/; classtype:trojan-activity;sid:83684094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668839594|3f|hash=uts1kqldkowoxjxjeb5tza4cptzzrr8gyuld9tpzoe0|7c|26|7c|dl=p1nf1bbqsptrrdldn7ehlvzdb1twalmaol1tzhgggeg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820993/; classtype:trojan-activity;sid:83684093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ch5.txt"; depth:8; endswith; nocase; http.host; content:"87.120.84.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820992/; classtype:trojan-activity;sid:83684092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g.jpg"; depth:6; endswith; nocase; http.host; content:"87.120.84.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820991/; classtype:trojan-activity;sid:83684091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820990/; classtype:trojan-activity;sid:83684090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.9.72"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820989/; classtype:trojan-activity;sid:83684089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.164.233.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820988/; classtype:trojan-activity;sid:83684088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.45.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820987/; classtype:trojan-activity;sid:83684087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.66.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820986/; classtype:trojan-activity;sid:83684086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820985/; classtype:trojan-activity;sid:83684085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.6.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820984/; classtype:trojan-activity;sid:83684084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.74.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820983/; classtype:trojan-activity;sid:83684083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.125.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820982/; classtype:trojan-activity;sid:83684082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mips"; depth:10; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820981/; classtype:trojan-activity;sid:83684081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm"; depth:9; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820976/; classtype:trojan-activity;sid:83684076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.ppc"; depth:9; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820977/; classtype:trojan-activity;sid:83684077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86"; depth:9; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820978/; classtype:trojan-activity;sid:83684078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm7"; depth:10; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820979/; classtype:trojan-activity;sid:83684079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86_64"; depth:12; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820980/; classtype:trojan-activity;sid:83684080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mpsl"; depth:10; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820972/; classtype:trojan-activity;sid:83684072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.spc"; depth:9; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820973/; classtype:trojan-activity;sid:83684073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm6"; depth:10; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820974/; classtype:trojan-activity;sid:83684074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm5"; depth:10; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820975/; classtype:trojan-activity;sid:83684075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.m68k"; depth:10; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820971/; classtype:trojan-activity;sid:83684071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.sh4"; depth:9; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820970/; classtype:trojan-activity;sid:83684070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820966/; classtype:trojan-activity;sid:83684066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820967/; classtype:trojan-activity;sid:83684067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820968/; classtype:trojan-activity;sid:83684068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820969/; classtype:trojan-activity;sid:83684069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.235.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820964/; classtype:trojan-activity;sid:83684064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.82.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820965/; classtype:trojan-activity;sid:83684065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820959/; classtype:trojan-activity;sid:83684059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820960/; classtype:trojan-activity;sid:83684060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820961/; classtype:trojan-activity;sid:83684061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.208.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820962/; classtype:trojan-activity;sid:83684062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"93.123.85.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820963/; classtype:trojan-activity;sid:83684063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.6.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820958/; classtype:trojan-activity;sid:83684058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.130.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820957/; classtype:trojan-activity;sid:83684057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/android"; depth:8; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820956/; classtype:trojan-activity;sid:83684056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/killer"; depth:7; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820951/; classtype:trojan-activity;sid:83684051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820952/; classtype:trojan-activity;sid:83684052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820953/; classtype:trojan-activity;sid:83684053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820954/; classtype:trojan-activity;sid:83684054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820955/; classtype:trojan-activity;sid:83684055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820950/; classtype:trojan-activity;sid:83684050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820944/; classtype:trojan-activity;sid:83684044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/android"; depth:8; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820945/; classtype:trojan-activity;sid:83684045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820946/; classtype:trojan-activity;sid:83684046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820947/; classtype:trojan-activity;sid:83684047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/killer"; depth:7; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820948/; classtype:trojan-activity;sid:83684048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820949/; classtype:trojan-activity;sid:83684049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820939/; classtype:trojan-activity;sid:83684039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820940/; classtype:trojan-activity;sid:83684040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820941/; classtype:trojan-activity;sid:83684041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820942/; classtype:trojan-activity;sid:83684042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820943/; classtype:trojan-activity;sid:83684043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.221.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820938/; classtype:trojan-activity;sid:83684038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.82.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820937/; classtype:trojan-activity;sid:83684037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820934/; classtype:trojan-activity;sid:83684034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820935/; classtype:trojan-activity;sid:83684035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820936/; classtype:trojan-activity;sid:83684036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820927/; classtype:trojan-activity;sid:83684027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820928/; classtype:trojan-activity;sid:83684028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820929/; classtype:trojan-activity;sid:83684029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820930/; classtype:trojan-activity;sid:83684030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm5"; depth:10; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820931/; classtype:trojan-activity;sid:83684031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820932/; classtype:trojan-activity;sid:83684032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820933/; classtype:trojan-activity;sid:83684033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i486"; depth:9; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820925/; classtype:trojan-activity;sid:83684025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820926/; classtype:trojan-activity;sid:83684026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i686"; depth:9; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820924/; classtype:trojan-activity;sid:83684024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm4"; depth:9; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820922/; classtype:trojan-activity;sid:83684022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc440fp"; depth:13; endswith; nocase; http.host; content:"aiko-network.tech"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820923/; classtype:trojan-activity;sid:83684023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86_64"; depth:12; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820921/; classtype:trojan-activity;sid:83684021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.m68k"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820919/; classtype:trojan-activity;sid:83684019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm6"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820920/; classtype:trojan-activity;sid:83684020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mpsl"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820914/; classtype:trojan-activity;sid:83684014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.ppc440fp"; depth:14; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820915/; classtype:trojan-activity;sid:83684015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm7"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820916/; classtype:trojan-activity;sid:83684016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm5"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820917/; classtype:trojan-activity;sid:83684017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mips"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820918/; classtype:trojan-activity;sid:83684018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86"; depth:9; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820911/; classtype:trojan-activity;sid:83684011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.sh4"; depth:9; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820912/; classtype:trojan-activity;sid:83684012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.ppc"; depth:9; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820913/; classtype:trojan-activity;sid:83684013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820910/; classtype:trojan-activity;sid:83684010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm4"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820907/; classtype:trojan-activity;sid:83684007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.i486"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820908/; classtype:trojan-activity;sid:83684008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.i686"; depth:10; endswith; nocase; http.host; content:"103.237.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820909/; classtype:trojan-activity;sid:83684009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820906/; classtype:trojan-activity;sid:83684006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.104.55.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820905/; classtype:trojan-activity;sid:83684005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.139.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820904/; classtype:trojan-activity;sid:83684004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.178.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820903/; classtype:trojan-activity;sid:83684003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.65.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820902/; classtype:trojan-activity;sid:83684002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.219.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820901/; classtype:trojan-activity;sid:83684001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.236.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820900/; classtype:trojan-activity;sid:83684000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ant.txt"; depth:8; endswith; nocase; http.host; content:"185.216.70.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820895/; classtype:trojan-activity;sid:83683995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ib.jpg"; depth:8; endswith; nocase; http.host; content:"185.216.70.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820896/; classtype:trojan-activity;sid:83683996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v.txt"; depth:6; endswith; nocase; http.host; content:"185.216.70.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820897/; classtype:trojan-activity;sid:83683997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i4.txt"; depth:7; endswith; nocase; http.host; content:"185.216.70.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820898/; classtype:trojan-activity;sid:83683998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ib4.jpg"; depth:8; endswith; nocase; http.host; content:"185.216.70.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820899/; classtype:trojan-activity;sid:83683999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.txt"; depth:6; endswith; nocase; http.host; content:"185.216.70.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820894/; classtype:trojan-activity;sid:83683994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.143.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820893/; classtype:trojan-activity;sid:83683993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820891/; classtype:trojan-activity;sid:83683991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820892/; classtype:trojan-activity;sid:83683992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pndmzegm136.bin"; depth:16; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820880/; classtype:trojan-activity;sid:83683980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kqkdtvqknhmspnbvkg109.bin"; depth:26; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820881/; classtype:trojan-activity;sid:83683981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrvttakxiropistnm162.bin"; depth:25; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820882/; classtype:trojan-activity;sid:83683982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wofmxetfcgcvtxrdmpovmsjn29.bin"; depth:31; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820883/; classtype:trojan-activity;sid:83683983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qyaehjv88.bin"; depth:14; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820884/; classtype:trojan-activity;sid:83683984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bnzhypui137.bin"; depth:16; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820885/; classtype:trojan-activity;sid:83683985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huaqrnyeujfhzmatqy212.bin"; depth:26; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820886/; classtype:trojan-activity;sid:83683986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.58.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820887/; classtype:trojan-activity;sid:83683987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odfbbzf8.bin"; depth:13; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820888/; classtype:trojan-activity;sid:83683988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmsim192.bin"; depth:13; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820889/; classtype:trojan-activity;sid:83683989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sgegfem255.bin"; depth:15; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820890/; classtype:trojan-activity;sid:83683990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xztlw5.bin"; depth:11; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820878/; classtype:trojan-activity;sid:83683978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/werwt82.bin"; depth:12; endswith; nocase; http.host; content:"94.156.8.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820879/; classtype:trojan-activity;sid:83683979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.9.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820877/; classtype:trojan-activity;sid:83683977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.11.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820876/; classtype:trojan-activity;sid:83683976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.86.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820875/; classtype:trojan-activity;sid:83683975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.89.174.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820873/; classtype:trojan-activity;sid:83683973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.157.143.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820874/; classtype:trojan-activity;sid:83683974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820872/; classtype:trojan-activity;sid:83683972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atest/testr35tgjhjg.bat"; depth:24; endswith; nocase; http.host; content:"93.123.39.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820871/; classtype:trojan-activity;sid:83683971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atest/retf543.bat"; depth:18; endswith; nocase; http.host; content:"93.123.39.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820869/; classtype:trojan-activity;sid:83683969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atest/s%20-zn--%20-s.exe"; depth:25; endswith; nocase; http.host; content:"93.123.39.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820870/; classtype:trojan-activity;sid:83683970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atest/754abcd6.bat"; depth:19; endswith; nocase; http.host; content:"93.123.39.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820868/; classtype:trojan-activity;sid:83683968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atest/test.pdf"; depth:15; endswith; nocase; http.host; content:"93.123.39.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820867/; classtype:trojan-activity;sid:83683967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fucked/showtime.vbe"; depth:20; endswith; nocase; http.host; content:"93.123.39.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820866/; classtype:trojan-activity;sid:83683966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fucked/afile.vbe"; depth:17; endswith; nocase; http.host; content:"93.123.39.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820865/; classtype:trojan-activity;sid:83683965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.208.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820864/; classtype:trojan-activity;sid:83683964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.15.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820863/; classtype:trojan-activity;sid:83683963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.64.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820862/; classtype:trojan-activity;sid:83683962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820861/; classtype:trojan-activity;sid:83683961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.219.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820860/; classtype:trojan-activity;sid:83683960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.178.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820859/; classtype:trojan-activity;sid:83683959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.9.72"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820857/; classtype:trojan-activity;sid:83683957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.74.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820858/; classtype:trojan-activity;sid:83683958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.236.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820856/; classtype:trojan-activity;sid:83683956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.66.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820855/; classtype:trojan-activity;sid:83683955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820854/; classtype:trojan-activity;sid:83683954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.66.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820853/; classtype:trojan-activity;sid:83683953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.84.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820852/; classtype:trojan-activity;sid:83683952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.236.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820851/; classtype:trojan-activity;sid:83683951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.176.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820848/; classtype:trojan-activity;sid:83683948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.61.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820849/; classtype:trojan-activity;sid:83683949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.11.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820850/; classtype:trojan-activity;sid:83683950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.58.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820847/; classtype:trojan-activity;sid:83683947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.183.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820846/; classtype:trojan-activity;sid:83683946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820845/; classtype:trojan-activity;sid:83683945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.194.35.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820844/; classtype:trojan-activity;sid:83683944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.142.190.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820843/; classtype:trojan-activity;sid:83683943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820842/; classtype:trojan-activity;sid:83683942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.125.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820841/; classtype:trojan-activity;sid:83683941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.120.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820840/; classtype:trojan-activity;sid:83683940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.64.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820839/; classtype:trojan-activity;sid:83683939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.225.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820837/; classtype:trojan-activity;sid:83683937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.15.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820838/; classtype:trojan-activity;sid:83683938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.207.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820836/; classtype:trojan-activity;sid:83683936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.177.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820835/; classtype:trojan-activity;sid:83683935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820834/; classtype:trojan-activity;sid:83683934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.2.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820833/; classtype:trojan-activity;sid:83683933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.11.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820832/; classtype:trojan-activity;sid:83683932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1231360292168929434/1231360436591399053/sonic-glyder.zip|3f|ex=6636acc5|7c|26|7c|is=662437c5|7c|26|7c|hm=bb5b093b1f9c33519805e74620bf8f6b38207c15e80c7184b5225e0aab3b0c95|7c|26|7c|"; depth:192; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820831/; classtype:trojan-activity;sid:83683931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8mn2ag5f8zge8gzbz6onhsjoxozwq5ce7kkeb5pg8g5i7iy-xqeayf06lnaw4wekvv1ibtrlnvflubetlouoh54aqtrkn_w4lkuemtegnn9s3mcxtttcn4lfgoiclics6t2jghkqqjf9bbch65agtcybqoid6mwwfcszvhq4bpl/09i2olqneit2s3r/pl.sh"; depth:195; endswith; nocase; http.host; content:"download1588.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820830/; classtype:trojan-activity;sid:83683930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/google/windows_update.bat"; depth:26; endswith; nocase; http.host; content:"surgical-farming-ca.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820829/; classtype:trojan-activity;sid:83683929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/google/invoice/invoice-rvbsahop.lnk"; depth:36; endswith; nocase; http.host; content:"surgical-farming-ca.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820827/; classtype:trojan-activity;sid:83683927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.bat"; depth:9; endswith; nocase; http.host; content:"surgical-farming-ca.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820828/; classtype:trojan-activity;sid:83683928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester.sh"; depth:10; endswith; nocase; http.host; content:"94.156.79.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820826/; classtype:trojan-activity;sid:83683926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cjna1"; depth:6; endswith; nocase; http.host; content:"shorturl.at"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820825/; classtype:trojan-activity;sid:83683925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820824/; classtype:trojan-activity;sid:83683924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/underwars.rar"; depth:24; endswith; nocase; http.host; content:"under-wars.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820823/; classtype:trojan-activity;sid:83683923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.33.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820821/; classtype:trojan-activity;sid:83683921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.34.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820822/; classtype:trojan-activity;sid:83683922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.60.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820820/; classtype:trojan-activity;sid:83683920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.233.64.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820819/; classtype:trojan-activity;sid:83683919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.201.175.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820818/; classtype:trojan-activity;sid:83683918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820817/; classtype:trojan-activity;sid:83683917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.222.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820816/; classtype:trojan-activity;sid:83683916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.17.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820815/; classtype:trojan-activity;sid:83683915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.169.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820814/; classtype:trojan-activity;sid:83683914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.215.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820813/; classtype:trojan-activity;sid:83683913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.39.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820811/; classtype:trojan-activity;sid:83683911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.158.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820812/; classtype:trojan-activity;sid:83683912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.157.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820810/; classtype:trojan-activity;sid:83683910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.149.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820806/; classtype:trojan-activity;sid:83683906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.88.243.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820807/; classtype:trojan-activity;sid:83683907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.163.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820808/; classtype:trojan-activity;sid:83683908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.196.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820809/; classtype:trojan-activity;sid:83683909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.56.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820805/; classtype:trojan-activity;sid:83683905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.34.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820804/; classtype:trojan-activity;sid:83683904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.110.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820803/; classtype:trojan-activity;sid:83683903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.38.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820802/; classtype:trojan-activity;sid:83683902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.207.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820801/; classtype:trojan-activity;sid:83683901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.34.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820800/; classtype:trojan-activity;sid:83683900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.33.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820799/; classtype:trojan-activity;sid:83683899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.137.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820798/; classtype:trojan-activity;sid:83683898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.248.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820797/; classtype:trojan-activity;sid:83683897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.77.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820796/; classtype:trojan-activity;sid:83683896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820795/; classtype:trojan-activity;sid:83683895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820794/; classtype:trojan-activity;sid:83683894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.122.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820793/; classtype:trojan-activity;sid:83683893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.80.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820792/; classtype:trojan-activity;sid:83683892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.161.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820791/; classtype:trojan-activity;sid:83683891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.244.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820790/; classtype:trojan-activity;sid:83683890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.149.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820789/; classtype:trojan-activity;sid:83683889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.211.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820788/; classtype:trojan-activity;sid:83683888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.88.243.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820787/; classtype:trojan-activity;sid:83683887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.16.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820786/; classtype:trojan-activity;sid:83683886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820785/; classtype:trojan-activity;sid:83683885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.42.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820784/; classtype:trojan-activity;sid:83683884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.244.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820783/; classtype:trojan-activity;sid:83683883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820782/; classtype:trojan-activity;sid:83683882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"94.156.79.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820781/; classtype:trojan-activity;sid:83683881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.80.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820779/; classtype:trojan-activity;sid:83683879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.211.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820780/; classtype:trojan-activity;sid:83683880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.244.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820778/; classtype:trojan-activity;sid:83683878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.122.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820777/; classtype:trojan-activity;sid:83683877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820776/; classtype:trojan-activity;sid:83683876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.23.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820775/; classtype:trojan-activity;sid:83683875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.196.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820774/; classtype:trojan-activity;sid:83683874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.12.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820773/; classtype:trojan-activity;sid:83683873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.205.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820772/; classtype:trojan-activity;sid:83683872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.78.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820771/; classtype:trojan-activity;sid:83683871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.42.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820770/; classtype:trojan-activity;sid:83683870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.208.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820769/; classtype:trojan-activity;sid:83683869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.188.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820768/; classtype:trojan-activity;sid:83683868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.187.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820767/; classtype:trojan-activity;sid:83683867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820766/; classtype:trojan-activity;sid:83683866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.211.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820765/; classtype:trojan-activity;sid:83683865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.236.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820763/; classtype:trojan-activity;sid:83683863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.85.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820764/; classtype:trojan-activity;sid:83683864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.244.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820762/; classtype:trojan-activity;sid:83683862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.35.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820761/; classtype:trojan-activity;sid:83683861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820760/; classtype:trojan-activity;sid:83683860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.4.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820759/; classtype:trojan-activity;sid:83683859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820758/; classtype:trojan-activity;sid:83683858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.121.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820757/; classtype:trojan-activity;sid:83683857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820756/; classtype:trojan-activity;sid:83683856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.71.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820755/; classtype:trojan-activity;sid:83683855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.139.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820754/; classtype:trojan-activity;sid:83683854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.149.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820753/; classtype:trojan-activity;sid:83683853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.63.221.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820752/; classtype:trojan-activity;sid:83683852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.143.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820751/; classtype:trojan-activity;sid:83683851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.100.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820750/; classtype:trojan-activity;sid:83683850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.50.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820749/; classtype:trojan-activity;sid:83683849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.222.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820748/; classtype:trojan-activity;sid:83683848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.203.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820747/; classtype:trojan-activity;sid:83683847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820746/; classtype:trojan-activity;sid:83683846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.225.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820745/; classtype:trojan-activity;sid:83683845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.35.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820744/; classtype:trojan-activity;sid:83683844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820742/; classtype:trojan-activity;sid:83683842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.92.204.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820743/; classtype:trojan-activity;sid:83683843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.163.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820740/; classtype:trojan-activity;sid:83683840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"65.172.242.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820741/; classtype:trojan-activity;sid:83683841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.12.208.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820739/; classtype:trojan-activity;sid:83683839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820738/; classtype:trojan-activity;sid:83683838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.92.204.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820737/; classtype:trojan-activity;sid:83683837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.248.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820736/; classtype:trojan-activity;sid:83683836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.222.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820735/; classtype:trojan-activity;sid:83683835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820734/; classtype:trojan-activity;sid:83683834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.143.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820733/; classtype:trojan-activity;sid:83683833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.139.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820732/; classtype:trojan-activity;sid:83683832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.36.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820731/; classtype:trojan-activity;sid:83683831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820730/; classtype:trojan-activity;sid:83683830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.50.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820729/; classtype:trojan-activity;sid:83683829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.203.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820728/; classtype:trojan-activity;sid:83683828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.235.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820727/; classtype:trojan-activity;sid:83683827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820726/; classtype:trojan-activity;sid:83683826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820725/; classtype:trojan-activity;sid:83683825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.128.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820724/; classtype:trojan-activity;sid:83683824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.12.208.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820723/; classtype:trojan-activity;sid:83683823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.44.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820722/; classtype:trojan-activity;sid:83683822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820721/; classtype:trojan-activity;sid:83683821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.20.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820720/; classtype:trojan-activity;sid:83683820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.74.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820719/; classtype:trojan-activity;sid:83683819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.153.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820718/; classtype:trojan-activity;sid:83683818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.40.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820717/; classtype:trojan-activity;sid:83683817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.207.179.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820716/; classtype:trojan-activity;sid:83683816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.127.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820715/; classtype:trojan-activity;sid:83683815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.116.151.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820714/; classtype:trojan-activity;sid:83683814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820713/; classtype:trojan-activity;sid:83683813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.102.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820712/; classtype:trojan-activity;sid:83683812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.95.128.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820711/; classtype:trojan-activity;sid:83683811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.137.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820710/; classtype:trojan-activity;sid:83683810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.8.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820709/; classtype:trojan-activity;sid:83683809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.100.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820708/; classtype:trojan-activity;sid:83683808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820707/; classtype:trojan-activity;sid:83683807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.105.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820706/; classtype:trojan-activity;sid:83683806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.198.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820705/; classtype:trojan-activity;sid:83683805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820704/; classtype:trojan-activity;sid:83683804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.127.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820702/; classtype:trojan-activity;sid:83683802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.235.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820703/; classtype:trojan-activity;sid:83683803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.72.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820701/; classtype:trojan-activity;sid:83683801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.128.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820700/; classtype:trojan-activity;sid:83683800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.70.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820699/; classtype:trojan-activity;sid:83683799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.122.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820698/; classtype:trojan-activity;sid:83683798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.1.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820697/; classtype:trojan-activity;sid:83683797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.230.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820696/; classtype:trojan-activity;sid:83683796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.176.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820695/; classtype:trojan-activity;sid:83683795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.157.143.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820694/; classtype:trojan-activity;sid:83683794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.122.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820693/; classtype:trojan-activity;sid:83683793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"72.180.148.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820692/; classtype:trojan-activity;sid:83683792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.198.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820691/; classtype:trojan-activity;sid:83683791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.116.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820690/; classtype:trojan-activity;sid:83683790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.72.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820689/; classtype:trojan-activity;sid:83683789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.233.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820688/; classtype:trojan-activity;sid:83683788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.1.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820687/; classtype:trojan-activity;sid:83683787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.81.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820686/; classtype:trojan-activity;sid:83683786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.208.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820684/; classtype:trojan-activity;sid:83683784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.176.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820685/; classtype:trojan-activity;sid:83683785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.160.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820683/; classtype:trojan-activity;sid:83683783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.230.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820682/; classtype:trojan-activity;sid:83683782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.98.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820681/; classtype:trojan-activity;sid:83683781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820680/; classtype:trojan-activity;sid:83683780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.146.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820679/; classtype:trojan-activity;sid:83683779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820678/; classtype:trojan-activity;sid:83683778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"23.115.198.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820677/; classtype:trojan-activity;sid:83683777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.30.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820676/; classtype:trojan-activity;sid:83683776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820675/; classtype:trojan-activity;sid:83683775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.146.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820674/; classtype:trojan-activity;sid:83683774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820673/; classtype:trojan-activity;sid:83683773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.13.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820672/; classtype:trojan-activity;sid:83683772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.121.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820671/; classtype:trojan-activity;sid:83683771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.135.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820670/; classtype:trojan-activity;sid:83683770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.72.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820669/; classtype:trojan-activity;sid:83683769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.16.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820668/; classtype:trojan-activity;sid:83683768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.105.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820667/; classtype:trojan-activity;sid:83683767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.233.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820666/; classtype:trojan-activity;sid:83683766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.192.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820665/; classtype:trojan-activity;sid:83683765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.207.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820664/; classtype:trojan-activity;sid:83683764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.30.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820662/; classtype:trojan-activity;sid:83683762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820663/; classtype:trojan-activity;sid:83683763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.16.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820661/; classtype:trojan-activity;sid:83683761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.98.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820660/; classtype:trojan-activity;sid:83683760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.39.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820659/; classtype:trojan-activity;sid:83683759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.52.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820656/; classtype:trojan-activity;sid:83683756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.5.52.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820657/; classtype:trojan-activity;sid:83683757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.218.152.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.146.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820655/; classtype:trojan-activity;sid:83683755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820653/; classtype:trojan-activity;sid:83683753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.48.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820654/; classtype:trojan-activity;sid:83683754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.146.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820652/; classtype:trojan-activity;sid:83683752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.23.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820651/; classtype:trojan-activity;sid:83683751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.215.249.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820648/; classtype:trojan-activity;sid:83683748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820649/; classtype:trojan-activity;sid:83683749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.189.207.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820650/; classtype:trojan-activity;sid:83683750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.10.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820647/; classtype:trojan-activity;sid:83683747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.151.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820646/; classtype:trojan-activity;sid:83683746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.192.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820644/; classtype:trojan-activity;sid:83683744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.124.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820645/; classtype:trojan-activity;sid:83683745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.16.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820643/; classtype:trojan-activity;sid:83683743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.152.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820641/; classtype:trojan-activity;sid:83683741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.161.3.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820642/; classtype:trojan-activity;sid:83683742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820640/; classtype:trojan-activity;sid:83683740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.86.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820639/; classtype:trojan-activity;sid:83683739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.69.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820638/; classtype:trojan-activity;sid:83683738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.24.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820637/; classtype:trojan-activity;sid:83683737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.146.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820636/; classtype:trojan-activity;sid:83683736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.59.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820635/; classtype:trojan-activity;sid:83683735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.99.201.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820634/; classtype:trojan-activity;sid:83683734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.43.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820633/; classtype:trojan-activity;sid:83683733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.48.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820632/; classtype:trojan-activity;sid:83683732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820631/; classtype:trojan-activity;sid:83683731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.60.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820630/; classtype:trojan-activity;sid:83683730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.202.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820629/; classtype:trojan-activity;sid:83683729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.184.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820628/; classtype:trojan-activity;sid:83683728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.173.137.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820627/; classtype:trojan-activity;sid:83683727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.25.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820626/; classtype:trojan-activity;sid:83683726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.144.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820625/; classtype:trojan-activity;sid:83683725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.44.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820624/; classtype:trojan-activity;sid:83683724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/esa0xclp"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820623/; classtype:trojan-activity;sid:83683723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.152.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820622/; classtype:trojan-activity;sid:83683722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820621/; classtype:trojan-activity;sid:83683721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.254.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820620/; classtype:trojan-activity;sid:83683720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.77.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820619/; classtype:trojan-activity;sid:83683719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820618/; classtype:trojan-activity;sid:83683718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.232.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820617/; classtype:trojan-activity;sid:83683717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.74.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820616/; classtype:trojan-activity;sid:83683716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.59.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820615/; classtype:trojan-activity;sid:83683715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820614/; classtype:trojan-activity;sid:83683714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.28.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820613/; classtype:trojan-activity;sid:83683713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.108.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820612/; classtype:trojan-activity;sid:83683712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820611/; classtype:trojan-activity;sid:83683711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.242.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820610/; classtype:trojan-activity;sid:83683710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.235.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820609/; classtype:trojan-activity;sid:83683709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820608/; classtype:trojan-activity;sid:83683708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.59.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820607/; classtype:trojan-activity;sid:83683707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.52.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820606/; classtype:trojan-activity;sid:83683706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.77.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820605/; classtype:trojan-activity;sid:83683705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.5.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820604/; classtype:trojan-activity;sid:83683704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.7.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820602/; classtype:trojan-activity;sid:83683702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.43.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820603/; classtype:trojan-activity;sid:83683703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.236"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820601/; classtype:trojan-activity;sid:83683701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.134.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820600/; classtype:trojan-activity;sid:83683700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.111.26.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820599/; classtype:trojan-activity;sid:83683699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.95.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820598/; classtype:trojan-activity;sid:83683698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.195.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820597/; classtype:trojan-activity;sid:83683697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.127.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820596/; classtype:trojan-activity;sid:83683696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.38.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820594/; classtype:trojan-activity;sid:83683694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.30.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820595/; classtype:trojan-activity;sid:83683695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.20.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820591/; classtype:trojan-activity;sid:83683691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.6.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820592/; classtype:trojan-activity;sid:83683692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.191.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820593/; classtype:trojan-activity;sid:83683693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.24.25.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820590/; classtype:trojan-activity;sid:83683690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.7.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820589/; classtype:trojan-activity;sid:83683689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.46.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820588/; classtype:trojan-activity;sid:83683688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820587/; classtype:trojan-activity;sid:83683687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.spc"; depth:13; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820586/; classtype:trojan-activity;sid:83683686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.59.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820585/; classtype:trojan-activity;sid:83683685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.163.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820584/; classtype:trojan-activity;sid:83683684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.20.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820583/; classtype:trojan-activity;sid:83683683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668824497|3f|hash=gri5uopu0eaeby0znmpwbumgsqozdvey8hbilkfvzyl|7c|26|7c|dl=0avtpg133friaiahgia4bdogux5exxaull4zcvjhybo|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820582/; classtype:trojan-activity;sid:83683682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.155.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820581/; classtype:trojan-activity;sid:83683681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820580/; classtype:trojan-activity;sid:83683680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.223.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820578/; classtype:trojan-activity;sid:83683678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820579/; classtype:trojan-activity;sid:83683679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.180.220.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820577/; classtype:trojan-activity;sid:83683677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.136.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820575/; classtype:trojan-activity;sid:83683675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668824527|3f|hash=mxna2xwjo0pmgehuc3eoujnkybetcd5ylzl2q1thqwx|7c|26|7c|dl=l5dfq17qtzbt2tfxyavcamksoyojt2qcuply9j02hz4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820576/; classtype:trojan-activity;sid:83683676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.115.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820574/; classtype:trojan-activity;sid:83683674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.52.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820573/; classtype:trojan-activity;sid:83683673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.14.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820572/; classtype:trojan-activity;sid:83683672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.5.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820570/; classtype:trojan-activity;sid:83683670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.46.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820571/; classtype:trojan-activity;sid:83683671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.198.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820569/; classtype:trojan-activity;sid:83683669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.94.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820568/; classtype:trojan-activity;sid:83683668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.0.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820567/; classtype:trojan-activity;sid:83683667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.39.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820566/; classtype:trojan-activity;sid:83683666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.157.153.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820565/; classtype:trojan-activity;sid:83683665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.124.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820563/; classtype:trojan-activity;sid:83683663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.154.185.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820564/; classtype:trojan-activity;sid:83683664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.235.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820562/; classtype:trojan-activity;sid:83683662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.121.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820561/; classtype:trojan-activity;sid:83683661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.136.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820560/; classtype:trojan-activity;sid:83683660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.139.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820559/; classtype:trojan-activity;sid:83683659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.234.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820558/; classtype:trojan-activity;sid:83683658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.20.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820557/; classtype:trojan-activity;sid:83683657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.124.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820555/; classtype:trojan-activity;sid:83683655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.24.25.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820556/; classtype:trojan-activity;sid:83683656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.163.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820554/; classtype:trojan-activity;sid:83683654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.2.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820553/; classtype:trojan-activity;sid:83683653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.101.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820552/; classtype:trojan-activity;sid:83683652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.229.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820550/; classtype:trojan-activity;sid:83683650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.125.4.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820551/; classtype:trojan-activity;sid:83683651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820549/; classtype:trojan-activity;sid:83683649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.139.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820548/; classtype:trojan-activity;sid:83683648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820547/; classtype:trojan-activity;sid:83683647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.206.11.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820546/; classtype:trojan-activity;sid:83683646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820545/; classtype:trojan-activity;sid:83683645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.14.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820544/; classtype:trojan-activity;sid:83683644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.240.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820543/; classtype:trojan-activity;sid:83683643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777ssbb31.ppc"; depth:14; endswith; nocase; http.host; content:"62.72.191.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820542/; classtype:trojan-activity;sid:83683642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777ssbb31.mpsl"; depth:15; endswith; nocase; http.host; content:"62.72.191.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820536/; classtype:trojan-activity;sid:83683636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777ssbb31.x86"; depth:14; endswith; nocase; http.host; content:"62.72.191.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820537/; classtype:trojan-activity;sid:83683637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777ssbb31.x32"; depth:14; endswith; nocase; http.host; content:"62.72.191.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820538/; classtype:trojan-activity;sid:83683638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777ssbb31.arm6"; depth:15; endswith; nocase; http.host; content:"62.72.191.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820539/; classtype:trojan-activity;sid:83683639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777ssbb31.sh4"; depth:14; endswith; nocase; http.host; content:"62.72.191.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820540/; classtype:trojan-activity;sid:83683640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777ssbb31.mips"; depth:15; endswith; nocase; http.host; content:"62.72.191.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820541/; classtype:trojan-activity;sid:83683641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.45.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820535/; classtype:trojan-activity;sid:83683635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.125.4.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820534/; classtype:trojan-activity;sid:83683634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.198.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820533/; classtype:trojan-activity;sid:83683633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.206.11.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820532/; classtype:trojan-activity;sid:83683632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.120.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820530/; classtype:trojan-activity;sid:83683630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.0.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820531/; classtype:trojan-activity;sid:83683631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.121.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820529/; classtype:trojan-activity;sid:83683629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.6.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820528/; classtype:trojan-activity;sid:83683628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.196.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820527/; classtype:trojan-activity;sid:83683627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.174.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820526/; classtype:trojan-activity;sid:83683626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.247.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820525/; classtype:trojan-activity;sid:83683625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.146.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820524/; classtype:trojan-activity;sid:83683624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamiform.pfm"; depth:13; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820522/; classtype:trojan-activity;sid:83683622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vddelbsbanerne.jpb"; depth:19; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820523/; classtype:trojan-activity;sid:83683623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtexzzndaxdvvlckccivf127.bin"; depth:29; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820518/; classtype:trojan-activity;sid:83683618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kvrpypxycvnstooeadg247.bin"; depth:27; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820519/; classtype:trojan-activity;sid:83683619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subtribes.inf"; depth:14; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820520/; classtype:trojan-activity;sid:83683620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.39.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820521/; classtype:trojan-activity;sid:83683621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.208.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820517/; classtype:trojan-activity;sid:83683617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820516/; classtype:trojan-activity;sid:83683616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.80.145.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820515/; classtype:trojan-activity;sid:83683615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.211.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820514/; classtype:trojan-activity;sid:83683614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.40.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820513/; classtype:trojan-activity;sid:83683613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820512/; classtype:trojan-activity;sid:83683612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.240.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820511/; classtype:trojan-activity;sid:83683611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.11.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820510/; classtype:trojan-activity;sid:83683610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.45.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820509/; classtype:trojan-activity;sid:83683609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.204.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820508/; classtype:trojan-activity;sid:83683608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.sh4"; depth:13; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820501/; classtype:trojan-activity;sid:83683601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mips"; depth:14; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820502/; classtype:trojan-activity;sid:83683602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm7"; depth:14; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820503/; classtype:trojan-activity;sid:83683603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.ppc"; depth:13; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820504/; classtype:trojan-activity;sid:83683604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mpsl"; depth:14; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820505/; classtype:trojan-activity;sid:83683605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.x86"; depth:13; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820506/; classtype:trojan-activity;sid:83683606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm"; depth:13; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820507/; classtype:trojan-activity;sid:83683607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm5"; depth:14; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820498/; classtype:trojan-activity;sid:83683598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm6"; depth:14; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820499/; classtype:trojan-activity;sid:83683599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.m68k"; depth:14; endswith; nocase; http.host; content:"94.156.71.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820500/; classtype:trojan-activity;sid:83683600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.177.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820497/; classtype:trojan-activity;sid:83683597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820496/; classtype:trojan-activity;sid:83683596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.128.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820495/; classtype:trojan-activity;sid:83683595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820494/; classtype:trojan-activity;sid:83683594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.2.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820493/; classtype:trojan-activity;sid:83683593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.247.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820492/; classtype:trojan-activity;sid:83683592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.56.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820491/; classtype:trojan-activity;sid:83683591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.20.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820489/; classtype:trojan-activity;sid:83683589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.201.2.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820490/; classtype:trojan-activity;sid:83683590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.148.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820488/; classtype:trojan-activity;sid:83683588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.146.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820487/; classtype:trojan-activity;sid:83683587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.203.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820486/; classtype:trojan-activity;sid:83683586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.168.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820485/; classtype:trojan-activity;sid:83683585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.84.177"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820484/; classtype:trojan-activity;sid:83683584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.71.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820483/; classtype:trojan-activity;sid:83683583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.188.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820482/; classtype:trojan-activity;sid:83683582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820481/; classtype:trojan-activity;sid:83683581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777ssbb31.sh"; depth:13; endswith; nocase; http.host; content:"62.72.191.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820479/; classtype:trojan-activity;sid:83683579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.204.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820480/; classtype:trojan-activity;sid:83683580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.218.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820478/; classtype:trojan-activity;sid:83683578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820477/; classtype:trojan-activity;sid:83683577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820476/; classtype:trojan-activity;sid:83683576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.80.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820475/; classtype:trojan-activity;sid:83683575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.198.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820474/; classtype:trojan-activity;sid:83683574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.27.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820473/; classtype:trojan-activity;sid:83683573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.148.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820472/; classtype:trojan-activity;sid:83683572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820471/; classtype:trojan-activity;sid:83683571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.225.152.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820470/; classtype:trojan-activity;sid:83683570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.252.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820469/; classtype:trojan-activity;sid:83683569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820468/; classtype:trojan-activity;sid:83683568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.38.194.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820467/; classtype:trojan-activity;sid:83683567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820466/; classtype:trojan-activity;sid:83683566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.6.67"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820465/; classtype:trojan-activity;sid:83683565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.46.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820464/; classtype:trojan-activity;sid:83683564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.168.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820463/; classtype:trojan-activity;sid:83683563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.198.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820462/; classtype:trojan-activity;sid:83683562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820461/; classtype:trojan-activity;sid:83683561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820460/; classtype:trojan-activity;sid:83683560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.28.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820458/; classtype:trojan-activity;sid:83683558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.186.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820459/; classtype:trojan-activity;sid:83683559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.101.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820457/; classtype:trojan-activity;sid:83683557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.95.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820456/; classtype:trojan-activity;sid:83683556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820455/; classtype:trojan-activity;sid:83683555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.151.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820454/; classtype:trojan-activity;sid:83683554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.207.188.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820453/; classtype:trojan-activity;sid:83683553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.84.61.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820451/; classtype:trojan-activity;sid:83683551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.32.4.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820452/; classtype:trojan-activity;sid:83683552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.216.64.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820450/; classtype:trojan-activity;sid:83683550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.173.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820449/; classtype:trojan-activity;sid:83683549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.178.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820448/; classtype:trojan-activity;sid:83683548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820447/; classtype:trojan-activity;sid:83683547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.151.32.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820446/; classtype:trojan-activity;sid:83683546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.101.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820445/; classtype:trojan-activity;sid:83683545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820444/; classtype:trojan-activity;sid:83683544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.46.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820443/; classtype:trojan-activity;sid:83683543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.28.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820442/; classtype:trojan-activity;sid:83683542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820441/; classtype:trojan-activity;sid:83683541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.122.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820440/; classtype:trojan-activity;sid:83683540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.46.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820439/; classtype:trojan-activity;sid:83683539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.42.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820438/; classtype:trojan-activity;sid:83683538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820437/; classtype:trojan-activity;sid:83683537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820436/; classtype:trojan-activity;sid:83683536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.180.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820435/; classtype:trojan-activity;sid:83683535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820434/; classtype:trojan-activity;sid:83683534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.203.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820432/; classtype:trojan-activity;sid:83683532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.150.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820433/; classtype:trojan-activity;sid:83683533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.143.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820431/; classtype:trojan-activity;sid:83683531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.173.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820430/; classtype:trojan-activity;sid:83683530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.238.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820429/; classtype:trojan-activity;sid:83683529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.57.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820428/; classtype:trojan-activity;sid:83683528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.134.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820427/; classtype:trojan-activity;sid:83683527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.65.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820426/; classtype:trojan-activity;sid:83683526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820425/; classtype:trojan-activity;sid:83683525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.112.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820424/; classtype:trojan-activity;sid:83683524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.176.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820423/; classtype:trojan-activity;sid:83683523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820422/; classtype:trojan-activity;sid:83683522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.193.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820421/; classtype:trojan-activity;sid:83683521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.218.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820420/; classtype:trojan-activity;sid:83683520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.112.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820419/; classtype:trojan-activity;sid:83683519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.253.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820418/; classtype:trojan-activity;sid:83683518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.94.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820417/; classtype:trojan-activity;sid:83683517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.106.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820416/; classtype:trojan-activity;sid:83683516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.39.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820415/; classtype:trojan-activity;sid:83683515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.186.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820414/; classtype:trojan-activity;sid:83683514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.248.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820413/; classtype:trojan-activity;sid:83683513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.241.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820412/; classtype:trojan-activity;sid:83683512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.43.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820411/; classtype:trojan-activity;sid:83683511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.138.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820410/; classtype:trojan-activity;sid:83683510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.39.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820409/; classtype:trojan-activity;sid:83683509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.134.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820408/; classtype:trojan-activity;sid:83683508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.220.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820407/; classtype:trojan-activity;sid:83683507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.33.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820406/; classtype:trojan-activity;sid:83683506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820405/; classtype:trojan-activity;sid:83683505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.176.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820404/; classtype:trojan-activity;sid:83683504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820402/; classtype:trojan-activity;sid:83683502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.230.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820403/; classtype:trojan-activity;sid:83683503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.239.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820401/; classtype:trojan-activity;sid:83683501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.66.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820400/; classtype:trojan-activity;sid:83683500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.112.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820399/; classtype:trojan-activity;sid:83683499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820398/; classtype:trojan-activity;sid:83683498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.218.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820397/; classtype:trojan-activity;sid:83683497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.59.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820396/; classtype:trojan-activity;sid:83683496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.241.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820395/; classtype:trojan-activity;sid:83683495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.253.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820394/; classtype:trojan-activity;sid:83683494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.6.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820391/; classtype:trojan-activity;sid:83683491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820392/; classtype:trojan-activity;sid:83683492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.33.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820393/; classtype:trojan-activity;sid:83683493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.185.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820390/; classtype:trojan-activity;sid:83683490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.113.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820389/; classtype:trojan-activity;sid:83683489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.191.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820388/; classtype:trojan-activity;sid:83683488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.60.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820386/; classtype:trojan-activity;sid:83683486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.40.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820387/; classtype:trojan-activity;sid:83683487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.211.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820385/; classtype:trojan-activity;sid:83683485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.39.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820384/; classtype:trojan-activity;sid:83683484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.46.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820383/; classtype:trojan-activity;sid:83683483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"103.211.56.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820382/; classtype:trojan-activity;sid:83683482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820381/; classtype:trojan-activity;sid:83683481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.240.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820380/; classtype:trojan-activity;sid:83683480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.46.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820379/; classtype:trojan-activity;sid:83683479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"90.63.155.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820378/; classtype:trojan-activity;sid:83683478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.66.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820377/; classtype:trojan-activity;sid:83683477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.232.208.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820376/; classtype:trojan-activity;sid:83683476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.17.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820375/; classtype:trojan-activity;sid:83683475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820374/; classtype:trojan-activity;sid:83683474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.218.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820373/; classtype:trojan-activity;sid:83683473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.0.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820372/; classtype:trojan-activity;sid:83683472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.208.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820371/; classtype:trojan-activity;sid:83683471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.154.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820369/; classtype:trojan-activity;sid:83683469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.22.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820370/; classtype:trojan-activity;sid:83683470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.6.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820367/; classtype:trojan-activity;sid:83683467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.40.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820368/; classtype:trojan-activity;sid:83683468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820366/; classtype:trojan-activity;sid:83683466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.112.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820365/; classtype:trojan-activity;sid:83683465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820364/; classtype:trojan-activity;sid:83683464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.101.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820363/; classtype:trojan-activity;sid:83683463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.155.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820362/; classtype:trojan-activity;sid:83683462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.150.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820361/; classtype:trojan-activity;sid:83683461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.150.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820360/; classtype:trojan-activity;sid:83683460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.170.216.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820359/; classtype:trojan-activity;sid:83683459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.97.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820358/; classtype:trojan-activity;sid:83683458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.82.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820357/; classtype:trojan-activity;sid:83683457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820356/; classtype:trojan-activity;sid:83683456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.154.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820355/; classtype:trojan-activity;sid:83683455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.189.20.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820354/; classtype:trojan-activity;sid:83683454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.17.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820353/; classtype:trojan-activity;sid:83683453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.13.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820352/; classtype:trojan-activity;sid:83683452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.57.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820351/; classtype:trojan-activity;sid:83683451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.13.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820350/; classtype:trojan-activity;sid:83683450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.69.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820349/; classtype:trojan-activity;sid:83683449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.0.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820348/; classtype:trojan-activity;sid:83683448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.14.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820347/; classtype:trojan-activity;sid:83683447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.188.4.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820346/; classtype:trojan-activity;sid:83683446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.43.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820345/; classtype:trojan-activity;sid:83683445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.41.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820344/; classtype:trojan-activity;sid:83683444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.30.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820343/; classtype:trojan-activity;sid:83683443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820342/; classtype:trojan-activity;sid:83683442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.90.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820341/; classtype:trojan-activity;sid:83683441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820340/; classtype:trojan-activity;sid:83683440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.212"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820339/; classtype:trojan-activity;sid:83683439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.227.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820338/; classtype:trojan-activity;sid:83683438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820337/; classtype:trojan-activity;sid:83683437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.82.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820336/; classtype:trojan-activity;sid:83683436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.167.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820335/; classtype:trojan-activity;sid:83683435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.229.55.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820333/; classtype:trojan-activity;sid:83683433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.189.20.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820334/; classtype:trojan-activity;sid:83683434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.130.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820332/; classtype:trojan-activity;sid:83683432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820331/; classtype:trojan-activity;sid:83683431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.177.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820330/; classtype:trojan-activity;sid:83683430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.84.61.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820329/; classtype:trojan-activity;sid:83683429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.227.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820328/; classtype:trojan-activity;sid:83683428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820327/; classtype:trojan-activity;sid:83683427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820326/; classtype:trojan-activity;sid:83683426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.14.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820325/; classtype:trojan-activity;sid:83683425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.3.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820324/; classtype:trojan-activity;sid:83683424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820323/; classtype:trojan-activity;sid:83683423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.167.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820322/; classtype:trojan-activity;sid:83683422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.216.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820321/; classtype:trojan-activity;sid:83683421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.215.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820319/; classtype:trojan-activity;sid:83683419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.90.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820320/; classtype:trojan-activity;sid:83683420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/current.exe"; depth:12; endswith; nocase; http.host; content:"changeswithflowers.shop"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820318/; classtype:trojan-activity;sid:83683418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820317/; classtype:trojan-activity;sid:83683417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.55.151.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820316/; classtype:trojan-activity;sid:83683416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.229.55.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820315/; classtype:trojan-activity;sid:83683415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tenda.sh"; depth:9; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820312/; classtype:trojan-activity;sid:83683412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.14.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820313/; classtype:trojan-activity;sid:83683413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.148.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820314/; classtype:trojan-activity;sid:83683414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/telnet"; depth:20; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820297/; classtype:trojan-activity;sid:83683397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/sshd"; depth:18; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820298/; classtype:trojan-activity;sid:83683398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/pub"; depth:17; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820299/; classtype:trojan-activity;sid:83683399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/bashd"; depth:19; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820300/; classtype:trojan-activity;sid:83683400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/ftp1.sh"; depth:21; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820301/; classtype:trojan-activity;sid:83683401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/pc"; depth:16; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820302/; classtype:trojan-activity;sid:83683402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/bash"; depth:18; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820303/; classtype:trojan-activity;sid:83683403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/ps"; depth:16; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820304/; classtype:trojan-activity;sid:83683404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/telnetd"; depth:21; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820305/; classtype:trojan-activity;sid:83683405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/var"; depth:17; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820306/; classtype:trojan-activity;sid:83683406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/curl"; depth:18; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820307/; classtype:trojan-activity;sid:83683407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/nano"; depth:18; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820308/; classtype:trojan-activity;sid:83683408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/tftpd"; depth:19; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820309/; classtype:trojan-activity;sid:83683409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/ssh"; depth:17; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820310/; classtype:trojan-activity;sid:83683410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.58.95.131/cat"; depth:17; endswith; nocase; http.host; content:"ftp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820311/; classtype:trojan-activity;sid:83683411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.117.189.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820296/; classtype:trojan-activity;sid:83683396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"218.59.30.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820295/; classtype:trojan-activity;sid:83683395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.202.236.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820294/; classtype:trojan-activity;sid:83683394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.237.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820293/; classtype:trojan-activity;sid:83683393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.22.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820292/; classtype:trojan-activity;sid:83683392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.169.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820291/; classtype:trojan-activity;sid:83683391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820290/; classtype:trojan-activity;sid:83683390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.239.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820289/; classtype:trojan-activity;sid:83683389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.229.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820288/; classtype:trojan-activity;sid:83683388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.47.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820287/; classtype:trojan-activity;sid:83683387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820286/; classtype:trojan-activity;sid:83683386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.216.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820285/; classtype:trojan-activity;sid:83683385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.3.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820284/; classtype:trojan-activity;sid:83683384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.215.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820283/; classtype:trojan-activity;sid:83683383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820282/; classtype:trojan-activity;sid:83683382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.95.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820281/; classtype:trojan-activity;sid:83683381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.55.13.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820280/; classtype:trojan-activity;sid:83683380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.14.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820279/; classtype:trojan-activity;sid:83683379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.107.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820278/; classtype:trojan-activity;sid:83683378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.119.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820277/; classtype:trojan-activity;sid:83683377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.76.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820275/; classtype:trojan-activity;sid:83683375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.146.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820276/; classtype:trojan-activity;sid:83683376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.105.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820273/; classtype:trojan-activity;sid:83683373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.201.138.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820274/; classtype:trojan-activity;sid:83683374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.18.12.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820272/; classtype:trojan-activity;sid:83683372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820271/; classtype:trojan-activity;sid:83683371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.177.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820270/; classtype:trojan-activity;sid:83683370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.102.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820269/; classtype:trojan-activity;sid:83683369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.47.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820268/; classtype:trojan-activity;sid:83683368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820266/; classtype:trojan-activity;sid:83683366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820267/; classtype:trojan-activity;sid:83683367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.39.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820265/; classtype:trojan-activity;sid:83683365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.232.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820264/; classtype:trojan-activity;sid:83683364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820263/; classtype:trojan-activity;sid:83683363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.22.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820262/; classtype:trojan-activity;sid:83683362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"158.255.82.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820261/; classtype:trojan-activity;sid:83683361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.80.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820260/; classtype:trojan-activity;sid:83683360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.121.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820259/; classtype:trojan-activity;sid:83683359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820258/; classtype:trojan-activity;sid:83683358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.146.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820257/; classtype:trojan-activity;sid:83683357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.135.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820256/; classtype:trojan-activity;sid:83683356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.198.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820255/; classtype:trojan-activity;sid:83683355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.169.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820254/; classtype:trojan-activity;sid:83683354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.80.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820253/; classtype:trojan-activity;sid:83683353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.76.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820252/; classtype:trojan-activity;sid:83683352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.91.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820251/; classtype:trojan-activity;sid:83683351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.143.32.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820250/; classtype:trojan-activity;sid:83683350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"168.195.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820249/; classtype:trojan-activity;sid:83683349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820248/; classtype:trojan-activity;sid:83683348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.165.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820247/; classtype:trojan-activity;sid:83683347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.172.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820246/; classtype:trojan-activity;sid:83683346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.73.3.138"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820245/; classtype:trojan-activity;sid:83683345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.166.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820244/; classtype:trojan-activity;sid:83683344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.250.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820243/; classtype:trojan-activity;sid:83683343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.68.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820242/; classtype:trojan-activity;sid:83683342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.232.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820241/; classtype:trojan-activity;sid:83683341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.42.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820240/; classtype:trojan-activity;sid:83683340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.197.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820239/; classtype:trojan-activity;sid:83683339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.121.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820238/; classtype:trojan-activity;sid:83683338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.238.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820237/; classtype:trojan-activity;sid:83683337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.47.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820236/; classtype:trojan-activity;sid:83683336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.68.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820235/; classtype:trojan-activity;sid:83683335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.65.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820234/; classtype:trojan-activity;sid:83683334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.178.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820233/; classtype:trojan-activity;sid:83683333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.80.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820232/; classtype:trojan-activity;sid:83683332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.121.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820230/; classtype:trojan-activity;sid:83683330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.198.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820231/; classtype:trojan-activity;sid:83683331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820229/; classtype:trojan-activity;sid:83683329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.133.94.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820228/; classtype:trojan-activity;sid:83683328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.171.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820227/; classtype:trojan-activity;sid:83683327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.61.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820226/; classtype:trojan-activity;sid:83683326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.166.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820225/; classtype:trojan-activity;sid:83683325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.238.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820224/; classtype:trojan-activity;sid:83683324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.143.32.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820223/; classtype:trojan-activity;sid:83683323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.46.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820222/; classtype:trojan-activity;sid:83683322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.212.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820221/; classtype:trojan-activity;sid:83683321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.209.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820220/; classtype:trojan-activity;sid:83683320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820219/; classtype:trojan-activity;sid:83683319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820218/; classtype:trojan-activity;sid:83683318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820217/; classtype:trojan-activity;sid:83683317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820216/; classtype:trojan-activity;sid:83683316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820215/; classtype:trojan-activity;sid:83683315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.168.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820214/; classtype:trojan-activity;sid:83683314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.180.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820213/; classtype:trojan-activity;sid:83683313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.186.233.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820212/; classtype:trojan-activity;sid:83683312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820211/; classtype:trojan-activity;sid:83683311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.42.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820210/; classtype:trojan-activity;sid:83683310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.160.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820209/; classtype:trojan-activity;sid:83683309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.61.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820208/; classtype:trojan-activity;sid:83683308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820207/; classtype:trojan-activity;sid:83683307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.96.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820206/; classtype:trojan-activity;sid:83683306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.116.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820205/; classtype:trojan-activity;sid:83683305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.163.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820204/; classtype:trojan-activity;sid:83683304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.124.41.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820203/; classtype:trojan-activity;sid:83683303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.252.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820202/; classtype:trojan-activity;sid:83683302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.101.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820201/; classtype:trojan-activity;sid:83683301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.171.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820199/; classtype:trojan-activity;sid:83683299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.241.227.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820200/; classtype:trojan-activity;sid:83683300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820198/; classtype:trojan-activity;sid:83683298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.133.94.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820197/; classtype:trojan-activity;sid:83683297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.163.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820196/; classtype:trojan-activity;sid:83683296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.227.235.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820195/; classtype:trojan-activity;sid:83683295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.172.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820194/; classtype:trojan-activity;sid:83683294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820193/; classtype:trojan-activity;sid:83683293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.160.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820191/; classtype:trojan-activity;sid:83683291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.164.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820192/; classtype:trojan-activity;sid:83683292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.61.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820190/; classtype:trojan-activity;sid:83683290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820189/; classtype:trojan-activity;sid:83683289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.209.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820188/; classtype:trojan-activity;sid:83683288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.186.233.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820187/; classtype:trojan-activity;sid:83683287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.247.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820186/; classtype:trojan-activity;sid:83683286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.43.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820185/; classtype:trojan-activity;sid:83683285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820184/; classtype:trojan-activity;sid:83683284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.29.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820183/; classtype:trojan-activity;sid:83683283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.244.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820182/; classtype:trojan-activity;sid:83683282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820181/; classtype:trojan-activity;sid:83683281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.135.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820180/; classtype:trojan-activity;sid:83683280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.10.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820179/; classtype:trojan-activity;sid:83683279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820178/; classtype:trojan-activity;sid:83683278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.164.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820177/; classtype:trojan-activity;sid:83683277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.148.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820176/; classtype:trojan-activity;sid:83683276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.252.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820175/; classtype:trojan-activity;sid:83683275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.135.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820173/; classtype:trojan-activity;sid:83683273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.227.235.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820174/; classtype:trojan-activity;sid:83683274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.21.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820172/; classtype:trojan-activity;sid:83683272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.5.6.85"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820171/; classtype:trojan-activity;sid:83683271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.172.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820170/; classtype:trojan-activity;sid:83683270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.247.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820169/; classtype:trojan-activity;sid:83683269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.9.125.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820168/; classtype:trojan-activity;sid:83683268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.148.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820167/; classtype:trojan-activity;sid:83683267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.88.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820166/; classtype:trojan-activity;sid:83683266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.240.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820165/; classtype:trojan-activity;sid:83683265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820164/; classtype:trojan-activity;sid:83683264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.76.184.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820163/; classtype:trojan-activity;sid:83683263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.215.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820162/; classtype:trojan-activity;sid:83683262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lander/file_294/setup294.exe"; depth:29; endswith; nocase; http.host; content:"palberryslicker.sbs"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820161/; classtype:trojan-activity;sid:83683261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.119.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820160/; classtype:trojan-activity;sid:83683260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.28.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820159/; classtype:trojan-activity;sid:83683259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.29.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820158/; classtype:trojan-activity;sid:83683258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.93.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820156/; classtype:trojan-activity;sid:83683256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.61.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820157/; classtype:trojan-activity;sid:83683257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.43.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820155/; classtype:trojan-activity;sid:83683255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.188.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820154/; classtype:trojan-activity;sid:83683254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820153/; classtype:trojan-activity;sid:83683253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.13.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820152/; classtype:trojan-activity;sid:83683252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820151/; classtype:trojan-activity;sid:83683251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.161.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820150/; classtype:trojan-activity;sid:83683250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.125.38.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820149/; classtype:trojan-activity;sid:83683249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.135.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820148/; classtype:trojan-activity;sid:83683248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.63.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820147/; classtype:trojan-activity;sid:83683247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.93.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820146/; classtype:trojan-activity;sid:83683246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.52.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820145/; classtype:trojan-activity;sid:83683245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.98.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820144/; classtype:trojan-activity;sid:83683244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820143/; classtype:trojan-activity;sid:83683243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.61.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820142/; classtype:trojan-activity;sid:83683242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820141/; classtype:trojan-activity;sid:83683241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.218.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820140/; classtype:trojan-activity;sid:83683240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.28.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820139/; classtype:trojan-activity;sid:83683239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.119.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820138/; classtype:trojan-activity;sid:83683238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.111.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820137/; classtype:trojan-activity;sid:83683237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.7.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820136/; classtype:trojan-activity;sid:83683236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.70.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820135/; classtype:trojan-activity;sid:83683235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.85.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820134/; classtype:trojan-activity;sid:83683234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.213.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820133/; classtype:trojan-activity;sid:83683233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl.nk"; depth:8; endswith; nocase; http.host; content:"46.23.108.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820132/; classtype:trojan-activity;sid:83683232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.88.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820131/; classtype:trojan-activity;sid:83683231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.211.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820130/; classtype:trojan-activity;sid:83683230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.52.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820129/; classtype:trojan-activity;sid:83683229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.57.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820128/; classtype:trojan-activity;sid:83683228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.63.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820127/; classtype:trojan-activity;sid:83683227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.230.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820126/; classtype:trojan-activity;sid:83683226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.52.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820125/; classtype:trojan-activity;sid:83683225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.169.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820124/; classtype:trojan-activity;sid:83683224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"46.23.108.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820122/; classtype:trojan-activity;sid:83683222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.98.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820123/; classtype:trojan-activity;sid:83683223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.61.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820121/; classtype:trojan-activity;sid:83683221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.52.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820120/; classtype:trojan-activity;sid:83683220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.69.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820119/; classtype:trojan-activity;sid:83683219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.119.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820118/; classtype:trojan-activity;sid:83683218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.4.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820117/; classtype:trojan-activity;sid:83683217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820116/; classtype:trojan-activity;sid:83683216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.110.193.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820115/; classtype:trojan-activity;sid:83683215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.85.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820113/; classtype:trojan-activity;sid:83683213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.149.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820114/; classtype:trojan-activity;sid:83683214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.167.253.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820112/; classtype:trojan-activity;sid:83683212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.255.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820111/; classtype:trojan-activity;sid:83683211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.70.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820110/; classtype:trojan-activity;sid:83683210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.111.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820109/; classtype:trojan-activity;sid:83683209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.213.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820108/; classtype:trojan-activity;sid:83683208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.57.250.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820107/; classtype:trojan-activity;sid:83683207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.51.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820106/; classtype:trojan-activity;sid:83683206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.41.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820105/; classtype:trojan-activity;sid:83683205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.57.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820104/; classtype:trojan-activity;sid:83683204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820103/; classtype:trojan-activity;sid:83683203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.223.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820102/; classtype:trojan-activity;sid:83683202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.101.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820101/; classtype:trojan-activity;sid:83683201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.144.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820100/; classtype:trojan-activity;sid:83683200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.56.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820099/; classtype:trojan-activity;sid:83683199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820098/; classtype:trojan-activity;sid:83683198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820097/; classtype:trojan-activity;sid:83683197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.162.73.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820096/; classtype:trojan-activity;sid:83683196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820095/; classtype:trojan-activity;sid:83683195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.176.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820094/; classtype:trojan-activity;sid:83683194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.229.245.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820093/; classtype:trojan-activity;sid:83683193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.52.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820091/; classtype:trojan-activity;sid:83683191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.192.207.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820092/; classtype:trojan-activity;sid:83683192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.237.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820090/; classtype:trojan-activity;sid:83683190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.59.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820089/; classtype:trojan-activity;sid:83683189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.216.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820088/; classtype:trojan-activity;sid:83683188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.106.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820087/; classtype:trojan-activity;sid:83683187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.41.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820086/; classtype:trojan-activity;sid:83683186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.223.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820085/; classtype:trojan-activity;sid:83683185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.169.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820084/; classtype:trojan-activity;sid:83683184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.51.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820083/; classtype:trojan-activity;sid:83683183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.215.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820082/; classtype:trojan-activity;sid:83683182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.37.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820081/; classtype:trojan-activity;sid:83683181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.212.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820080/; classtype:trojan-activity;sid:83683180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668627934|3f|hash=kocsmbd2hjdtg4dlhdjgocsrhopcjeutnrte86dnj0k|7c|26|7c|dl=iww1iftfzy3zyhwq5epg2tbpwfobrewehgjv5j216id|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820079/; classtype:trojan-activity;sid:83683179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820078/; classtype:trojan-activity;sid:83683178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.176.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820077/; classtype:trojan-activity;sid:83683177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.190.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820076/; classtype:trojan-activity;sid:83683176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.106.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820075/; classtype:trojan-activity;sid:83683175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.203.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820074/; classtype:trojan-activity;sid:83683174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.52.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820073/; classtype:trojan-activity;sid:83683173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.212.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820072/; classtype:trojan-activity;sid:83683172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.46.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820071/; classtype:trojan-activity;sid:83683171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820070/; classtype:trojan-activity;sid:83683170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.58.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820069/; classtype:trojan-activity;sid:83683169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820068/; classtype:trojan-activity;sid:83683168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.129.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820067/; classtype:trojan-activity;sid:83683167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.191.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820066/; classtype:trojan-activity;sid:83683166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.67.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820065/; classtype:trojan-activity;sid:83683165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820064/; classtype:trojan-activity;sid:83683164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.229.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820063/; classtype:trojan-activity;sid:83683163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.190.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820062/; classtype:trojan-activity;sid:83683162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.251.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820061/; classtype:trojan-activity;sid:83683161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.158.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820060/; classtype:trojan-activity;sid:83683160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.184.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820059/; classtype:trojan-activity;sid:83683159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.131.198.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820058/; classtype:trojan-activity;sid:83683158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.124.41.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820056/; classtype:trojan-activity;sid:83683156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.148.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820057/; classtype:trojan-activity;sid:83683157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.58.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820055/; classtype:trojan-activity;sid:83683155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.66.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820054/; classtype:trojan-activity;sid:83683154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.255.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820053/; classtype:trojan-activity;sid:83683153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.46.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820052/; classtype:trojan-activity;sid:83683152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.250.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820051/; classtype:trojan-activity;sid:83683151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820050/; classtype:trojan-activity;sid:83683150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820049/; classtype:trojan-activity;sid:83683149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.209.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820048/; classtype:trojan-activity;sid:83683148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.216.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820047/; classtype:trojan-activity;sid:83683147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.203.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820046/; classtype:trojan-activity;sid:83683146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.55.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820045/; classtype:trojan-activity;sid:83683145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820044/; classtype:trojan-activity;sid:83683144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.60.70.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820043/; classtype:trojan-activity;sid:83683143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.99.201.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820042/; classtype:trojan-activity;sid:83683142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.127.171.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820041/; classtype:trojan-activity;sid:83683141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.82.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820040/; classtype:trojan-activity;sid:83683140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.195.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820039/; classtype:trojan-activity;sid:83683139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.129.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820038/; classtype:trojan-activity;sid:83683138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.229.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820037/; classtype:trojan-activity;sid:83683137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820036/; classtype:trojan-activity;sid:83683136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.250.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820035/; classtype:trojan-activity;sid:83683135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820034/; classtype:trojan-activity;sid:83683134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.43.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820033/; classtype:trojan-activity;sid:83683133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.180.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820032/; classtype:trojan-activity;sid:83683132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.137.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820031/; classtype:trojan-activity;sid:83683131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.33.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820030/; classtype:trojan-activity;sid:83683130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.194.213.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820029/; classtype:trojan-activity;sid:83683129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.55.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820028/; classtype:trojan-activity;sid:83683128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.1.128"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820027/; classtype:trojan-activity;sid:83683127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820026/; classtype:trojan-activity;sid:83683126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820025/; classtype:trojan-activity;sid:83683125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.199.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820024/; classtype:trojan-activity;sid:83683124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820023/; classtype:trojan-activity;sid:83683123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820022/; classtype:trojan-activity;sid:83683122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.192.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820021/; classtype:trojan-activity;sid:83683121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820020/; classtype:trojan-activity;sid:83683120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.183.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820019/; classtype:trojan-activity;sid:83683119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.250.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820016/; classtype:trojan-activity;sid:83683116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.185.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820017/; classtype:trojan-activity;sid:83683117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.195.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820018/; classtype:trojan-activity;sid:83683118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820015/; classtype:trojan-activity;sid:83683115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.120.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820012/; classtype:trojan-activity;sid:83683112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.89.175.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820013/; classtype:trojan-activity;sid:83683113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.38.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820014/; classtype:trojan-activity;sid:83683114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.179.255.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820011/; classtype:trojan-activity;sid:83683111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820010/; classtype:trojan-activity;sid:83683110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.5.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820009/; classtype:trojan-activity;sid:83683109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.89.201.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820008/; classtype:trojan-activity;sid:83683108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820007/; classtype:trojan-activity;sid:83683107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.1.128"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820006/; classtype:trojan-activity;sid:83683106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.237.116.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820003/; classtype:trojan-activity;sid:83683103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.30.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820004/; classtype:trojan-activity;sid:83683104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.106.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820005/; classtype:trojan-activity;sid:83683105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.209.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820002/; classtype:trojan-activity;sid:83683102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.58.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820000/; classtype:trojan-activity;sid:83683100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.189.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820001/; classtype:trojan-activity;sid:83683101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.89.201.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819999/; classtype:trojan-activity;sid:83683099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.50.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819998/; classtype:trojan-activity;sid:83683098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.90.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819997/; classtype:trojan-activity;sid:83683097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.5.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819996/; classtype:trojan-activity;sid:83683096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.187"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819995/; classtype:trojan-activity;sid:83683095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819994/; classtype:trojan-activity;sid:83683094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.198.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819993/; classtype:trojan-activity;sid:83683093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819992/; classtype:trojan-activity;sid:83683092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.89.175.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819991/; classtype:trojan-activity;sid:83683091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.180.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819990/; classtype:trojan-activity;sid:83683090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.177.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819989/; classtype:trojan-activity;sid:83683089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.213.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819988/; classtype:trojan-activity;sid:83683088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.50.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819987/; classtype:trojan-activity;sid:83683087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.58.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819986/; classtype:trojan-activity;sid:83683086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.22.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819985/; classtype:trojan-activity;sid:83683085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819984/; classtype:trojan-activity;sid:83683084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.23.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819983/; classtype:trojan-activity;sid:83683083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.96.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819982/; classtype:trojan-activity;sid:83683082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.227.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819981/; classtype:trojan-activity;sid:83683081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819979/; classtype:trojan-activity;sid:83683079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819980/; classtype:trojan-activity;sid:83683080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.60.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819978/; classtype:trojan-activity;sid:83683078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.203.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819977/; classtype:trojan-activity;sid:83683077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.79.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819976/; classtype:trojan-activity;sid:83683076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.198.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2819975/; classtype:trojan-activity;sid:83683075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.87.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819974/; classtype:trojan-activity;sid:83683074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.207.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819973/; classtype:trojan-activity;sid:83683073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.192.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819972/; classtype:trojan-activity;sid:83683072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.180.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819971/; classtype:trojan-activity;sid:83683071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.93.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819970/; classtype:trojan-activity;sid:83683070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819969/; classtype:trojan-activity;sid:83683069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.46.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819968/; classtype:trojan-activity;sid:83683068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819967/; classtype:trojan-activity;sid:83683067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.162.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819966/; classtype:trojan-activity;sid:83683066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.191.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819965/; classtype:trojan-activity;sid:83683065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.198.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819963/; classtype:trojan-activity;sid:83683063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.61.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819964/; classtype:trojan-activity;sid:83683064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819962/; classtype:trojan-activity;sid:83683062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing_aarch64"; depth:16; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819961/; classtype:trojan-activity;sid:83683061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing"; depth:8; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819957/; classtype:trojan-activity;sid:83683057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-amd64"; depth:11; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819958/; classtype:trojan-activity;sid:83683058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libsystem.so"; depth:13; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819959/; classtype:trojan-activity;sid:83683059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-aarch64"; depth:13; endswith; nocase; http.host; content:"93.183.94.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819960/; classtype:trojan-activity;sid:83683060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/arm6"; depth:11; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819946/; classtype:trojan-activity;sid:83683046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/arm5"; depth:11; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819947/; classtype:trojan-activity;sid:83683047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/sh4"; depth:10; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819948/; classtype:trojan-activity;sid:83683048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/mpsl"; depth:11; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819949/; classtype:trojan-activity;sid:83683049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/arm7"; depth:11; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819950/; classtype:trojan-activity;sid:83683050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/x86"; depth:10; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819951/; classtype:trojan-activity;sid:83683051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/mips"; depth:11; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819952/; classtype:trojan-activity;sid:83683052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/x86_64"; depth:13; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819953/; classtype:trojan-activity;sid:83683053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/arm"; depth:10; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819954/; classtype:trojan-activity;sid:83683054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/ppc"; depth:10; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819955/; classtype:trojan-activity;sid:83683055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/m68k"; depth:11; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819956/; classtype:trojan-activity;sid:83683056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819941/; classtype:trojan-activity;sid:83683041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819942/; classtype:trojan-activity;sid:83683042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819943/; classtype:trojan-activity;sid:83683043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819944/; classtype:trojan-activity;sid:83683044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mcmodpack"; depth:10; endswith; nocase; http.host; content:"85.204.116.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819945/; classtype:trojan-activity;sid:83683045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819938/; classtype:trojan-activity;sid:83683038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819939/; classtype:trojan-activity;sid:83683039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819940/; classtype:trojan-activity;sid:83683040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819934/; classtype:trojan-activity;sid:83683034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819935/; classtype:trojan-activity;sid:83683035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819936/; classtype:trojan-activity;sid:83683036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819937/; classtype:trojan-activity;sid:83683037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.172.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819933/; classtype:trojan-activity;sid:83683033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.60.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819932/; classtype:trojan-activity;sid:83683032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.111.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819931/; classtype:trojan-activity;sid:83683031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.163.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819930/; classtype:trojan-activity;sid:83683030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.12.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819929/; classtype:trojan-activity;sid:83683029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.90.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819928/; classtype:trojan-activity;sid:83683028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819927/; classtype:trojan-activity;sid:83683027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.191.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819926/; classtype:trojan-activity;sid:83683026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.162.73.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819925/; classtype:trojan-activity;sid:83683025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.83.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819924/; classtype:trojan-activity;sid:83683024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.207.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819923/; classtype:trojan-activity;sid:83683023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.195.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819922/; classtype:trojan-activity;sid:83683022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.61.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819921/; classtype:trojan-activity;sid:83683021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819920/; classtype:trojan-activity;sid:83683020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.5.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819919/; classtype:trojan-activity;sid:83683019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.158.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819918/; classtype:trojan-activity;sid:83683018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.111.26.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819917/; classtype:trojan-activity;sid:83683017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.229.195.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819916/; classtype:trojan-activity;sid:83683016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.102.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819915/; classtype:trojan-activity;sid:83683015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.139.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819914/; classtype:trojan-activity;sid:83683014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.120.132.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819913/; classtype:trojan-activity;sid:83683013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819912/; classtype:trojan-activity;sid:83683012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.108"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819911/; classtype:trojan-activity;sid:83683011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.200.66.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819910/; classtype:trojan-activity;sid:83683010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668796587|3f|hash=kzphhytljzw9v4ehrjezzxgnkn7q6iwg4bouwgmoizl|7c|26|7c|dl=lh8i4tz77ckzz9fmzpwmmid0izmkczbrnejwynekzow|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819909/; classtype:trojan-activity;sid:83683009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.83.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819908/; classtype:trojan-activity;sid:83683008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.37.237.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819907/; classtype:trojan-activity;sid:83683007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.163.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819906/; classtype:trojan-activity;sid:83683006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/violetx86"; depth:15; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819905/; classtype:trojan-activity;sid:83683005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.163.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819904/; classtype:trojan-activity;sid:83683004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.168.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819903/; classtype:trojan-activity;sid:83683003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.220.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819902/; classtype:trojan-activity;sid:83683002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.191.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819901/; classtype:trojan-activity;sid:83683001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.254.57.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819900/; classtype:trojan-activity;sid:83683000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.38.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819899/; classtype:trojan-activity;sid:83682999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819898/; classtype:trojan-activity;sid:83682998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.150.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819897/; classtype:trojan-activity;sid:83682997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.83.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819896/; classtype:trojan-activity;sid:83682996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.163.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819895/; classtype:trojan-activity;sid:83682995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.50.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819892/; classtype:trojan-activity;sid:83682992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.96.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819893/; classtype:trojan-activity;sid:83682993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.14.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819894/; classtype:trojan-activity;sid:83682994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.193.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819891/; classtype:trojan-activity;sid:83682991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.22.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819890/; classtype:trojan-activity;sid:83682990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"209.38.226.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819889/; classtype:trojan-activity;sid:83682989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"209.38.226.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819888/; classtype:trojan-activity;sid:83682988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.191.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819887/; classtype:trojan-activity;sid:83682987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.230.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819886/; classtype:trojan-activity;sid:83682986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.38.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819885/; classtype:trojan-activity;sid:83682985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.220.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819884/; classtype:trojan-activity;sid:83682984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.49.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819883/; classtype:trojan-activity;sid:83682983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/list.exe"; depth:9; endswith; nocase; http.host; content:"factorylifes.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819882/; classtype:trojan-activity;sid:83682982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819881/; classtype:trojan-activity;sid:83682981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.72.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819880/; classtype:trojan-activity;sid:83682980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.128.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819879/; classtype:trojan-activity;sid:83682979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.96.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819878/; classtype:trojan-activity;sid:83682978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819877/; classtype:trojan-activity;sid:83682977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.220.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819876/; classtype:trojan-activity;sid:83682976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.22.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819875/; classtype:trojan-activity;sid:83682975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819874/; classtype:trojan-activity;sid:83682974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819873/; classtype:trojan-activity;sid:83682973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.55.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819872/; classtype:trojan-activity;sid:83682972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.20.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819871/; classtype:trojan-activity;sid:83682971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819870/; classtype:trojan-activity;sid:83682970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.178.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819869/; classtype:trojan-activity;sid:83682969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.128.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819868/; classtype:trojan-activity;sid:83682968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.160.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819867/; classtype:trojan-activity;sid:83682967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.194.35.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819866/; classtype:trojan-activity;sid:83682966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.188.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819865/; classtype:trojan-activity;sid:83682965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819864/; classtype:trojan-activity;sid:83682964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.182.254.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819863/; classtype:trojan-activity;sid:83682963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.43.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819862/; classtype:trojan-activity;sid:83682962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.215.213.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819861/; classtype:trojan-activity;sid:83682961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.177.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819860/; classtype:trojan-activity;sid:83682960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819859/; classtype:trojan-activity;sid:83682959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.69.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819858/; classtype:trojan-activity;sid:83682958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.54.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819857/; classtype:trojan-activity;sid:83682957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.27.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819856/; classtype:trojan-activity;sid:83682956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.255.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819855/; classtype:trojan-activity;sid:83682955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.72.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819854/; classtype:trojan-activity;sid:83682954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.230.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819853/; classtype:trojan-activity;sid:83682953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.33.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819852/; classtype:trojan-activity;sid:83682952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.204.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819851/; classtype:trojan-activity;sid:83682951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y.exe"; depth:6; endswith; nocase; http.host; content:"93.123.39.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819850/; classtype:trojan-activity;sid:83682950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.185.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819849/; classtype:trojan-activity;sid:83682949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819848/; classtype:trojan-activity;sid:83682948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819847/; classtype:trojan-activity;sid:83682947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.61.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819846/; classtype:trojan-activity;sid:83682946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.221.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819845/; classtype:trojan-activity;sid:83682945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.75.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819844/; classtype:trojan-activity;sid:83682944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819843/; classtype:trojan-activity;sid:83682943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.160.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819842/; classtype:trojan-activity;sid:83682942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.28.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819841/; classtype:trojan-activity;sid:83682941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.16.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819840/; classtype:trojan-activity;sid:83682940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.194.35.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819839/; classtype:trojan-activity;sid:83682939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.202.236.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819838/; classtype:trojan-activity;sid:83682938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.177.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819837/; classtype:trojan-activity;sid:83682937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.47.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819836/; classtype:trojan-activity;sid:83682936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.72.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819835/; classtype:trojan-activity;sid:83682935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.45.11.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819834/; classtype:trojan-activity;sid:83682934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819833/; classtype:trojan-activity;sid:83682933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"95.164.16.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819832/; classtype:trojan-activity;sid:83682932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.204.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819831/; classtype:trojan-activity;sid:83682931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819830/; classtype:trojan-activity;sid:83682930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819829/; classtype:trojan-activity;sid:83682929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.134.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819828/; classtype:trojan-activity;sid:83682928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.32.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819827/; classtype:trojan-activity;sid:83682927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.28.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819826/; classtype:trojan-activity;sid:83682926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.38.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819825/; classtype:trojan-activity;sid:83682925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.84.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819823/; classtype:trojan-activity;sid:83682923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.210.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819824/; classtype:trojan-activity;sid:83682924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.48.59.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819822/; classtype:trojan-activity;sid:83682922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819821/; classtype:trojan-activity;sid:83682921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.206.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819820/; classtype:trojan-activity;sid:83682920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.46.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819819/; classtype:trojan-activity;sid:83682919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668810935|3f|hash=pvtbugr4cdmwq8qkcv3nei8bwkex3lrnsmkeqzi7xz0|7c|26|7c|dl=630catnowxrjzz57at5fncbvcgehazt0zzj6leabxms|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819818/; classtype:trojan-activity;sid:83682918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.250.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819817/; classtype:trojan-activity;sid:83682917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819816/; classtype:trojan-activity;sid:83682916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.248.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819815/; classtype:trojan-activity;sid:83682915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.38.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819814/; classtype:trojan-activity;sid:83682914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calrasjl.exe"; depth:13; endswith; nocase; http.host; content:"193.233.132.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819813/; classtype:trojan-activity;sid:83682913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.84.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819812/; classtype:trojan-activity;sid:83682912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.210.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819811/; classtype:trojan-activity;sid:83682911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.7.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819810/; classtype:trojan-activity;sid:83682910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.220.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819809/; classtype:trojan-activity;sid:83682909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.199.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819808/; classtype:trojan-activity;sid:83682908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819807/; classtype:trojan-activity;sid:83682907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.189.99.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819806/; classtype:trojan-activity;sid:83682906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.228.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819805/; classtype:trojan-activity;sid:83682905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.232.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819804/; classtype:trojan-activity;sid:83682904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.228.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819803/; classtype:trojan-activity;sid:83682903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.92.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819801/; classtype:trojan-activity;sid:83682901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.18.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819802/; classtype:trojan-activity;sid:83682902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819800/; classtype:trojan-activity;sid:83682900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819799/; classtype:trojan-activity;sid:83682899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.189.99.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819797/; classtype:trojan-activity;sid:83682897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.248.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819798/; classtype:trojan-activity;sid:83682898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.220.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819796/; classtype:trojan-activity;sid:83682896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.189.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819795/; classtype:trojan-activity;sid:83682895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.63.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819794/; classtype:trojan-activity;sid:83682894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819793/; classtype:trojan-activity;sid:83682893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819792/; classtype:trojan-activity;sid:83682892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.198.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819791/; classtype:trojan-activity;sid:83682891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.202.197.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819790/; classtype:trojan-activity;sid:83682890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.32.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819789/; classtype:trojan-activity;sid:83682889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.220.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819788/; classtype:trojan-activity;sid:83682888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.59.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819787/; classtype:trojan-activity;sid:83682887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.232.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819786/; classtype:trojan-activity;sid:83682886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.168.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819785/; classtype:trojan-activity;sid:83682885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819784/; classtype:trojan-activity;sid:83682884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.202.197.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819783/; classtype:trojan-activity;sid:83682883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.63.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819782/; classtype:trojan-activity;sid:83682882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.238.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819781/; classtype:trojan-activity;sid:83682881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.114.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819779/; classtype:trojan-activity;sid:83682879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819780/; classtype:trojan-activity;sid:83682880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.92.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819778/; classtype:trojan-activity;sid:83682878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.59.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819777/; classtype:trojan-activity;sid:83682877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.12.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819776/; classtype:trojan-activity;sid:83682876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.106.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819775/; classtype:trojan-activity;sid:83682875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.141.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819773/; classtype:trojan-activity;sid:83682873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819774/; classtype:trojan-activity;sid:83682874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.0.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819772/; classtype:trojan-activity;sid:83682872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.94.31.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819771/; classtype:trojan-activity;sid:83682871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.186.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819769/; classtype:trojan-activity;sid:83682869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819770/; classtype:trojan-activity;sid:83682870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.37.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819768/; classtype:trojan-activity;sid:83682868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.5.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819767/; classtype:trojan-activity;sid:83682867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.209.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819766/; classtype:trojan-activity;sid:83682866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.126.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819764/; classtype:trojan-activity;sid:83682864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.114.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819765/; classtype:trojan-activity;sid:83682865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.183.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819763/; classtype:trojan-activity;sid:83682863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.70.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819762/; classtype:trojan-activity;sid:83682862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.158.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819761/; classtype:trojan-activity;sid:83682861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.100.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819760/; classtype:trojan-activity;sid:83682860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.163.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819759/; classtype:trojan-activity;sid:83682859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.227.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819758/; classtype:trojan-activity;sid:83682858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.184.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819757/; classtype:trojan-activity;sid:83682857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.128.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819756/; classtype:trojan-activity;sid:83682856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/current.exe"; depth:12; endswith; nocase; http.host; content:"flowers4theworld.shop"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819755/; classtype:trojan-activity;sid:83682855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.206.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819754/; classtype:trojan-activity;sid:83682854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.111.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819753/; classtype:trojan-activity;sid:83682853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.167.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819751/; classtype:trojan-activity;sid:83682851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.91.248.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819752/; classtype:trojan-activity;sid:83682852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.145.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819750/; classtype:trojan-activity;sid:83682850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.209.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819749/; classtype:trojan-activity;sid:83682849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.5.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819748/; classtype:trojan-activity;sid:83682848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.186.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819747/; classtype:trojan-activity;sid:83682847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.172.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819746/; classtype:trojan-activity;sid:83682846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loadme.exe"; depth:11; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819745/; classtype:trojan-activity;sid:83682845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.179.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819744/; classtype:trojan-activity;sid:83682844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.213.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819743/; classtype:trojan-activity;sid:83682843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819742/; classtype:trojan-activity;sid:83682842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.163.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819741/; classtype:trojan-activity;sid:83682841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.129.193.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819740/; classtype:trojan-activity;sid:83682840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.151.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819739/; classtype:trojan-activity;sid:83682839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.104.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819738/; classtype:trojan-activity;sid:83682838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.128.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819737/; classtype:trojan-activity;sid:83682837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.100.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819736/; classtype:trojan-activity;sid:83682836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.78.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819735/; classtype:trojan-activity;sid:83682835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.60.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819734/; classtype:trojan-activity;sid:83682834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.22.83.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819733/; classtype:trojan-activity;sid:83682833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.163.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819732/; classtype:trojan-activity;sid:83682832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.172.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819731/; classtype:trojan-activity;sid:83682831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.213.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819730/; classtype:trojan-activity;sid:83682830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.52.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819728/; classtype:trojan-activity;sid:83682828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.238.196.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819729/; classtype:trojan-activity;sid:83682829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.78.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819727/; classtype:trojan-activity;sid:83682827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.127.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819726/; classtype:trojan-activity;sid:83682826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.71.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819725/; classtype:trojan-activity;sid:83682825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xzjcrmamhcer"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819724/; classtype:trojan-activity;sid:83682824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.146.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819723/; classtype:trojan-activity;sid:83682823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.127.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819721/; classtype:trojan-activity;sid:83682821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talka/linda.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819722/; classtype:trojan-activity;sid:83682822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.24.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819720/; classtype:trojan-activity;sid:83682820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.86.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819719/; classtype:trojan-activity;sid:83682819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.202.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819718/; classtype:trojan-activity;sid:83682818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.90.25.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819717/; classtype:trojan-activity;sid:83682817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.137.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819716/; classtype:trojan-activity;sid:83682816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.127.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819715/; classtype:trojan-activity;sid:83682815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.27.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819714/; classtype:trojan-activity;sid:83682814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.129.193.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819713/; classtype:trojan-activity;sid:83682813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.194.202.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819712/; classtype:trojan-activity;sid:83682812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.127.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819711/; classtype:trojan-activity;sid:83682811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.253.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819710/; classtype:trojan-activity;sid:83682810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.71.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819709/; classtype:trojan-activity;sid:83682809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.203.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819708/; classtype:trojan-activity;sid:83682808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.110.193.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819707/; classtype:trojan-activity;sid:83682807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819706/; classtype:trojan-activity;sid:83682806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.247.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819704/; classtype:trojan-activity;sid:83682804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.202.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819705/; classtype:trojan-activity;sid:83682805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.20.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819703/; classtype:trojan-activity;sid:83682803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.218.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819702/; classtype:trojan-activity;sid:83682802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.5.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819700/; classtype:trojan-activity;sid:83682800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668801935|3f|hash=hk765x8fptw2hwpzs6iggven6984ya6zkiuetupzaps|7c|26|7c|dl=f3aja4sotpachp44ls1zwzz04tvpdhsegkrzxsps95g|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819701/; classtype:trojan-activity;sid:83682801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.185.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819699/; classtype:trojan-activity;sid:83682799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.247.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819697/; classtype:trojan-activity;sid:83682797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.186.246.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819698/; classtype:trojan-activity;sid:83682798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.20.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819696/; classtype:trojan-activity;sid:83682796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.203.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819695/; classtype:trojan-activity;sid:83682795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.4.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819694/; classtype:trojan-activity;sid:83682794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.189.99.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819693/; classtype:trojan-activity;sid:83682793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.245.77.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819692/; classtype:trojan-activity;sid:83682792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.103.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819690/; classtype:trojan-activity;sid:83682790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.138.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819691/; classtype:trojan-activity;sid:83682791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.209.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819688/; classtype:trojan-activity;sid:83682788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.183.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819689/; classtype:trojan-activity;sid:83682789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.121.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819687/; classtype:trojan-activity;sid:83682787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.187.67.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819686/; classtype:trojan-activity;sid:83682786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819685/; classtype:trojan-activity;sid:83682785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.90.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819684/; classtype:trojan-activity;sid:83682784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.4.178"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819683/; classtype:trojan-activity;sid:83682783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.212.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819682/; classtype:trojan-activity;sid:83682782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819681/; classtype:trojan-activity;sid:83682781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.2.100"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819680/; classtype:trojan-activity;sid:83682780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.209.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819679/; classtype:trojan-activity;sid:83682779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.158.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819678/; classtype:trojan-activity;sid:83682778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.183.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819677/; classtype:trojan-activity;sid:83682777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.226.79.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819676/; classtype:trojan-activity;sid:83682776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.135.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819675/; classtype:trojan-activity;sid:83682775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.78.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819673/; classtype:trojan-activity;sid:83682773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.212.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819674/; classtype:trojan-activity;sid:83682774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.218.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819672/; classtype:trojan-activity;sid:83682772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.121.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819671/; classtype:trojan-activity;sid:83682771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.246.228.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819670/; classtype:trojan-activity;sid:83682770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819669/; classtype:trojan-activity;sid:83682769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.194.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819668/; classtype:trojan-activity;sid:83682768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.172.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819667/; classtype:trojan-activity;sid:83682767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.226.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819666/; classtype:trojan-activity;sid:83682766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.61.146.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819665/; classtype:trojan-activity;sid:83682765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819664/; classtype:trojan-activity;sid:83682764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.246.228.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819663/; classtype:trojan-activity;sid:83682763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.135.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819662/; classtype:trojan-activity;sid:83682762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.80.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819661/; classtype:trojan-activity;sid:83682761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819660/; classtype:trojan-activity;sid:83682760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.122.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819659/; classtype:trojan-activity;sid:83682759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.93.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819658/; classtype:trojan-activity;sid:83682758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.78.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819657/; classtype:trojan-activity;sid:83682757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.16.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819656/; classtype:trojan-activity;sid:83682756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.172.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819655/; classtype:trojan-activity;sid:83682755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.244.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819654/; classtype:trojan-activity;sid:83682754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.255.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819653/; classtype:trojan-activity;sid:83682753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.226.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819652/; classtype:trojan-activity;sid:83682752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.150.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819651/; classtype:trojan-activity;sid:83682751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.76.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819650/; classtype:trojan-activity;sid:83682750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.80.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819649/; classtype:trojan-activity;sid:83682749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.174.66.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819648/; classtype:trojan-activity;sid:83682748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.64.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819647/; classtype:trojan-activity;sid:83682747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.199.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819646/; classtype:trojan-activity;sid:83682746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.182.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819645/; classtype:trojan-activity;sid:83682745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819644/; classtype:trojan-activity;sid:83682744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.68.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819643/; classtype:trojan-activity;sid:83682743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.39.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819642/; classtype:trojan-activity;sid:83682742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.16.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819641/; classtype:trojan-activity;sid:83682741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.255.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819640/; classtype:trojan-activity;sid:83682740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.48.112.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819639/; classtype:trojan-activity;sid:83682739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819638/; classtype:trojan-activity;sid:83682738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.150.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819637/; classtype:trojan-activity;sid:83682737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.172.52.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819636/; classtype:trojan-activity;sid:83682736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.105.177.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819635/; classtype:trojan-activity;sid:83682735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819634/; classtype:trojan-activity;sid:83682734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819633/; classtype:trojan-activity;sid:83682733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.103.219.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819632/; classtype:trojan-activity;sid:83682732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.73.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819631/; classtype:trojan-activity;sid:83682731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.17.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819630/; classtype:trojan-activity;sid:83682730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.182.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819629/; classtype:trojan-activity;sid:83682729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.255.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819627/; classtype:trojan-activity;sid:83682727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.57.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819628/; classtype:trojan-activity;sid:83682728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.24.85.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819626/; classtype:trojan-activity;sid:83682726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.13.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819624/; classtype:trojan-activity;sid:83682724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819625/; classtype:trojan-activity;sid:83682725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.237.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819623/; classtype:trojan-activity;sid:83682723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.85.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819622/; classtype:trojan-activity;sid:83682722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.100.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819621/; classtype:trojan-activity;sid:83682721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.32.172.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819620/; classtype:trojan-activity;sid:83682720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.39.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819619/; classtype:trojan-activity;sid:83682719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.12.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819618/; classtype:trojan-activity;sid:83682718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.48.112.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819617/; classtype:trojan-activity;sid:83682717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.108.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819616/; classtype:trojan-activity;sid:83682716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.78.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819615/; classtype:trojan-activity;sid:83682715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.73.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819614/; classtype:trojan-activity;sid:83682714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819613/; classtype:trojan-activity;sid:83682713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.192.207.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819612/; classtype:trojan-activity;sid:83682712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.12.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819611/; classtype:trojan-activity;sid:83682711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.185.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819610/; classtype:trojan-activity;sid:83682710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.78.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819609/; classtype:trojan-activity;sid:83682709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.12.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819607/; classtype:trojan-activity;sid:83682707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.199.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819608/; classtype:trojan-activity;sid:83682708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.178.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819606/; classtype:trojan-activity;sid:83682706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.81.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819605/; classtype:trojan-activity;sid:83682705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819604/; classtype:trojan-activity;sid:83682704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819603/; classtype:trojan-activity;sid:83682703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.110.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819602/; classtype:trojan-activity;sid:83682702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.108.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819599/; classtype:trojan-activity;sid:83682699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.191.104.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819600/; classtype:trojan-activity;sid:83682700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.153.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819601/; classtype:trojan-activity;sid:83682701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.85.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819598/; classtype:trojan-activity;sid:83682698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.246.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819597/; classtype:trojan-activity;sid:83682697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819596/; classtype:trojan-activity;sid:83682696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.235.200.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819595/; classtype:trojan-activity;sid:83682695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.237.116.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819594/; classtype:trojan-activity;sid:83682694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819593/; classtype:trojan-activity;sid:83682693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819592/; classtype:trojan-activity;sid:83682692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.206.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819591/; classtype:trojan-activity;sid:83682691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.83.76.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819590/; classtype:trojan-activity;sid:83682690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.52.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819589/; classtype:trojan-activity;sid:83682689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.191.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819588/; classtype:trojan-activity;sid:83682688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.174.238.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819587/; classtype:trojan-activity;sid:83682687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819586/; classtype:trojan-activity;sid:83682686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"supermarketcold.info"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819585/; classtype:trojan-activity;sid:83682685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"supermarketcold.info"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819584/; classtype:trojan-activity;sid:83682684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819583/; classtype:trojan-activity;sid:83682683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.237.116.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819582/; classtype:trojan-activity;sid:83682682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.181.151.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819581/; classtype:trojan-activity;sid:83682681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.105.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819580/; classtype:trojan-activity;sid:83682680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819579/; classtype:trojan-activity;sid:83682679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.131.60.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819578/; classtype:trojan-activity;sid:83682678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.191.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819577/; classtype:trojan-activity;sid:83682677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819576/; classtype:trojan-activity;sid:83682676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.83.76.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819575/; classtype:trojan-activity;sid:83682675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.0.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819574/; classtype:trojan-activity;sid:83682674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.186.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819573/; classtype:trojan-activity;sid:83682673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.37.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819572/; classtype:trojan-activity;sid:83682672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.243.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819571/; classtype:trojan-activity;sid:83682671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.0.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819570/; classtype:trojan-activity;sid:83682670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819569/; classtype:trojan-activity;sid:83682669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819568/; classtype:trojan-activity;sid:83682668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.2.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819567/; classtype:trojan-activity;sid:83682667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.127.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819566/; classtype:trojan-activity;sid:83682666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.140.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819565/; classtype:trojan-activity;sid:83682665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.0.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819564/; classtype:trojan-activity;sid:83682664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.73.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819563/; classtype:trojan-activity;sid:83682663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.181.151.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819562/; classtype:trojan-activity;sid:83682662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819561/; classtype:trojan-activity;sid:83682661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.21.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819560/; classtype:trojan-activity;sid:83682660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.143.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819557/; classtype:trojan-activity;sid:83682657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.129.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819558/; classtype:trojan-activity;sid:83682658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.12.208.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819559/; classtype:trojan-activity;sid:83682659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.22.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819556/; classtype:trojan-activity;sid:83682656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.74.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819555/; classtype:trojan-activity;sid:83682655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.142.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819554/; classtype:trojan-activity;sid:83682654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.35.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819553/; classtype:trojan-activity;sid:83682653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819552/; classtype:trojan-activity;sid:83682652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.171.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819551/; classtype:trojan-activity;sid:83682651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.146.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819550/; classtype:trojan-activity;sid:83682650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.216.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819549/; classtype:trojan-activity;sid:83682649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.129.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819548/; classtype:trojan-activity;sid:83682648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.48.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819547/; classtype:trojan-activity;sid:83682647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.140.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819546/; classtype:trojan-activity;sid:83682646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668798085|3f|hash=jrmolovul9tzekahfvdbrjlzi72ibkhduu5vahdbbbw|7c|26|7c|dl=maacc9ky9vpywqhe8xivxi3fgvkkqpso4ufxplip0wx|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819545/; classtype:trojan-activity;sid:83682645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.127.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819544/; classtype:trojan-activity;sid:83682644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.107.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819543/; classtype:trojan-activity;sid:83682643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.73.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819542/; classtype:trojan-activity;sid:83682642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819541/; classtype:trojan-activity;sid:83682641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.221.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819540/; classtype:trojan-activity;sid:83682640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.229.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819539/; classtype:trojan-activity;sid:83682639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.41.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819538/; classtype:trojan-activity;sid:83682638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.107.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819537/; classtype:trojan-activity;sid:83682637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.93.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819535/; classtype:trojan-activity;sid:83682635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.129.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819536/; classtype:trojan-activity;sid:83682636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.223.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819534/; classtype:trojan-activity;sid:83682634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.31.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819533/; classtype:trojan-activity;sid:83682633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.234.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819532/; classtype:trojan-activity;sid:83682632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.143.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819531/; classtype:trojan-activity;sid:83682631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668795908|3f|hash=0bmew2yk5wqf2zv7jqw8ktz03hhypilnetmdtsxian8|7c|26|7c|dl=s5gtyergncrvz9fsxmzvvafwod8toziczo42v6e9xop|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819530/; classtype:trojan-activity;sid:83682630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819529/; classtype:trojan-activity;sid:83682629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.163.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819527/; classtype:trojan-activity;sid:83682627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.41.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819528/; classtype:trojan-activity;sid:83682628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819526/; classtype:trojan-activity;sid:83682626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.188.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819525/; classtype:trojan-activity;sid:83682625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.9.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819524/; classtype:trojan-activity;sid:83682624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.93.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819523/; classtype:trojan-activity;sid:83682623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.223.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819522/; classtype:trojan-activity;sid:83682622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.188.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819521/; classtype:trojan-activity;sid:83682621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.193.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819520/; classtype:trojan-activity;sid:83682620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.157.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819518/; classtype:trojan-activity;sid:83682618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.48.59.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819519/; classtype:trojan-activity;sid:83682619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819517/; classtype:trojan-activity;sid:83682617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.52.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819515/; classtype:trojan-activity;sid:83682615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819516/; classtype:trojan-activity;sid:83682616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.72.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819513/; classtype:trojan-activity;sid:83682613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819514/; classtype:trojan-activity;sid:83682614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819512/; classtype:trojan-activity;sid:83682612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.45.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819511/; classtype:trojan-activity;sid:83682611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.205.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819509/; classtype:trojan-activity;sid:83682609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.46.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819510/; classtype:trojan-activity;sid:83682610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819508/; classtype:trojan-activity;sid:83682608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.21.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819507/; classtype:trojan-activity;sid:83682607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.66.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819506/; classtype:trojan-activity;sid:83682606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819505/; classtype:trojan-activity;sid:83682605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.190.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819504/; classtype:trojan-activity;sid:83682604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.47.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819503/; classtype:trojan-activity;sid:83682603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.231.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819502/; classtype:trojan-activity;sid:83682602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.187.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819501/; classtype:trojan-activity;sid:83682601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.178.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819500/; classtype:trojan-activity;sid:83682600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.122.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819499/; classtype:trojan-activity;sid:83682599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.81.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819497/; classtype:trojan-activity;sid:83682597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.110.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819498/; classtype:trojan-activity;sid:83682598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.75.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819496/; classtype:trojan-activity;sid:83682596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.72.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819495/; classtype:trojan-activity;sid:83682595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819494/; classtype:trojan-activity;sid:83682594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.64.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819493/; classtype:trojan-activity;sid:83682593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.244.89.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819492/; classtype:trojan-activity;sid:83682592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.157.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819491/; classtype:trojan-activity;sid:83682591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.93.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819490/; classtype:trojan-activity;sid:83682590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.190.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819489/; classtype:trojan-activity;sid:83682589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.255.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819488/; classtype:trojan-activity;sid:83682588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819486/; classtype:trojan-activity;sid:83682586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.50.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819487/; classtype:trojan-activity;sid:83682587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.66.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819485/; classtype:trojan-activity;sid:83682585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.231.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819484/; classtype:trojan-activity;sid:83682584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.81.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819483/; classtype:trojan-activity;sid:83682583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.93.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819482/; classtype:trojan-activity;sid:83682582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819481/; classtype:trojan-activity;sid:83682581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.41"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819480/; classtype:trojan-activity;sid:83682580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.66.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819479/; classtype:trojan-activity;sid:83682579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.188.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819478/; classtype:trojan-activity;sid:83682578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.136.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819477/; classtype:trojan-activity;sid:83682577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819476/; classtype:trojan-activity;sid:83682576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.15.143.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819474/; classtype:trojan-activity;sid:83682574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.176.248.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819475/; classtype:trojan-activity;sid:83682575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.120.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819473/; classtype:trojan-activity;sid:83682573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819472/; classtype:trojan-activity;sid:83682572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819471/; classtype:trojan-activity;sid:83682571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.80.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819470/; classtype:trojan-activity;sid:83682570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.141.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819469/; classtype:trojan-activity;sid:83682569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.174.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819468/; classtype:trojan-activity;sid:83682568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/logo3.jpg"; depth:14; endswith; nocase; http.host; content:"public-ftp.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819467/; classtype:trojan-activity;sid:83682567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.66.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819466/; classtype:trojan-activity;sid:83682566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.41"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819465/; classtype:trojan-activity;sid:83682565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.243.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819464/; classtype:trojan-activity;sid:83682564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/setup.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819463/; classtype:trojan-activity;sid:83682563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/uzoyj"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819461/; classtype:trojan-activity;sid:83682561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/uniq.file"; depth:16; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819462/; classtype:trojan-activity;sid:83682562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/eu.file"; depth:14; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819458/; classtype:trojan-activity;sid:83682558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/htm/ienetworkings.html"; depth:29; endswith; nocase; http.host; content:"23.95.60.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819459/; classtype:trojan-activity;sid:83682559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.172.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819460/; classtype:trojan-activity;sid:83682560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/msgbox2.file"; depth:19; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819455/; classtype:trojan-activity;sid:83682555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/us.file"; depth:14; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819456/; classtype:trojan-activity;sid:83682556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/two.file"; depth:15; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819457/; classtype:trojan-activity;sid:83682557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/msgbox1.file"; depth:19; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819452/; classtype:trojan-activity;sid:83682552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/one.file"; depth:15; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819453/; classtype:trojan-activity;sid:83682553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/144/wqdf.txt"; depth:13; endswith; nocase; http.host; content:"23.95.60.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819454/; classtype:trojan-activity;sid:83682554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.35.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819451/; classtype:trojan-activity;sid:83682551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.139.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819450/; classtype:trojan-activity;sid:83682550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.157.15.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819449/; classtype:trojan-activity;sid:83682549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.141.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819448/; classtype:trojan-activity;sid:83682548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819447/; classtype:trojan-activity;sid:83682547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.188.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819446/; classtype:trojan-activity;sid:83682546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.171.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819445/; classtype:trojan-activity;sid:83682545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.172.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819444/; classtype:trojan-activity;sid:83682544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.176.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819443/; classtype:trojan-activity;sid:83682543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.232.9.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819442/; classtype:trojan-activity;sid:83682542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.207.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819441/; classtype:trojan-activity;sid:83682541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819440/; classtype:trojan-activity;sid:83682540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.8.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819439/; classtype:trojan-activity;sid:83682539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.172.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819438/; classtype:trojan-activity;sid:83682538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.8.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819437/; classtype:trojan-activity;sid:83682537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"151.232.9.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819436/; classtype:trojan-activity;sid:83682536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819435/; classtype:trojan-activity;sid:83682535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.207.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819434/; classtype:trojan-activity;sid:83682534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.101.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819433/; classtype:trojan-activity;sid:83682533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.215.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819432/; classtype:trojan-activity;sid:83682532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.164.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819431/; classtype:trojan-activity;sid:83682531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819430/; classtype:trojan-activity;sid:83682530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.158.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819429/; classtype:trojan-activity;sid:83682529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/file300un.exe"; depth:20; endswith; nocase; http.host; content:"193.233.132.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819428/; classtype:trojan-activity;sid:83682528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/uni400uni.exe"; depth:20; endswith; nocase; http.host; content:"193.233.132.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819427/; classtype:trojan-activity;sid:83682527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.179.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819426/; classtype:trojan-activity;sid:83682526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.27.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819425/; classtype:trojan-activity;sid:83682525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.163.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819424/; classtype:trojan-activity;sid:83682524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819423/; classtype:trojan-activity;sid:83682523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.38.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819422/; classtype:trojan-activity;sid:83682522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.119.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819421/; classtype:trojan-activity;sid:83682521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.160.228.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819420/; classtype:trojan-activity;sid:83682520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.75.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819419/; classtype:trojan-activity;sid:83682519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819418/; classtype:trojan-activity;sid:83682518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.60.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819417/; classtype:trojan-activity;sid:83682517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.63.221.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819416/; classtype:trojan-activity;sid:83682516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.232.31.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819415/; classtype:trojan-activity;sid:83682515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819414/; classtype:trojan-activity;sid:83682514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"go8et.lol"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819412/; classtype:trojan-activity;sid:83682512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"94.131.101.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819411/; classtype:trojan-activity;sid:83682511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"94.131.101.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819409/; classtype:trojan-activity;sid:83682509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php"; depth:9; endswith; nocase; http.host; content:"go8et.lol"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819410/; classtype:trojan-activity;sid:83682510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiraz.fla"; depth:10; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819407/; classtype:trojan-activity;sid:83682507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.sh"; depth:5; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819404/; classtype:trojan-activity;sid:83682504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws.sh"; depth:8; endswith; nocase; http.host; content:"pvp-rivals.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819405/; classtype:trojan-activity;sid:83682505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dfqwnyoh122.bin"; depth:16; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819406/; classtype:trojan-activity;sid:83682506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/674w0df1.sh"; depth:12; endswith; nocase; http.host; content:"whitesecurity.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819401/; classtype:trojan-activity;sid:83682501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlosdechia/carlosdechia/main/exv1"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819402/; classtype:trojan-activity;sid:83682502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/securityvpro.apk"; depth:17; endswith; nocase; http.host; content:"193.222.96.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819400/; classtype:trojan-activity;sid:83682500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/securitypro.apk"; depth:16; endswith; nocase; http.host; content:"193.222.96.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819399/; classtype:trojan-activity;sid:83682499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/security.apk"; depth:13; endswith; nocase; http.host; content:"193.222.96.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819398/; classtype:trojan-activity;sid:83682498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.180.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819397/; classtype:trojan-activity;sid:83682497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/belyves242.hhk"; depth:15; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819392/; classtype:trojan-activity;sid:83682492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.hta"; depth:5; endswith; nocase; http.host; content:"193.222.96.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819393/; classtype:trojan-activity;sid:83682493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15.bat"; depth:7; endswith; nocase; http.host; content:"193.222.96.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819394/; classtype:trojan-activity;sid:83682494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.hta"; depth:5; endswith; nocase; http.host; content:"193.222.96.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819395/; classtype:trojan-activity;sid:83682495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gogi.bat"; depth:9; endswith; nocase; http.host; content:"193.222.96.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819396/; classtype:trojan-activity;sid:83682496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.164.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819390/; classtype:trojan-activity;sid:83682490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.142.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819389/; classtype:trojan-activity;sid:83682489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.29.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819388/; classtype:trojan-activity;sid:83682488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.196.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819387/; classtype:trojan-activity;sid:83682487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.38.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819386/; classtype:trojan-activity;sid:83682486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819385/; classtype:trojan-activity;sid:83682485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.32.14.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819384/; classtype:trojan-activity;sid:83682484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819383/; classtype:trojan-activity;sid:83682483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819382/; classtype:trojan-activity;sid:83682482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.32.220.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819381/; classtype:trojan-activity;sid:83682481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.210.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819380/; classtype:trojan-activity;sid:83682480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.222.237.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819379/; classtype:trojan-activity;sid:83682479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.29.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819378/; classtype:trojan-activity;sid:83682478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819377/; classtype:trojan-activity;sid:83682477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819376/; classtype:trojan-activity;sid:83682476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819375/; classtype:trojan-activity;sid:83682475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.211.47.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819374/; classtype:trojan-activity;sid:83682474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.88.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819373/; classtype:trojan-activity;sid:83682473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.79.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819372/; classtype:trojan-activity;sid:83682472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.232.31.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819371/; classtype:trojan-activity;sid:83682471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.181.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819370/; classtype:trojan-activity;sid:83682470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.119.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819369/; classtype:trojan-activity;sid:83682469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819368/; classtype:trojan-activity;sid:83682468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.172.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819367/; classtype:trojan-activity;sid:83682467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.11.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819366/; classtype:trojan-activity;sid:83682466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"47.222.117.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819365/; classtype:trojan-activity;sid:83682465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.110.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819364/; classtype:trojan-activity;sid:83682464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"102.33.44.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819363/; classtype:trojan-activity;sid:83682463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.131.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819362/; classtype:trojan-activity;sid:83682462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.146.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819360/; classtype:trojan-activity;sid:83682460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819361/; classtype:trojan-activity;sid:83682461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.38.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819359/; classtype:trojan-activity;sid:83682459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.180.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819358/; classtype:trojan-activity;sid:83682458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.191.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819357/; classtype:trojan-activity;sid:83682457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.190.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819356/; classtype:trojan-activity;sid:83682456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.208.166.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819355/; classtype:trojan-activity;sid:83682455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819353/; classtype:trojan-activity;sid:83682453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819354/; classtype:trojan-activity;sid:83682454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.40.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819352/; classtype:trojan-activity;sid:83682452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.181.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819351/; classtype:trojan-activity;sid:83682451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.116.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819349/; classtype:trojan-activity;sid:83682449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.42.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819350/; classtype:trojan-activity;sid:83682450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819348/; classtype:trojan-activity;sid:83682448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.172.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819347/; classtype:trojan-activity;sid:83682447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.23.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819346/; classtype:trojan-activity;sid:83682446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819345/; classtype:trojan-activity;sid:83682445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.110.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819344/; classtype:trojan-activity;sid:83682444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.180.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819343/; classtype:trojan-activity;sid:83682443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.248.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819341/; classtype:trojan-activity;sid:83682441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.35.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819342/; classtype:trojan-activity;sid:83682442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.101.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819340/; classtype:trojan-activity;sid:83682440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.131.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819339/; classtype:trojan-activity;sid:83682439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819338/; classtype:trojan-activity;sid:83682438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.40.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819337/; classtype:trojan-activity;sid:83682437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.42.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819336/; classtype:trojan-activity;sid:83682436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.78.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819335/; classtype:trojan-activity;sid:83682435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.84.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819333/; classtype:trojan-activity;sid:83682433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.154.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819334/; classtype:trojan-activity;sid:83682434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.186.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819332/; classtype:trojan-activity;sid:83682432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.190.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819331/; classtype:trojan-activity;sid:83682431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819330/; classtype:trojan-activity;sid:83682430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819329/; classtype:trojan-activity;sid:83682429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.184.56.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819328/; classtype:trojan-activity;sid:83682428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819327/; classtype:trojan-activity;sid:83682427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.57.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819326/; classtype:trojan-activity;sid:83682426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.97.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819325/; classtype:trojan-activity;sid:83682425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%b1%86%e5%8c%85%e4%bc%a0%e4%b8%96.zip"; depth:41; endswith; nocase; http.host; content:"lovepk.top"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819324/; classtype:trojan-activity;sid:83682424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.154.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819323/; classtype:trojan-activity;sid:83682423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.93.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819322/; classtype:trojan-activity;sid:83682422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.115.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819321/; classtype:trojan-activity;sid:83682421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.84.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819320/; classtype:trojan-activity;sid:83682420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.97.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819319/; classtype:trojan-activity;sid:83682419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.223.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819318/; classtype:trojan-activity;sid:83682418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.78.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819315/; classtype:trojan-activity;sid:83682415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.146.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819316/; classtype:trojan-activity;sid:83682416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.31.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819317/; classtype:trojan-activity;sid:83682417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.57.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819313/; classtype:trojan-activity;sid:83682413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.129.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819314/; classtype:trojan-activity;sid:83682414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668759171|3f|hash=x1h7z2uzkzhc9ky70qvg3sdomvqcn4fqx6r7suzntrw|7c|26|7c|dl=l7pjnmfmdov3eg3fk0mkfxxorqucs0jkkmdhhf63vd4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819312/; classtype:trojan-activity;sid:83682412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819311/; classtype:trojan-activity;sid:83682411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.124.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819310/; classtype:trojan-activity;sid:83682410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.85.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819309/; classtype:trojan-activity;sid:83682409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.120.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819308/; classtype:trojan-activity;sid:83682408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819307/; classtype:trojan-activity;sid:83682407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.101.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819306/; classtype:trojan-activity;sid:83682406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.19.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819305/; classtype:trojan-activity;sid:83682405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.119.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819304/; classtype:trojan-activity;sid:83682404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.231.58.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819303/; classtype:trojan-activity;sid:83682403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.222.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819302/; classtype:trojan-activity;sid:83682402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819301/; classtype:trojan-activity;sid:83682401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.109.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819300/; classtype:trojan-activity;sid:83682400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.129.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819299/; classtype:trojan-activity;sid:83682399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.237.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819297/; classtype:trojan-activity;sid:83682397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.81.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819298/; classtype:trojan-activity;sid:83682398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.120.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819296/; classtype:trojan-activity;sid:83682396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.159.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819295/; classtype:trojan-activity;sid:83682395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.69.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819294/; classtype:trojan-activity;sid:83682394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.81.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819293/; classtype:trojan-activity;sid:83682393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.124.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819292/; classtype:trojan-activity;sid:83682392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.19.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819291/; classtype:trojan-activity;sid:83682391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.115.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819290/; classtype:trojan-activity;sid:83682390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.189.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819289/; classtype:trojan-activity;sid:83682389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819288/; classtype:trojan-activity;sid:83682388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.85.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819287/; classtype:trojan-activity;sid:83682387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.81.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819286/; classtype:trojan-activity;sid:83682386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.184.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819285/; classtype:trojan-activity;sid:83682385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819284/; classtype:trojan-activity;sid:83682384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.217.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819283/; classtype:trojan-activity;sid:83682383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819282/; classtype:trojan-activity;sid:83682382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.199.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819281/; classtype:trojan-activity;sid:83682381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.203.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819278/; classtype:trojan-activity;sid:83682378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819279/; classtype:trojan-activity;sid:83682379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.24.152.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819280/; classtype:trojan-activity;sid:83682380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.19.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819277/; classtype:trojan-activity;sid:83682377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.91.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819276/; classtype:trojan-activity;sid:83682376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.93.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819275/; classtype:trojan-activity;sid:83682375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.81.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819274/; classtype:trojan-activity;sid:83682374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.222.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819273/; classtype:trojan-activity;sid:83682373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.146.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819272/; classtype:trojan-activity;sid:83682372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.100.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819271/; classtype:trojan-activity;sid:83682371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.93.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819270/; classtype:trojan-activity;sid:83682370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.159.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819269/; classtype:trojan-activity;sid:83682369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.143.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819268/; classtype:trojan-activity;sid:83682368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.23.156"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819267/; classtype:trojan-activity;sid:83682367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819266/; classtype:trojan-activity;sid:83682366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.237.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819265/; classtype:trojan-activity;sid:83682365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.118.100.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819264/; classtype:trojan-activity;sid:83682364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.115.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819263/; classtype:trojan-activity;sid:83682363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.19.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819262/; classtype:trojan-activity;sid:83682362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.203.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819261/; classtype:trojan-activity;sid:83682361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819260/; classtype:trojan-activity;sid:83682360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.91.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819259/; classtype:trojan-activity;sid:83682359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.199.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819258/; classtype:trojan-activity;sid:83682358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819257/; classtype:trojan-activity;sid:83682357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819256/; classtype:trojan-activity;sid:83682356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.75.45.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819255/; classtype:trojan-activity;sid:83682355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.61.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819254/; classtype:trojan-activity;sid:83682354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.20.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819253/; classtype:trojan-activity;sid:83682353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.210.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819252/; classtype:trojan-activity;sid:83682352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.6.173"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819251/; classtype:trojan-activity;sid:83682351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.64.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819250/; classtype:trojan-activity;sid:83682350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.190.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819249/; classtype:trojan-activity;sid:83682349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.228.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819248/; classtype:trojan-activity;sid:83682348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.7.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819247/; classtype:trojan-activity;sid:83682347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.182.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819246/; classtype:trojan-activity;sid:83682346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.24.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819245/; classtype:trojan-activity;sid:83682345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819244/; classtype:trojan-activity;sid:83682344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.19.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819243/; classtype:trojan-activity;sid:83682343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.101.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819242/; classtype:trojan-activity;sid:83682342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.21.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819241/; classtype:trojan-activity;sid:83682341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819239/; classtype:trojan-activity;sid:83682339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.79.188.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819240/; classtype:trojan-activity;sid:83682340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.244.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819238/; classtype:trojan-activity;sid:83682338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.110.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819237/; classtype:trojan-activity;sid:83682337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.15.143.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819236/; classtype:trojan-activity;sid:83682336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.143.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819235/; classtype:trojan-activity;sid:83682335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819234/; classtype:trojan-activity;sid:83682334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.199.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819233/; classtype:trojan-activity;sid:83682333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.158.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819232/; classtype:trojan-activity;sid:83682332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.74.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819231/; classtype:trojan-activity;sid:83682331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.157.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819230/; classtype:trojan-activity;sid:83682330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.252.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819229/; classtype:trojan-activity;sid:83682329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.16.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819228/; classtype:trojan-activity;sid:83682328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819227/; classtype:trojan-activity;sid:83682327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.20.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819226/; classtype:trojan-activity;sid:83682326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819225/; classtype:trojan-activity;sid:83682325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819224/; classtype:trojan-activity;sid:83682324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.210.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819222/; classtype:trojan-activity;sid:83682322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819223/; classtype:trojan-activity;sid:83682323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.180.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819221/; classtype:trojan-activity;sid:83682321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.34.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819220/; classtype:trojan-activity;sid:83682320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819219/; classtype:trojan-activity;sid:83682319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.15.143.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819218/; classtype:trojan-activity;sid:83682318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.22.242.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819217/; classtype:trojan-activity;sid:83682317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819216/; classtype:trojan-activity;sid:83682316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.252.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819215/; classtype:trojan-activity;sid:83682315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.59.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819214/; classtype:trojan-activity;sid:83682314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.74.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819213/; classtype:trojan-activity;sid:83682313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.191.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819212/; classtype:trojan-activity;sid:83682312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.254.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819211/; classtype:trojan-activity;sid:83682311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819210/; classtype:trojan-activity;sid:83682310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.207.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819209/; classtype:trojan-activity;sid:83682309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819208/; classtype:trojan-activity;sid:83682308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.59.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819207/; classtype:trojan-activity;sid:83682307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.6.173"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819206/; classtype:trojan-activity;sid:83682306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.80.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819205/; classtype:trojan-activity;sid:83682305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819204/; classtype:trojan-activity;sid:83682304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.63.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819203/; classtype:trojan-activity;sid:83682303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.238.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819202/; classtype:trojan-activity;sid:83682302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.36.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819201/; classtype:trojan-activity;sid:83682301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.132.128.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819200/; classtype:trojan-activity;sid:83682300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.41.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819199/; classtype:trojan-activity;sid:83682299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.207.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819198/; classtype:trojan-activity;sid:83682298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.172.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819197/; classtype:trojan-activity;sid:83682297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.79.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819196/; classtype:trojan-activity;sid:83682296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819195/; classtype:trojan-activity;sid:83682295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.144.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819194/; classtype:trojan-activity;sid:83682294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.244.89.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819193/; classtype:trojan-activity;sid:83682293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.0.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819192/; classtype:trojan-activity;sid:83682292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.254.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819191/; classtype:trojan-activity;sid:83682291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.153.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819190/; classtype:trojan-activity;sid:83682290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.96.104.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819189/; classtype:trojan-activity;sid:83682289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.131.60.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819188/; classtype:trojan-activity;sid:83682288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.207.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819187/; classtype:trojan-activity;sid:83682287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.163.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819186/; classtype:trojan-activity;sid:83682286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.36.177.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819185/; classtype:trojan-activity;sid:83682285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.138.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819183/; classtype:trojan-activity;sid:83682283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.172.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819184/; classtype:trojan-activity;sid:83682284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819182/; classtype:trojan-activity;sid:83682282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.80.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819181/; classtype:trojan-activity;sid:83682281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.180.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819180/; classtype:trojan-activity;sid:83682280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.188.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819179/; classtype:trojan-activity;sid:83682279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.40.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819178/; classtype:trojan-activity;sid:83682278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.1.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819177/; classtype:trojan-activity;sid:83682277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819176/; classtype:trojan-activity;sid:83682276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.246.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819175/; classtype:trojan-activity;sid:83682275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.216.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819174/; classtype:trojan-activity;sid:83682274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.191.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819173/; classtype:trojan-activity;sid:83682273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.63.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819172/; classtype:trojan-activity;sid:83682272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.144.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819171/; classtype:trojan-activity;sid:83682271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.36.177.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819170/; classtype:trojan-activity;sid:83682270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.5.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819169/; classtype:trojan-activity;sid:83682269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.131.60.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819168/; classtype:trojan-activity;sid:83682268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.153.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819167/; classtype:trojan-activity;sid:83682267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819165/; classtype:trojan-activity;sid:83682265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.86.246.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819166/; classtype:trojan-activity;sid:83682266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.140.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819163/; classtype:trojan-activity;sid:83682263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.7.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819164/; classtype:trojan-activity;sid:83682264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.70.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819162/; classtype:trojan-activity;sid:83682262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.163.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819161/; classtype:trojan-activity;sid:83682261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.79.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819160/; classtype:trojan-activity;sid:83682260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.179.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819159/; classtype:trojan-activity;sid:83682259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819158/; classtype:trojan-activity;sid:83682258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.185.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819156/; classtype:trojan-activity;sid:83682256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.246.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819157/; classtype:trojan-activity;sid:83682257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.75.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819155/; classtype:trojan-activity;sid:83682255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819154/; classtype:trojan-activity;sid:83682254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.150.77.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819153/; classtype:trojan-activity;sid:83682253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.249.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819152/; classtype:trojan-activity;sid:83682252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.1.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819151/; classtype:trojan-activity;sid:83682251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.138.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819150/; classtype:trojan-activity;sid:83682250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.100.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819149/; classtype:trojan-activity;sid:83682249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.190.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819148/; classtype:trojan-activity;sid:83682248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819147/; classtype:trojan-activity;sid:83682247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.191.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819146/; classtype:trojan-activity;sid:83682246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.15.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819144/; classtype:trojan-activity;sid:83682244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.226.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819145/; classtype:trojan-activity;sid:83682245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.68.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819143/; classtype:trojan-activity;sid:83682243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.245.77.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819142/; classtype:trojan-activity;sid:83682242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.70.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819141/; classtype:trojan-activity;sid:83682241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.140.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819139/; classtype:trojan-activity;sid:83682239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.92.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819140/; classtype:trojan-activity;sid:83682240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.190.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819138/; classtype:trojan-activity;sid:83682238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.207.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819137/; classtype:trojan-activity;sid:83682237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819136/; classtype:trojan-activity;sid:83682236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.129.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819135/; classtype:trojan-activity;sid:83682235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.243.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819132/; classtype:trojan-activity;sid:83682232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"168.195.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819133/; classtype:trojan-activity;sid:83682233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.187.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819134/; classtype:trojan-activity;sid:83682234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819131/; classtype:trojan-activity;sid:83682231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.113.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819130/; classtype:trojan-activity;sid:83682230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lander/file_294/setup294.exe"; depth:29; endswith; nocase; http.host; content:"palberryslicker.sbs"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819129/; classtype:trojan-activity;sid:83682229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.129.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819128/; classtype:trojan-activity;sid:83682228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server/ww16/appgate2103v01_16.exe"; depth:34; endswith; nocase; http.host; content:"77.221.151.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819127/; classtype:trojan-activity;sid:83682227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.226.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819126/; classtype:trojan-activity;sid:83682226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.96.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819125/; classtype:trojan-activity;sid:83682225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.179.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819124/; classtype:trojan-activity;sid:83682224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.100.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819123/; classtype:trojan-activity;sid:83682223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819122/; classtype:trojan-activity;sid:83682222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.53.55.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819121/; classtype:trojan-activity;sid:83682221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.71.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819120/; classtype:trojan-activity;sid:83682220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.41.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819119/; classtype:trojan-activity;sid:83682219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.129.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819118/; classtype:trojan-activity;sid:83682218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.154.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819117/; classtype:trojan-activity;sid:83682217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.71.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819116/; classtype:trojan-activity;sid:83682216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.68.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819115/; classtype:trojan-activity;sid:83682215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.43.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819114/; classtype:trojan-activity;sid:83682214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819113/; classtype:trojan-activity;sid:83682213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.252.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819112/; classtype:trojan-activity;sid:83682212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.243.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819111/; classtype:trojan-activity;sid:83682211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.245.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819110/; classtype:trojan-activity;sid:83682210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.50.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819109/; classtype:trojan-activity;sid:83682209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.135.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819108/; classtype:trojan-activity;sid:83682208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819107/; classtype:trojan-activity;sid:83682207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.111.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819106/; classtype:trojan-activity;sid:83682206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.105.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819105/; classtype:trojan-activity;sid:83682205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.96.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819104/; classtype:trojan-activity;sid:83682204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.16.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819103/; classtype:trojan-activity;sid:83682203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.248.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819102/; classtype:trojan-activity;sid:83682202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.230.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819101/; classtype:trojan-activity;sid:83682201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.162.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819100/; classtype:trojan-activity;sid:83682200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819099/; classtype:trojan-activity;sid:83682199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.41.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819098/; classtype:trojan-activity;sid:83682198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.43.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819097/; classtype:trojan-activity;sid:83682197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.69.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819096/; classtype:trojan-activity;sid:83682196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819095/; classtype:trojan-activity;sid:83682195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.151.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819093/; classtype:trojan-activity;sid:83682193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.54.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819094/; classtype:trojan-activity;sid:83682194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.189.20.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819092/; classtype:trojan-activity;sid:83682192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.191.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819090/; classtype:trojan-activity;sid:83682190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.66.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819091/; classtype:trojan-activity;sid:83682191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.255.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819089/; classtype:trojan-activity;sid:83682189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.173.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819088/; classtype:trojan-activity;sid:83682188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/walmart3.apk"; depth:13; endswith; nocase; http.host; content:"woermashunfac.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819087/; classtype:trojan-activity;sid:83682187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e5%a4%96%e6%8c%8210.5.apk"; depth:27; endswith; nocase; http.host; content:"woermashunfae.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819086/; classtype:trojan-activity;sid:83682186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819085/; classtype:trojan-activity;sid:83682185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.252.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819084/; classtype:trojan-activity;sid:83682184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.10.91.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819083/; classtype:trojan-activity;sid:83682183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819082/; classtype:trojan-activity;sid:83682182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.16.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819081/; classtype:trojan-activity;sid:83682181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.126.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819080/; classtype:trojan-activity;sid:83682180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819079/; classtype:trojan-activity;sid:83682179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.150.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819076/; classtype:trojan-activity;sid:83682176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.248.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819077/; classtype:trojan-activity;sid:83682177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.230.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819078/; classtype:trojan-activity;sid:83682178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.92.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819075/; classtype:trojan-activity;sid:83682175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819074/; classtype:trojan-activity;sid:83682174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.7.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819073/; classtype:trojan-activity;sid:83682173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.189.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819072/; classtype:trojan-activity;sid:83682172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.100.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819071/; classtype:trojan-activity;sid:83682171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.255.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819070/; classtype:trojan-activity;sid:83682170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.187.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819069/; classtype:trojan-activity;sid:83682169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.115.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819068/; classtype:trojan-activity;sid:83682168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.98.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819067/; classtype:trojan-activity;sid:83682167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.77.239.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819066/; classtype:trojan-activity;sid:83682166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819065/; classtype:trojan-activity;sid:83682165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819063/; classtype:trojan-activity;sid:83682163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.68.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819064/; classtype:trojan-activity;sid:83682164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.63.221.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819062/; classtype:trojan-activity;sid:83682162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819061/; classtype:trojan-activity;sid:83682161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819060/; classtype:trojan-activity;sid:83682160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.80.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819059/; classtype:trojan-activity;sid:83682159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.52.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819058/; classtype:trojan-activity;sid:83682158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.7.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819057/; classtype:trojan-activity;sid:83682157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819056/; classtype:trojan-activity;sid:83682156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.11.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819055/; classtype:trojan-activity;sid:83682155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.87.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819054/; classtype:trojan-activity;sid:83682154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.100.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819053/; classtype:trojan-activity;sid:83682153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.189.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819052/; classtype:trojan-activity;sid:83682152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819051/; classtype:trojan-activity;sid:83682151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.103.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819050/; classtype:trojan-activity;sid:83682150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.81.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819049/; classtype:trojan-activity;sid:83682149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.255.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819048/; classtype:trojan-activity;sid:83682148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.134.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819047/; classtype:trojan-activity;sid:83682147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.115.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819046/; classtype:trojan-activity;sid:83682146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.187.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819045/; classtype:trojan-activity;sid:83682145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819044/; classtype:trojan-activity;sid:83682144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.56.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819043/; classtype:trojan-activity;sid:83682143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.181.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819042/; classtype:trojan-activity;sid:83682142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.242.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819041/; classtype:trojan-activity;sid:83682141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.77.239.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819040/; classtype:trojan-activity;sid:83682140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.246.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819039/; classtype:trojan-activity;sid:83682139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.165.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819036/; classtype:trojan-activity;sid:83682136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.105.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819037/; classtype:trojan-activity;sid:83682137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.97.139.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819038/; classtype:trojan-activity;sid:83682138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.89.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819035/; classtype:trojan-activity;sid:83682135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819034/; classtype:trojan-activity;sid:83682134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.34.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819033/; classtype:trojan-activity;sid:83682133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.81.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819032/; classtype:trojan-activity;sid:83682132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819031/; classtype:trojan-activity;sid:83682131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.138.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819030/; classtype:trojan-activity;sid:83682130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.133.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819028/; classtype:trojan-activity;sid:83682128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.214.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819029/; classtype:trojan-activity;sid:83682129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.220.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819027/; classtype:trojan-activity;sid:83682127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.12.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819026/; classtype:trojan-activity;sid:83682126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.16.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819025/; classtype:trojan-activity;sid:83682125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819024/; classtype:trojan-activity;sid:83682124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.223.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819023/; classtype:trojan-activity;sid:83682123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.221.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819022/; classtype:trojan-activity;sid:83682122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.5.20.167"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819021/; classtype:trojan-activity;sid:83682121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.134.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819020/; classtype:trojan-activity;sid:83682120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.34.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819019/; classtype:trojan-activity;sid:83682119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.238.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819018/; classtype:trojan-activity;sid:83682118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.211.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819017/; classtype:trojan-activity;sid:83682117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.228.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819016/; classtype:trojan-activity;sid:83682116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.116.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819015/; classtype:trojan-activity;sid:83682115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.105.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819014/; classtype:trojan-activity;sid:83682114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.249.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819012/; classtype:trojan-activity;sid:83682112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.103.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819013/; classtype:trojan-activity;sid:83682113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.123.71.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819011/; classtype:trojan-activity;sid:83682111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.255.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819010/; classtype:trojan-activity;sid:83682110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.240.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819009/; classtype:trojan-activity;sid:83682109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.16.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819008/; classtype:trojan-activity;sid:83682108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.223.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819007/; classtype:trojan-activity;sid:83682107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.32.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819005/; classtype:trojan-activity;sid:83682105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.104.220.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819006/; classtype:trojan-activity;sid:83682106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.173.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819004/; classtype:trojan-activity;sid:83682104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.198.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819003/; classtype:trojan-activity;sid:83682103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.139.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819002/; classtype:trojan-activity;sid:83682102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819001/; classtype:trojan-activity;sid:83682101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.238.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819000/; classtype:trojan-activity;sid:83682100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.200.63.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818999/; classtype:trojan-activity;sid:83682099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.185.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818997/; classtype:trojan-activity;sid:83682097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.71.167.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818998/; classtype:trojan-activity;sid:83682098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.237.77.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818995/; classtype:trojan-activity;sid:83682095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.68.17.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818996/; classtype:trojan-activity;sid:83682096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.126.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818992/; classtype:trojan-activity;sid:83682092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.224.100.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818993/; classtype:trojan-activity;sid:83682093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.30.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818994/; classtype:trojan-activity;sid:83682094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"64.89.206.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818990/; classtype:trojan-activity;sid:83682090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.38.91.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818991/; classtype:trojan-activity;sid:83682091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.52.86.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.99.5.210"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818989/; classtype:trojan-activity;sid:83682089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.177.251.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818985/; classtype:trojan-activity;sid:83682085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.241.19.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.30.245.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818987/; classtype:trojan-activity;sid:83682087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.24.13.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818980/; classtype:trojan-activity;sid:83682080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.252.66.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818981/; classtype:trojan-activity;sid:83682081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.191.218.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818982/; classtype:trojan-activity;sid:83682082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.15.92.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.254.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818984/; classtype:trojan-activity;sid:83682084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.38.24.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.69.71.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818968/; classtype:trojan-activity;sid:83682068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.76.195.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818969/; classtype:trojan-activity;sid:83682069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.91.113.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818970/; classtype:trojan-activity;sid:83682070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.50.4.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818971/; classtype:trojan-activity;sid:83682071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.77.34.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818972/; classtype:trojan-activity;sid:83682072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.49.4.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818973/; classtype:trojan-activity;sid:83682073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.71.250.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.140.32.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.67.130.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818976/; classtype:trojan-activity;sid:83682076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.242.106.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818977/; classtype:trojan-activity;sid:83682077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.43.16.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818978/; classtype:trojan-activity;sid:83682078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.211.124.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818979/; classtype:trojan-activity;sid:83682079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.170.168.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818962/; classtype:trojan-activity;sid:83682062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.164.200.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.114.152.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818964/; classtype:trojan-activity;sid:83682064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.141.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818965/; classtype:trojan-activity;sid:83682065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.114.191.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.36.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818955/; classtype:trojan-activity;sid:83682055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.173.60.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818956/; classtype:trojan-activity;sid:83682056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.212.1.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818957/; classtype:trojan-activity;sid:83682057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.11.62.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818958/; classtype:trojan-activity;sid:83682058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.19.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818959/; classtype:trojan-activity;sid:83682059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.75.218.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818960/; classtype:trojan-activity;sid:83682060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.78.185.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818961/; classtype:trojan-activity;sid:83682061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.19.224.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818952/; classtype:trojan-activity;sid:83682052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818953/; classtype:trojan-activity;sid:83682053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"98.14.183.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818954/; classtype:trojan-activity;sid:83682054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.161.231.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818950/; classtype:trojan-activity;sid:83682050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.106.15.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818951/; classtype:trojan-activity;sid:83682051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.130.187.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818945/; classtype:trojan-activity;sid:83682045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.252.69.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.4.143.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818947/; classtype:trojan-activity;sid:83682047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.167.25.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818948/; classtype:trojan-activity;sid:83682048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.67.60.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818949/; classtype:trojan-activity;sid:83682049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.240.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818941/; classtype:trojan-activity;sid:83682041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.119.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818942/; classtype:trojan-activity;sid:83682042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.182.214.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818943/; classtype:trojan-activity;sid:83682043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.207.203.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818944/; classtype:trojan-activity;sid:83682044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.151.142.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818929/; classtype:trojan-activity;sid:83682029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.137.36.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.241.77.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.113.141.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818932/; classtype:trojan-activity;sid:83682032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.182.207.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818933/; classtype:trojan-activity;sid:83682033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.120.179.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818934/; classtype:trojan-activity;sid:83682034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.100.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818935/; classtype:trojan-activity;sid:83682035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.211.112.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818936/; classtype:trojan-activity;sid:83682036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.255.78.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818937/; classtype:trojan-activity;sid:83682037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"75.236.206.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818938/; classtype:trojan-activity;sid:83682038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.207.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818939/; classtype:trojan-activity;sid:83682039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.135.142.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818940/; classtype:trojan-activity;sid:83682040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.21.132.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818922/; classtype:trojan-activity;sid:83682022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.248.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818923/; classtype:trojan-activity;sid:83682023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.160.3.5"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818924/; classtype:trojan-activity;sid:83682024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.43.49.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818925/; classtype:trojan-activity;sid:83682025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.50.148.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818926/; classtype:trojan-activity;sid:83682026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.5.129.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818927/; classtype:trojan-activity;sid:83682027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.240.163.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818928/; classtype:trojan-activity;sid:83682028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.100.49.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818914/; classtype:trojan-activity;sid:83682014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.41.225.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.98.115"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818916/; classtype:trojan-activity;sid:83682016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.156.13.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818918/; classtype:trojan-activity;sid:83682018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.64.200.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818919/; classtype:trojan-activity;sid:83682019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.143.133.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.7.203.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818921/; classtype:trojan-activity;sid:83682021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.61.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818913/; classtype:trojan-activity;sid:83682013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.78.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.73.244.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818912/; classtype:trojan-activity;sid:83682012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.234.251.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818902/; classtype:trojan-activity;sid:83682002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.188.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818903/; classtype:trojan-activity;sid:83682003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.7.203.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818904/; classtype:trojan-activity;sid:83682004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.73.49.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.254.192.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818906/; classtype:trojan-activity;sid:83682006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.70.242.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818907/; classtype:trojan-activity;sid:83682007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.250.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818908/; classtype:trojan-activity;sid:83682008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.40.49.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818909/; classtype:trojan-activity;sid:83682009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.7.143.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818910/; classtype:trojan-activity;sid:83682010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.136.208.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818898/; classtype:trojan-activity;sid:83681998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.202.49.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.113.121.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818900/; classtype:trojan-activity;sid:83682000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.98.254.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818901/; classtype:trojan-activity;sid:83682001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.105.226.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818893/; classtype:trojan-activity;sid:83681993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.143.174.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818894/; classtype:trojan-activity;sid:83681994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.221.90.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818895/; classtype:trojan-activity;sid:83681995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.138.44.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818896/; classtype:trojan-activity;sid:83681996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.159.28.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818897/; classtype:trojan-activity;sid:83681997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.4.18.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818890/; classtype:trojan-activity;sid:83681990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.248.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818891/; classtype:trojan-activity;sid:83681991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.127.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818892/; classtype:trojan-activity;sid:83681992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.133.95.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.57.219.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818885/; classtype:trojan-activity;sid:83681985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.133.58.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818886/; classtype:trojan-activity;sid:83681986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.193.21.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818887/; classtype:trojan-activity;sid:83681987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.10.183.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818888/; classtype:trojan-activity;sid:83681988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.0.69.42"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818889/; classtype:trojan-activity;sid:83681989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.145.239.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818879/; classtype:trojan-activity;sid:83681979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"98.124.87.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818880/; classtype:trojan-activity;sid:83681980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.119.95.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.26.84.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818882/; classtype:trojan-activity;sid:83681982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.79.233.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818883/; classtype:trojan-activity;sid:83681983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.236.93.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818875/; classtype:trojan-activity;sid:83681975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.111.182.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818876/; classtype:trojan-activity;sid:83681976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.232.188.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818877/; classtype:trojan-activity;sid:83681977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.120.28.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818878/; classtype:trojan-activity;sid:83681978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.239.212.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818871/; classtype:trojan-activity;sid:83681971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.255.17.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818872/; classtype:trojan-activity;sid:83681972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.36.20.168"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818873/; classtype:trojan-activity;sid:83681973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.127.112.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.94.9.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818867/; classtype:trojan-activity;sid:83681967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.111.14.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818868/; classtype:trojan-activity;sid:83681968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.249.179.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818869/; classtype:trojan-activity;sid:83681969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.222.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818870/; classtype:trojan-activity;sid:83681970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.215.23.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.127.105.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.111.210.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818858/; classtype:trojan-activity;sid:83681958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"130.43.78.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818859/; classtype:trojan-activity;sid:83681959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.52.20.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818860/; classtype:trojan-activity;sid:83681960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.181.166.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818861/; classtype:trojan-activity;sid:83681961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.248.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818862/; classtype:trojan-activity;sid:83681962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.12.76.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818863/; classtype:trojan-activity;sid:83681963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.31.28.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818864/; classtype:trojan-activity;sid:83681964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.100.63.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818857/; classtype:trojan-activity;sid:83681957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.113.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.40.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.83.97.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818854/; classtype:trojan-activity;sid:83681954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.230.237.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818855/; classtype:trojan-activity;sid:83681955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.193.33.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818856/; classtype:trojan-activity;sid:83681956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.122.210.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818845/; classtype:trojan-activity;sid:83681945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.167.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818846/; classtype:trojan-activity;sid:83681946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.101.187.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818847/; classtype:trojan-activity;sid:83681947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.86.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818848/; classtype:trojan-activity;sid:83681948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.249.179.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818849/; classtype:trojan-activity;sid:83681949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.169.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818850/; classtype:trojan-activity;sid:83681950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.187.36.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818851/; classtype:trojan-activity;sid:83681951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.194.46.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818833/; classtype:trojan-activity;sid:83681933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.248.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818834/; classtype:trojan-activity;sid:83681934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.210.28.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818835/; classtype:trojan-activity;sid:83681935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.210.27.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818836/; classtype:trojan-activity;sid:83681936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.52.94.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818837/; classtype:trojan-activity;sid:83681937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.122.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.246.119.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818839/; classtype:trojan-activity;sid:83681939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.210.35.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818840/; classtype:trojan-activity;sid:83681940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.55.247.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818841/; classtype:trojan-activity;sid:83681941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.162.233.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818842/; classtype:trojan-activity;sid:83681942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"76.76.195.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.188.174.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818844/; classtype:trojan-activity;sid:83681944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.77.128.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818830/; classtype:trojan-activity;sid:83681930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.209.255.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818831/; classtype:trojan-activity;sid:83681931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.176.113.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.203.247.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818827/; classtype:trojan-activity;sid:83681927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.94.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818828/; classtype:trojan-activity;sid:83681928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.25.133.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818829/; classtype:trojan-activity;sid:83681929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.237.197.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818822/; classtype:trojan-activity;sid:83681922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.102.177.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.81.93.24"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818824/; classtype:trojan-activity;sid:83681924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818825/; classtype:trojan-activity;sid:83681925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"136.169.119.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.180.111.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818813/; classtype:trojan-activity;sid:83681913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.86.199.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818814/; classtype:trojan-activity;sid:83681914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"76.125.15.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818815/; classtype:trojan-activity;sid:83681915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.237.25.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818816/; classtype:trojan-activity;sid:83681916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.127.115.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818817/; classtype:trojan-activity;sid:83681917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.127.8.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818818/; classtype:trojan-activity;sid:83681918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.11.92.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818819/; classtype:trojan-activity;sid:83681919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.216.69.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818820/; classtype:trojan-activity;sid:83681920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.60.191.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818821/; classtype:trojan-activity;sid:83681921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.88.126.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818811/; classtype:trojan-activity;sid:83681911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.179.3.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818812/; classtype:trojan-activity;sid:83681912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.186.203.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818808/; classtype:trojan-activity;sid:83681908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.166.244.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818809/; classtype:trojan-activity;sid:83681909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.96.180.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818810/; classtype:trojan-activity;sid:83681910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.110.124.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818795/; classtype:trojan-activity;sid:83681895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.239.218.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818796/; classtype:trojan-activity;sid:83681896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.161.217.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818797/; classtype:trojan-activity;sid:83681897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.145.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.242.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818799/; classtype:trojan-activity;sid:83681899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.40.84.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.242.139.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818801/; classtype:trojan-activity;sid:83681901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.244.26.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818802/; classtype:trojan-activity;sid:83681902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.227.22.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818803/; classtype:trojan-activity;sid:83681903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.62.233.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818804/; classtype:trojan-activity;sid:83681904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.131.216.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818805/; classtype:trojan-activity;sid:83681905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.153.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818806/; classtype:trojan-activity;sid:83681906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.162.187.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818807/; classtype:trojan-activity;sid:83681907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.202.206.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818789/; classtype:trojan-activity;sid:83681889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818790/; classtype:trojan-activity;sid:83681890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.35.199.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818791/; classtype:trojan-activity;sid:83681891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.108.135.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818792/; classtype:trojan-activity;sid:83681892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.203.92.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818793/; classtype:trojan-activity;sid:83681893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.112.124.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818794/; classtype:trojan-activity;sid:83681894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"96.18.165.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818780/; classtype:trojan-activity;sid:83681880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.26.180.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818781/; classtype:trojan-activity;sid:83681881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.149.143.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818782/; classtype:trojan-activity;sid:83681882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"70.119.172.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818783/; classtype:trojan-activity;sid:83681883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.69.151.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818784/; classtype:trojan-activity;sid:83681884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.68.50.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818785/; classtype:trojan-activity;sid:83681885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.219.119.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818786/; classtype:trojan-activity;sid:83681886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"134.249.186.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818787/; classtype:trojan-activity;sid:83681887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.64.8.234"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818788/; classtype:trojan-activity;sid:83681888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.136.240.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818773/; classtype:trojan-activity;sid:83681873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.188.190.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818774/; classtype:trojan-activity;sid:83681874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"130.204.154.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818775/; classtype:trojan-activity;sid:83681875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818776/; classtype:trojan-activity;sid:83681876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"63.78.214.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.114.200.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.115.143.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818779/; classtype:trojan-activity;sid:83681879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.121.207.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818769/; classtype:trojan-activity;sid:83681869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.17.36.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818770/; classtype:trojan-activity;sid:83681870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.166.109.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818771/; classtype:trojan-activity;sid:83681871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.203.218.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.156.22.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818765/; classtype:trojan-activity;sid:83681865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.135.96.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818766/; classtype:trojan-activity;sid:83681866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.124.73.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818767/; classtype:trojan-activity;sid:83681867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.83.245.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818768/; classtype:trojan-activity;sid:83681868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.181.0.20"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818757/; classtype:trojan-activity;sid:83681857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.180.35.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.150.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818759/; classtype:trojan-activity;sid:83681859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.170.118.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818760/; classtype:trojan-activity;sid:83681860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.233.242.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818761/; classtype:trojan-activity;sid:83681861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.127.90.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818762/; classtype:trojan-activity;sid:83681862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.227.118.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818763/; classtype:trojan-activity;sid:83681863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.172.84.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818764/; classtype:trojan-activity;sid:83681864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.207.209.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818756/; classtype:trojan-activity;sid:83681856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.85.48.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818755/; classtype:trojan-activity;sid:83681855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.163.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818753/; classtype:trojan-activity;sid:83681853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.81.131.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818754/; classtype:trojan-activity;sid:83681854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.228.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818752/; classtype:trojan-activity;sid:83681852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818751/; classtype:trojan-activity;sid:83681851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.150.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818749/; classtype:trojan-activity;sid:83681849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.85.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818750/; classtype:trojan-activity;sid:83681850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.221.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818748/; classtype:trojan-activity;sid:83681848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.245.219.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818747/; classtype:trojan-activity;sid:83681847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.236.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818746/; classtype:trojan-activity;sid:83681846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.20.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818745/; classtype:trojan-activity;sid:83681845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.240.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818744/; classtype:trojan-activity;sid:83681844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.83.1.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818743/; classtype:trojan-activity;sid:83681843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818742/; classtype:trojan-activity;sid:83681842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.3.224"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818741/; classtype:trojan-activity;sid:83681841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.79.223.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818740/; classtype:trojan-activity;sid:83681840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.59.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818739/; classtype:trojan-activity;sid:83681839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.183.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818737/; classtype:trojan-activity;sid:83681837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.198.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818738/; classtype:trojan-activity;sid:83681838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.71.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818736/; classtype:trojan-activity;sid:83681836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.156.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818734/; classtype:trojan-activity;sid:83681834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.139.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818735/; classtype:trojan-activity;sid:83681835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818733/; classtype:trojan-activity;sid:83681833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818732/; classtype:trojan-activity;sid:83681832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818731/; classtype:trojan-activity;sid:83681831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.181.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818730/; classtype:trojan-activity;sid:83681830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.52.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818729/; classtype:trojan-activity;sid:83681829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.83.1.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818728/; classtype:trojan-activity;sid:83681828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.70.7.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818727/; classtype:trojan-activity;sid:83681827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818726/; classtype:trojan-activity;sid:83681826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.32.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818725/; classtype:trojan-activity;sid:83681825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.71.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818724/; classtype:trojan-activity;sid:83681824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818723/; classtype:trojan-activity;sid:83681823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.200.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818722/; classtype:trojan-activity;sid:83681822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818721/; classtype:trojan-activity;sid:83681821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.70.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818720/; classtype:trojan-activity;sid:83681820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.174.230.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818719/; classtype:trojan-activity;sid:83681819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.233.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818718/; classtype:trojan-activity;sid:83681818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.230.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818717/; classtype:trojan-activity;sid:83681817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.245.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818715/; classtype:trojan-activity;sid:83681815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.144.229.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818716/; classtype:trojan-activity;sid:83681816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.15.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818714/; classtype:trojan-activity;sid:83681814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.27.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818713/; classtype:trojan-activity;sid:83681813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.48.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818712/; classtype:trojan-activity;sid:83681812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818710/; classtype:trojan-activity;sid:83681810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.143.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818711/; classtype:trojan-activity;sid:83681811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"168.70.7.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818709/; classtype:trojan-activity;sid:83681809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.60.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818708/; classtype:trojan-activity;sid:83681808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.124.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818707/; classtype:trojan-activity;sid:83681807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.170.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818706/; classtype:trojan-activity;sid:83681806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.71.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818705/; classtype:trojan-activity;sid:83681805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.36.177.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818704/; classtype:trojan-activity;sid:83681804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.29.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818703/; classtype:trojan-activity;sid:83681803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.75.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818702/; classtype:trojan-activity;sid:83681802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.180.148.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818700/; classtype:trojan-activity;sid:83681800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.dat"; depth:6; endswith; nocase; http.host; content:"eshoradebitcoin.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818701/; classtype:trojan-activity;sid:83681801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818699/; classtype:trojan-activity;sid:83681799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.169.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818698/; classtype:trojan-activity;sid:83681798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.235.44.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818697/; classtype:trojan-activity;sid:83681797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.216.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818696/; classtype:trojan-activity;sid:83681796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"lrl.register.arpsychotherapy.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818695/; classtype:trojan-activity;sid:83681795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.180.148.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818694/; classtype:trojan-activity;sid:83681794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.70.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818693/; classtype:trojan-activity;sid:83681793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818692/; classtype:trojan-activity;sid:83681792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.83.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818691/; classtype:trojan-activity;sid:83681791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818690/; classtype:trojan-activity;sid:83681790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.33.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818689/; classtype:trojan-activity;sid:83681789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.60.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818688/; classtype:trojan-activity;sid:83681788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.180.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818687/; classtype:trojan-activity;sid:83681787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.160.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818686/; classtype:trojan-activity;sid:83681786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818685/; classtype:trojan-activity;sid:83681785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.124.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818684/; classtype:trojan-activity;sid:83681784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.32.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818683/; classtype:trojan-activity;sid:83681783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.216.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818682/; classtype:trojan-activity;sid:83681782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818681/; classtype:trojan-activity;sid:83681781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.141.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818680/; classtype:trojan-activity;sid:83681780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.235.44.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818679/; classtype:trojan-activity;sid:83681779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.220.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818678/; classtype:trojan-activity;sid:83681778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.49.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818677/; classtype:trojan-activity;sid:83681777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818676/; classtype:trojan-activity;sid:83681776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.177.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818675/; classtype:trojan-activity;sid:83681775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.130.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818674/; classtype:trojan-activity;sid:83681774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818673/; classtype:trojan-activity;sid:83681773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.32.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818672/; classtype:trojan-activity;sid:83681772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.251.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818671/; classtype:trojan-activity;sid:83681771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.151.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818670/; classtype:trojan-activity;sid:83681770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.67.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818669/; classtype:trojan-activity;sid:83681769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.162.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818668/; classtype:trojan-activity;sid:83681768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.11.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818667/; classtype:trojan-activity;sid:83681767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.228.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818665/; classtype:trojan-activity;sid:83681765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.11.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818666/; classtype:trojan-activity;sid:83681766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.49.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818664/; classtype:trojan-activity;sid:83681764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818663/; classtype:trojan-activity;sid:83681763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.130.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818662/; classtype:trojan-activity;sid:83681762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.163.221.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818661/; classtype:trojan-activity;sid:83681761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818660/; classtype:trojan-activity;sid:83681760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818659/; classtype:trojan-activity;sid:83681759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.93.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818658/; classtype:trojan-activity;sid:83681758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.251.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818657/; classtype:trojan-activity;sid:83681757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.218.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818656/; classtype:trojan-activity;sid:83681756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818655/; classtype:trojan-activity;sid:83681755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.172.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818654/; classtype:trojan-activity;sid:83681754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.145.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818653/; classtype:trojan-activity;sid:83681753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.8.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818652/; classtype:trojan-activity;sid:83681752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.11.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818651/; classtype:trojan-activity;sid:83681751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.228.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818650/; classtype:trojan-activity;sid:83681750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.9.246.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818649/; classtype:trojan-activity;sid:83681749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.93.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818648/; classtype:trojan-activity;sid:83681748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818647/; classtype:trojan-activity;sid:83681747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.195.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818646/; classtype:trojan-activity;sid:83681746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818645/; classtype:trojan-activity;sid:83681745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.135.178.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818644/; classtype:trojan-activity;sid:83681744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.26.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818643/; classtype:trojan-activity;sid:83681743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.72.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818642/; classtype:trojan-activity;sid:83681742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.85.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818641/; classtype:trojan-activity;sid:83681741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.181.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818640/; classtype:trojan-activity;sid:83681740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.191.163.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818639/; classtype:trojan-activity;sid:83681739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xpvedyx7g1ye"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818638/; classtype:trojan-activity;sid:83681738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.244.89.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818637/; classtype:trojan-activity;sid:83681737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.210.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818636/; classtype:trojan-activity;sid:83681736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.34.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818635/; classtype:trojan-activity;sid:83681735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.41.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818634/; classtype:trojan-activity;sid:83681734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818633/; classtype:trojan-activity;sid:83681733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.8.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818632/; classtype:trojan-activity;sid:83681732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"164.92.247.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818629/; classtype:trojan-activity;sid:83681729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"164.92.247.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818630/; classtype:trojan-activity;sid:83681730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.72.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818631/; classtype:trojan-activity;sid:83681731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818628/; classtype:trojan-activity;sid:83681728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.85.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818627/; classtype:trojan-activity;sid:83681727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.215.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818626/; classtype:trojan-activity;sid:83681726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.112.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818625/; classtype:trojan-activity;sid:83681725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.187.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818624/; classtype:trojan-activity;sid:83681724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.150.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818623/; classtype:trojan-activity;sid:83681723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.172.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818621/; classtype:trojan-activity;sid:83681721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.72.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818622/; classtype:trojan-activity;sid:83681722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.58.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818620/; classtype:trojan-activity;sid:83681720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818619/; classtype:trojan-activity;sid:83681719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.85.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818618/; classtype:trojan-activity;sid:83681718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.215.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818617/; classtype:trojan-activity;sid:83681717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.180.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818616/; classtype:trojan-activity;sid:83681716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.181.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818615/; classtype:trojan-activity;sid:83681715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.58.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818614/; classtype:trojan-activity;sid:83681714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.135.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818613/; classtype:trojan-activity;sid:83681713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.67.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818612/; classtype:trojan-activity;sid:83681712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.150.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818611/; classtype:trojan-activity;sid:83681711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.172.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818610/; classtype:trojan-activity;sid:83681710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.129.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818609/; classtype:trojan-activity;sid:83681709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.62.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818608/; classtype:trojan-activity;sid:83681708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.112.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818607/; classtype:trojan-activity;sid:83681707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.20.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818606/; classtype:trojan-activity;sid:83681706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818605/; classtype:trojan-activity;sid:83681705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.216.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818604/; classtype:trojan-activity;sid:83681704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.46.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818603/; classtype:trojan-activity;sid:83681703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.234.126.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818602/; classtype:trojan-activity;sid:83681702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.209.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818601/; classtype:trojan-activity;sid:83681701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818600/; classtype:trojan-activity;sid:83681700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.140.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818599/; classtype:trojan-activity;sid:83681699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.209.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818598/; classtype:trojan-activity;sid:83681698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.199.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818596/; classtype:trojan-activity;sid:83681696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.239.49.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818597/; classtype:trojan-activity;sid:83681697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.46.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818595/; classtype:trojan-activity;sid:83681695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.124.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818594/; classtype:trojan-activity;sid:83681694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.24.68.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818593/; classtype:trojan-activity;sid:83681693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818591/; classtype:trojan-activity;sid:83681691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.96.212.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818592/; classtype:trojan-activity;sid:83681692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.4.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818590/; classtype:trojan-activity;sid:83681690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.209.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818589/; classtype:trojan-activity;sid:83681689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.239.49.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818588/; classtype:trojan-activity;sid:83681688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818587/; classtype:trojan-activity;sid:83681687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.21.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818586/; classtype:trojan-activity;sid:83681686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.79.188.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818585/; classtype:trojan-activity;sid:83681685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.199.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818584/; classtype:trojan-activity;sid:83681684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.68.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818583/; classtype:trojan-activity;sid:83681683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.193.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818582/; classtype:trojan-activity;sid:83681682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.191.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818581/; classtype:trojan-activity;sid:83681681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818580/; classtype:trojan-activity;sid:83681680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818579/; classtype:trojan-activity;sid:83681679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818578/; classtype:trojan-activity;sid:83681678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.114.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818577/; classtype:trojan-activity;sid:83681677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818576/; classtype:trojan-activity;sid:83681676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.211.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818575/; classtype:trojan-activity;sid:83681675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.230.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818574/; classtype:trojan-activity;sid:83681674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.85.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818573/; classtype:trojan-activity;sid:83681673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818572/; classtype:trojan-activity;sid:83681672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xnnci6oenkjs"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818571/; classtype:trojan-activity;sid:83681671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.160.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818570/; classtype:trojan-activity;sid:83681670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818569/; classtype:trojan-activity;sid:83681669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.221.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818568/; classtype:trojan-activity;sid:83681668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.242.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818567/; classtype:trojan-activity;sid:83681667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.114.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818566/; classtype:trojan-activity;sid:83681666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.68.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818565/; classtype:trojan-activity;sid:83681665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818564/; classtype:trojan-activity;sid:83681664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818563/; classtype:trojan-activity;sid:83681663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.0.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818562/; classtype:trojan-activity;sid:83681662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818560/; classtype:trojan-activity;sid:83681660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.94.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818561/; classtype:trojan-activity;sid:83681661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"yedva.register.arpsychotherapy.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818559/; classtype:trojan-activity;sid:83681659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.44.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818558/; classtype:trojan-activity;sid:83681658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.230.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818557/; classtype:trojan-activity;sid:83681657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.4.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818556/; classtype:trojan-activity;sid:83681656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xmo4wvzpv3q0"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818554/; classtype:trojan-activity;sid:83681654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.211.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818555/; classtype:trojan-activity;sid:83681655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xjg2pcxxlati"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818553/; classtype:trojan-activity;sid:83681653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"157.211.17.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818552/; classtype:trojan-activity;sid:83681652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.230.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818550/; classtype:trojan-activity;sid:83681650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.71.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818551/; classtype:trojan-activity;sid:83681651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818549/; classtype:trojan-activity;sid:83681649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.94.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818548/; classtype:trojan-activity;sid:83681648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818547/; classtype:trojan-activity;sid:83681647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818546/; classtype:trojan-activity;sid:83681646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.61.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818545/; classtype:trojan-activity;sid:83681645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818544/; classtype:trojan-activity;sid:83681644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.36.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818543/; classtype:trojan-activity;sid:83681643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.160.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818542/; classtype:trojan-activity;sid:83681642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818541/; classtype:trojan-activity;sid:83681641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818540/; classtype:trojan-activity;sid:83681640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818538/; classtype:trojan-activity;sid:83681638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.59.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818539/; classtype:trojan-activity;sid:83681639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.133.184.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818536/; classtype:trojan-activity;sid:83681636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.102.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818537/; classtype:trojan-activity;sid:83681637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.21.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818533/; classtype:trojan-activity;sid:83681633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.146.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818534/; classtype:trojan-activity;sid:83681634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.242.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818535/; classtype:trojan-activity;sid:83681635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.180.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818532/; classtype:trojan-activity;sid:83681632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.21.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818531/; classtype:trojan-activity;sid:83681631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818530/; classtype:trojan-activity;sid:83681630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.230.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818529/; classtype:trojan-activity;sid:83681629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818528/; classtype:trojan-activity;sid:83681628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.230.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818527/; classtype:trojan-activity;sid:83681627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.4.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818526/; classtype:trojan-activity;sid:83681626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818525/; classtype:trojan-activity;sid:83681625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818524/; classtype:trojan-activity;sid:83681624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.144.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818523/; classtype:trojan-activity;sid:83681623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.61.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818521/; classtype:trojan-activity;sid:83681621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.42.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818522/; classtype:trojan-activity;sid:83681622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.103.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818520/; classtype:trojan-activity;sid:83681620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/qq6ah/build.exe"; depth:20; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818519/; classtype:trojan-activity;sid:83681619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.241.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818518/; classtype:trojan-activity;sid:83681618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818517/; classtype:trojan-activity;sid:83681617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.177.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818516/; classtype:trojan-activity;sid:83681616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.205.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818515/; classtype:trojan-activity;sid:83681615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.241.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818514/; classtype:trojan-activity;sid:83681614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818513/; classtype:trojan-activity;sid:83681613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.36.88.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818512/; classtype:trojan-activity;sid:83681612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.190.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818511/; classtype:trojan-activity;sid:83681611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818510/; classtype:trojan-activity;sid:83681610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818509/; classtype:trojan-activity;sid:83681609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.205.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818508/; classtype:trojan-activity;sid:83681608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.255.107.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818507/; classtype:trojan-activity;sid:83681607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.88.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818506/; classtype:trojan-activity;sid:83681606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818505/; classtype:trojan-activity;sid:83681605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.225.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818504/; classtype:trojan-activity;sid:83681604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.230.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818503/; classtype:trojan-activity;sid:83681603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.190.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818502/; classtype:trojan-activity;sid:83681602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.86.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818501/; classtype:trojan-activity;sid:83681601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668776833|3f|hash=0o6pf91bzh66jrdvdr0yhs0vv73fdpmfrsckqwaazuh|7c|26|7c|dl=ph90vp0b08gczph4ge7tw9b9uj3c1wfnc01nfynmnnl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818500/; classtype:trojan-activity;sid:83681600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818499/; classtype:trojan-activity;sid:83681599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.26.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818498/; classtype:trojan-activity;sid:83681598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.124.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818496/; classtype:trojan-activity;sid:83681596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.155.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818497/; classtype:trojan-activity;sid:83681597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.86.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818495/; classtype:trojan-activity;sid:83681595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.88.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818494/; classtype:trojan-activity;sid:83681594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818493/; classtype:trojan-activity;sid:83681593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.33.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818492/; classtype:trojan-activity;sid:83681592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.57.250.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818491/; classtype:trojan-activity;sid:83681591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.66.167.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818490/; classtype:trojan-activity;sid:83681590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.117.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818489/; classtype:trojan-activity;sid:83681589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818488/; classtype:trojan-activity;sid:83681588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"168.195.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818487/; classtype:trojan-activity;sid:83681587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.36.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818486/; classtype:trojan-activity;sid:83681586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.234.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818484/; classtype:trojan-activity;sid:83681584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.226.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818485/; classtype:trojan-activity;sid:83681585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818482/; classtype:trojan-activity;sid:83681582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818483/; classtype:trojan-activity;sid:83681583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.78.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818481/; classtype:trojan-activity;sid:83681581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.157.101.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818480/; classtype:trojan-activity;sid:83681580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.73.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818479/; classtype:trojan-activity;sid:83681579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.157.101.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818478/; classtype:trojan-activity;sid:83681578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.153.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818477/; classtype:trojan-activity;sid:83681577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.36.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818476/; classtype:trojan-activity;sid:83681576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.139.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818475/; classtype:trojan-activity;sid:83681575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818474/; classtype:trojan-activity;sid:83681574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.219.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818473/; classtype:trojan-activity;sid:83681573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.41.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818472/; classtype:trojan-activity;sid:83681572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.55.53.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818471/; classtype:trojan-activity;sid:83681571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.195.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818470/; classtype:trojan-activity;sid:83681570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818469/; classtype:trojan-activity;sid:83681569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.65.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818468/; classtype:trojan-activity;sid:83681568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818467/; classtype:trojan-activity;sid:83681567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818466/; classtype:trojan-activity;sid:83681566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.62.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818465/; classtype:trojan-activity;sid:83681565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.95.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818464/; classtype:trojan-activity;sid:83681564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.93.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818463/; classtype:trojan-activity;sid:83681563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.40.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818462/; classtype:trojan-activity;sid:83681562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.197.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818461/; classtype:trojan-activity;sid:83681561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.149.139.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818460/; classtype:trojan-activity;sid:83681560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.151.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818459/; classtype:trojan-activity;sid:83681559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.164.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818458/; classtype:trojan-activity;sid:83681558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818457/; classtype:trojan-activity;sid:83681557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.192.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818456/; classtype:trojan-activity;sid:83681556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818455/; classtype:trojan-activity;sid:83681555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.177.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818454/; classtype:trojan-activity;sid:83681554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.95.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818453/; classtype:trojan-activity;sid:83681553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.188.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818452/; classtype:trojan-activity;sid:83681552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818451/; classtype:trojan-activity;sid:83681551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.162.73.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818450/; classtype:trojan-activity;sid:83681550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818448/; classtype:trojan-activity;sid:83681548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.164.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818449/; classtype:trojan-activity;sid:83681549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818447/; classtype:trojan-activity;sid:83681547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ib/insetto-arm"; depth:15; endswith; nocase; http.host; content:"80.66.79.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818445/; classtype:trojan-activity;sid:83681545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ib/insetto-arm7"; depth:16; endswith; nocase; http.host; content:"80.66.79.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818446/; classtype:trojan-activity;sid:83681546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.199.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818444/; classtype:trojan-activity;sid:83681544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.75.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818443/; classtype:trojan-activity;sid:83681543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.124.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818442/; classtype:trojan-activity;sid:83681542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.177.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818441/; classtype:trojan-activity;sid:83681541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.20.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818440/; classtype:trojan-activity;sid:83681540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.0.41"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818439/; classtype:trojan-activity;sid:83681539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.34.245.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818438/; classtype:trojan-activity;sid:83681538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.216.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818437/; classtype:trojan-activity;sid:83681537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818436/; classtype:trojan-activity;sid:83681536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdt/kardinaliteter.pfb"; depth:24; endswith; nocase; http.host; content:"originalconceptsinc.ru.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818434/; classtype:trojan-activity;sid:83681534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdt/wgjohjjdeibszwztvukrgp104.bin"; depth:35; endswith; nocase; http.host; content:"originalconceptsinc.ru.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818435/; classtype:trojan-activity;sid:83681535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdt/smutching169.toc"; depth:22; endswith; nocase; http.host; content:"originalconceptsinc.ru.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818432/; classtype:trojan-activity;sid:83681532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdt/krre.pfb"; depth:14; endswith; nocase; http.host; content:"originalconceptsinc.ru.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818433/; classtype:trojan-activity;sid:83681533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818431/; classtype:trojan-activity;sid:83681531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icjfpydkbweqyez252.bin"; depth:23; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818429/; classtype:trojan-activity;sid:83681529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skabs.asd"; depth:10; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818430/; classtype:trojan-activity;sid:83681530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.40.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818428/; classtype:trojan-activity;sid:83681528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818427/; classtype:trojan-activity;sid:83681527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.20.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818426/; classtype:trojan-activity;sid:83681526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.180.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818425/; classtype:trojan-activity;sid:83681525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.27.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818424/; classtype:trojan-activity;sid:83681524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.183.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818423/; classtype:trojan-activity;sid:83681523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"203.55.81.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818421/; classtype:trojan-activity;sid:83681521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan.sh"; depth:8; endswith; nocase; http.host; content:"203.55.81.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818422/; classtype:trojan-activity;sid:83681522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telrand"; depth:8; endswith; nocase; http.host; content:"203.55.81.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818420/; classtype:trojan-activity;sid:83681520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.223.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818419/; classtype:trojan-activity;sid:83681519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.0.41"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818418/; classtype:trojan-activity;sid:83681518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.75.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818417/; classtype:trojan-activity;sid:83681517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.230.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818416/; classtype:trojan-activity;sid:83681516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.172.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818415/; classtype:trojan-activity;sid:83681515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.100.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818414/; classtype:trojan-activity;sid:83681514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.235.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818413/; classtype:trojan-activity;sid:83681513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.174.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818412/; classtype:trojan-activity;sid:83681512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668771194|3f|hash=7dzzfngnmhfnf8ukhz88ssjwzznhzjiekwoi1nqnlbw|7c|26|7c|dl=jwd31uuzgmzfetvrfugpnufocmlmkpeyfbkel3wqpyk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818411/; classtype:trojan-activity;sid:83681511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818410/; classtype:trojan-activity;sid:83681510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.147.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818409/; classtype:trojan-activity;sid:83681509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.79.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818408/; classtype:trojan-activity;sid:83681508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818406/; classtype:trojan-activity;sid:83681506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818407/; classtype:trojan-activity;sid:83681507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818405/; classtype:trojan-activity;sid:83681505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.86.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818403/; classtype:trojan-activity;sid:83681503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.60.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818404/; classtype:trojan-activity;sid:83681504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.183.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818402/; classtype:trojan-activity;sid:83681502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.146.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818401/; classtype:trojan-activity;sid:83681501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818400/; classtype:trojan-activity;sid:83681500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818399/; classtype:trojan-activity;sid:83681499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.171.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818398/; classtype:trojan-activity;sid:83681498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.74.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818397/; classtype:trojan-activity;sid:83681497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.0.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818396/; classtype:trojan-activity;sid:83681496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.174.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818395/; classtype:trojan-activity;sid:83681495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.235.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818392/; classtype:trojan-activity;sid:83681492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.165.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818393/; classtype:trojan-activity;sid:83681493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.172.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818394/; classtype:trojan-activity;sid:83681494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.147.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818391/; classtype:trojan-activity;sid:83681491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818390/; classtype:trojan-activity;sid:83681490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.241.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818389/; classtype:trojan-activity;sid:83681489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818388/; classtype:trojan-activity;sid:83681488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.22.83.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818387/; classtype:trojan-activity;sid:83681487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.246.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818386/; classtype:trojan-activity;sid:83681486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.83.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818385/; classtype:trojan-activity;sid:83681485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.172.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818384/; classtype:trojan-activity;sid:83681484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668769608|3f|hash=ejk4iigro9hmpokfxxqpllin8ksp1vifjqkzbhfkhvw|7c|26|7c|dl=hyywndlgielg7pw0rovy1vyo2mgni54bhgoq6olb9px|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818383/; classtype:trojan-activity;sid:83681483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.103.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818382/; classtype:trojan-activity;sid:83681482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.60.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818381/; classtype:trojan-activity;sid:83681481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xtqdr054ijr6"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818380/; classtype:trojan-activity;sid:83681480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.149.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818379/; classtype:trojan-activity;sid:83681479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.0.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818378/; classtype:trojan-activity;sid:83681478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.17.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818377/; classtype:trojan-activity;sid:83681477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.60.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818376/; classtype:trojan-activity;sid:83681476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/android"; depth:14; endswith; nocase; http.host; content:"bn.networkbn.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818375/; classtype:trojan-activity;sid:83681475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.188.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818374/; classtype:trojan-activity;sid:83681474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/killer"; depth:13; endswith; nocase; http.host; content:"bn.networkbn.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818372/; classtype:trojan-activity;sid:83681472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/b"; depth:8; endswith; nocase; http.host; content:"bn.networkbn.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818373/; classtype:trojan-activity;sid:83681473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/android"; depth:14; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818371/; classtype:trojan-activity;sid:83681471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/b"; depth:8; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818369/; classtype:trojan-activity;sid:83681469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/killer"; depth:13; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818370/; classtype:trojan-activity;sid:83681470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.29.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818368/; classtype:trojan-activity;sid:83681468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.208.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818367/; classtype:trojan-activity;sid:83681467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.22.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818366/; classtype:trojan-activity;sid:83681466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.234.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818365/; classtype:trojan-activity;sid:83681465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.233.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818364/; classtype:trojan-activity;sid:83681464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.178.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818363/; classtype:trojan-activity;sid:83681463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.22.83.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818362/; classtype:trojan-activity;sid:83681462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.8.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818361/; classtype:trojan-activity;sid:83681461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.103.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818360/; classtype:trojan-activity;sid:83681460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.165.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818359/; classtype:trojan-activity;sid:83681459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.43.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818358/; classtype:trojan-activity;sid:83681458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.3.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818357/; classtype:trojan-activity;sid:83681457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"40.133.224.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818356/; classtype:trojan-activity;sid:83681456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.199.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818355/; classtype:trojan-activity;sid:83681455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.227.235.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818354/; classtype:trojan-activity;sid:83681454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.25.216.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818353/; classtype:trojan-activity;sid:83681453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.227.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818352/; classtype:trojan-activity;sid:83681452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.33.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818351/; classtype:trojan-activity;sid:83681451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.195.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818350/; classtype:trojan-activity;sid:83681450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.210.52.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818349/; classtype:trojan-activity;sid:83681449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.54.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818348/; classtype:trojan-activity;sid:83681448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.43.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818347/; classtype:trojan-activity;sid:83681447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818344/; classtype:trojan-activity;sid:83681444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818345/; classtype:trojan-activity;sid:83681445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818346/; classtype:trojan-activity;sid:83681446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.59.236.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818343/; classtype:trojan-activity;sid:83681443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818342/; classtype:trojan-activity;sid:83681442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.5.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818341/; classtype:trojan-activity;sid:83681441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818340/; classtype:trojan-activity;sid:83681440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.149.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818339/; classtype:trojan-activity;sid:83681439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.210.52.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818338/; classtype:trojan-activity;sid:83681438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.149.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818337/; classtype:trojan-activity;sid:83681437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.114.87.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818336/; classtype:trojan-activity;sid:83681436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.182.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818335/; classtype:trojan-activity;sid:83681435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.186.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818333/; classtype:trojan-activity;sid:83681433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.61.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818334/; classtype:trojan-activity;sid:83681434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//faith.mips"; depth:12; endswith; nocase; http.host; content:"91.92.254.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818332/; classtype:trojan-activity;sid:83681432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.125.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818331/; classtype:trojan-activity;sid:83681431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.228.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818330/; classtype:trojan-activity;sid:83681430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.80.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818328/; classtype:trojan-activity;sid:83681428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.223.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818329/; classtype:trojan-activity;sid:83681429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818327/; classtype:trojan-activity;sid:83681427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.161.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818326/; classtype:trojan-activity;sid:83681426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.108.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818325/; classtype:trojan-activity;sid:83681425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.82.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818324/; classtype:trojan-activity;sid:83681424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818323/; classtype:trojan-activity;sid:83681423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.182.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818322/; classtype:trojan-activity;sid:83681422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.212.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818321/; classtype:trojan-activity;sid:83681421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.186.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818320/; classtype:trojan-activity;sid:83681420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.98.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818319/; classtype:trojan-activity;sid:83681419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.217.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818318/; classtype:trojan-activity;sid:83681418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.228.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818317/; classtype:trojan-activity;sid:83681417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/responsibilityleadpro.exe"; depth:26; endswith; nocase; http.host; content:"94.156.65.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818314/; classtype:trojan-activity;sid:83681414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phantom.exe"; depth:12; endswith; nocase; http.host; content:"94.156.65.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818315/; classtype:trojan-activity;sid:83681415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient.exe"; depth:12; endswith; nocase; http.host; content:"94.156.65.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818316/; classtype:trojan-activity;sid:83681416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.210.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818313/; classtype:trojan-activity;sid:83681413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.232.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818312/; classtype:trojan-activity;sid:83681412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.138.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818311/; classtype:trojan-activity;sid:83681411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818310/; classtype:trojan-activity;sid:83681410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818309/; classtype:trojan-activity;sid:83681409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.241.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818308/; classtype:trojan-activity;sid:83681408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818307/; classtype:trojan-activity;sid:83681407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.93.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818306/; classtype:trojan-activity;sid:83681406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.12.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818305/; classtype:trojan-activity;sid:83681405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818304/; classtype:trojan-activity;sid:83681404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.206.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818303/; classtype:trojan-activity;sid:83681403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.255.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818302/; classtype:trojan-activity;sid:83681402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.60.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818301/; classtype:trojan-activity;sid:83681401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.243.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818300/; classtype:trojan-activity;sid:83681400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.232.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818299/; classtype:trojan-activity;sid:83681399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hatthgola.vmp.dll"; depth:18; endswith; nocase; http.host; content:"204.12.199.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818298/; classtype:trojan-activity;sid:83681398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.138.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818296/; classtype:trojan-activity;sid:83681396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.38.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818297/; classtype:trojan-activity;sid:83681397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.175.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818295/; classtype:trojan-activity;sid:83681395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.167.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818294/; classtype:trojan-activity;sid:83681394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"151.232.9.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818293/; classtype:trojan-activity;sid:83681393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.79.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818292/; classtype:trojan-activity;sid:83681392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.24.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818291/; classtype:trojan-activity;sid:83681391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818290/; classtype:trojan-activity;sid:83681390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.211.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818289/; classtype:trojan-activity;sid:83681389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818288/; classtype:trojan-activity;sid:83681388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.29.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818287/; classtype:trojan-activity;sid:83681387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.206.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818286/; classtype:trojan-activity;sid:83681386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.111.182.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818285/; classtype:trojan-activity;sid:83681385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.59.153.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818284/; classtype:trojan-activity;sid:83681384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.193.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818282/; classtype:trojan-activity;sid:83681382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818283/; classtype:trojan-activity;sid:83681383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.43.6.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818281/; classtype:trojan-activity;sid:83681381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.102.18.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818280/; classtype:trojan-activity;sid:83681380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.79.114.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818276/; classtype:trojan-activity;sid:83681376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.102.18.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818277/; classtype:trojan-activity;sid:83681377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.172.144.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818278/; classtype:trojan-activity;sid:83681378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.230.159.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818279/; classtype:trojan-activity;sid:83681379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.69.219.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818271/; classtype:trojan-activity;sid:83681371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.43.7.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818272/; classtype:trojan-activity;sid:83681372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.70.147.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818273/; classtype:trojan-activity;sid:83681373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.111.183.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818274/; classtype:trojan-activity;sid:83681374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.111.183.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818275/; classtype:trojan-activity;sid:83681375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.254.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818269/; classtype:trojan-activity;sid:83681369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.254.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818270/; classtype:trojan-activity;sid:83681370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.88.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818268/; classtype:trojan-activity;sid:83681368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.61.146.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818266/; classtype:trojan-activity;sid:83681366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.224.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818267/; classtype:trojan-activity;sid:83681367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818265/; classtype:trojan-activity;sid:83681365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.38.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818264/; classtype:trojan-activity;sid:83681364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.211.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818262/; classtype:trojan-activity;sid:83681362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.42.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818263/; classtype:trojan-activity;sid:83681363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.109.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818261/; classtype:trojan-activity;sid:83681361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.138.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818260/; classtype:trojan-activity;sid:83681360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.175.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818259/; classtype:trojan-activity;sid:83681359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.9.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818258/; classtype:trojan-activity;sid:83681358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.222.237.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818257/; classtype:trojan-activity;sid:83681357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.181.226.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818256/; classtype:trojan-activity;sid:83681356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818255/; classtype:trojan-activity;sid:83681355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.148.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818254/; classtype:trojan-activity;sid:83681354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.19.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818253/; classtype:trojan-activity;sid:83681353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.202.205.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818251/; classtype:trojan-activity;sid:83681351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.205.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818252/; classtype:trojan-activity;sid:83681352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.22.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818250/; classtype:trojan-activity;sid:83681350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.203.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818249/; classtype:trojan-activity;sid:83681349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818248/; classtype:trojan-activity;sid:83681348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.21.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818247/; classtype:trojan-activity;sid:83681347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818246/; classtype:trojan-activity;sid:83681346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818245/; classtype:trojan-activity;sid:83681345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818244/; classtype:trojan-activity;sid:83681344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.227.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818243/; classtype:trojan-activity;sid:83681343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.146.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818242/; classtype:trojan-activity;sid:83681342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.42.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818241/; classtype:trojan-activity;sid:83681341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.105.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818240/; classtype:trojan-activity;sid:83681340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.150.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818239/; classtype:trojan-activity;sid:83681339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.231.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818237/; classtype:trojan-activity;sid:83681337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.108.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818238/; classtype:trojan-activity;sid:83681338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.98.123.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818233/; classtype:trojan-activity;sid:83681333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.198.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818234/; classtype:trojan-activity;sid:83681334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.94.37.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818235/; classtype:trojan-activity;sid:83681335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.174.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818236/; classtype:trojan-activity;sid:83681336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.191.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818231/; classtype:trojan-activity;sid:83681331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.81.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818232/; classtype:trojan-activity;sid:83681332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.251.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818229/; classtype:trojan-activity;sid:83681329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.95.48.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818230/; classtype:trojan-activity;sid:83681330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.150.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818227/; classtype:trojan-activity;sid:83681327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818228/; classtype:trojan-activity;sid:83681328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.70.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818225/; classtype:trojan-activity;sid:83681325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818226/; classtype:trojan-activity;sid:83681326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.53.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818224/; classtype:trojan-activity;sid:83681324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.93.219.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818223/; classtype:trojan-activity;sid:83681323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.150.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818222/; classtype:trojan-activity;sid:83681322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.224.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818221/; classtype:trojan-activity;sid:83681321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.7.21"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818220/; classtype:trojan-activity;sid:83681320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.133.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818218/; classtype:trojan-activity;sid:83681318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.75.60.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818219/; classtype:trojan-activity;sid:83681319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.168.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818217/; classtype:trojan-activity;sid:83681317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.216.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818215/; classtype:trojan-activity;sid:83681315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.88.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818216/; classtype:trojan-activity;sid:83681316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.233.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818214/; classtype:trojan-activity;sid:83681314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.21.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818213/; classtype:trojan-activity;sid:83681313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.111.26.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818212/; classtype:trojan-activity;sid:83681312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.70.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818210/; classtype:trojan-activity;sid:83681310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.203.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818211/; classtype:trojan-activity;sid:83681311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.203.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818209/; classtype:trojan-activity;sid:83681309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.230.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818208/; classtype:trojan-activity;sid:83681308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.33.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818207/; classtype:trojan-activity;sid:83681307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.224.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818206/; classtype:trojan-activity;sid:83681306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818205/; classtype:trojan-activity;sid:83681305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.133.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818204/; classtype:trojan-activity;sid:83681304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818203/; classtype:trojan-activity;sid:83681303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.230.187.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818202/; classtype:trojan-activity;sid:83681302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818201/; classtype:trojan-activity;sid:83681301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818200/; classtype:trojan-activity;sid:83681300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.232.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818199/; classtype:trojan-activity;sid:83681299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.7.182"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818198/; classtype:trojan-activity;sid:83681298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.104.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818197/; classtype:trojan-activity;sid:83681297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.59.178.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818194/; classtype:trojan-activity;sid:83681294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.228.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818195/; classtype:trojan-activity;sid:83681295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.177.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818196/; classtype:trojan-activity;sid:83681296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.203.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818193/; classtype:trojan-activity;sid:83681293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.33.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818192/; classtype:trojan-activity;sid:83681292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818191/; classtype:trojan-activity;sid:83681291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.222.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818190/; classtype:trojan-activity;sid:83681290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.241.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818189/; classtype:trojan-activity;sid:83681289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.149.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818188/; classtype:trojan-activity;sid:83681288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86"; depth:10; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818185/; classtype:trojan-activity;sid:83681285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86_64"; depth:13; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818186/; classtype:trojan-activity;sid:83681286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mips"; depth:11; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818187/; classtype:trojan-activity;sid:83681287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm5"; depth:11; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818182/; classtype:trojan-activity;sid:83681282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mpsl"; depth:11; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818183/; classtype:trojan-activity;sid:83681283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm7"; depth:11; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818184/; classtype:trojan-activity;sid:83681284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.sh4"; depth:10; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818176/; classtype:trojan-activity;sid:83681276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm6"; depth:11; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818177/; classtype:trojan-activity;sid:83681277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.spc"; depth:10; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818178/; classtype:trojan-activity;sid:83681278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.m68k"; depth:11; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818179/; classtype:trojan-activity;sid:83681279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm"; depth:10; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818180/; classtype:trojan-activity;sid:83681280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.ppc"; depth:10; endswith; nocase; http.host; content:"103.174.73.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818181/; classtype:trojan-activity;sid:83681281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.222.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818175/; classtype:trojan-activity;sid:83681275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818173/; classtype:trojan-activity;sid:83681273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.153.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818174/; classtype:trojan-activity;sid:83681274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818172/; classtype:trojan-activity;sid:83681272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.232.31.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818171/; classtype:trojan-activity;sid:83681271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.183.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818170/; classtype:trojan-activity;sid:83681270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.0.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818169/; classtype:trojan-activity;sid:83681269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.241.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818168/; classtype:trojan-activity;sid:83681268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.233.211.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818167/; classtype:trojan-activity;sid:83681267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.237.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818165/; classtype:trojan-activity;sid:83681265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818166/; classtype:trojan-activity;sid:83681266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.239.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818164/; classtype:trojan-activity;sid:83681264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.38.205.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818163/; classtype:trojan-activity;sid:83681263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.107.14.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818162/; classtype:trojan-activity;sid:83681262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818161/; classtype:trojan-activity;sid:83681261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.62.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818160/; classtype:trojan-activity;sid:83681260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.183.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818159/; classtype:trojan-activity;sid:83681259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.36.88.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818158/; classtype:trojan-activity;sid:83681258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818157/; classtype:trojan-activity;sid:83681257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.192.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818156/; classtype:trojan-activity;sid:83681256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.101.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818155/; classtype:trojan-activity;sid:83681255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.149.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818154/; classtype:trojan-activity;sid:83681254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.237.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818153/; classtype:trojan-activity;sid:83681253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818152/; classtype:trojan-activity;sid:83681252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.138.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818151/; classtype:trojan-activity;sid:83681251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.239.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818150/; classtype:trojan-activity;sid:83681250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.182.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818149/; classtype:trojan-activity;sid:83681249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.107.14.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818148/; classtype:trojan-activity;sid:83681248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.217.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818147/; classtype:trojan-activity;sid:83681247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.113.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818146/; classtype:trojan-activity;sid:83681246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.182.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818145/; classtype:trojan-activity;sid:83681245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.208.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818144/; classtype:trojan-activity;sid:83681244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.16.82.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818143/; classtype:trojan-activity;sid:83681243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.95.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818141/; classtype:trojan-activity;sid:83681241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.149.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818142/; classtype:trojan-activity;sid:83681242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.118.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818140/; classtype:trojan-activity;sid:83681240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.183.219.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818139/; classtype:trojan-activity;sid:83681239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.191.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818136/; classtype:trojan-activity;sid:83681236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.132.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818137/; classtype:trojan-activity;sid:83681237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.253.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818138/; classtype:trojan-activity;sid:83681238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.30.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818135/; classtype:trojan-activity;sid:83681235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"156.155.112.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818134/; classtype:trojan-activity;sid:83681234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.248.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818133/; classtype:trojan-activity;sid:83681233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.69.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818132/; classtype:trojan-activity;sid:83681232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818127/; classtype:trojan-activity;sid:83681227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818128/; classtype:trojan-activity;sid:83681228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm7"; depth:10; endswith; nocase; http.host; content:"93.123.85.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818129/; classtype:trojan-activity;sid:83681229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm7"; depth:10; endswith; nocase; http.host; content:"what.ravec2.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818130/; classtype:trojan-activity;sid:83681230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818131/; classtype:trojan-activity;sid:83681231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818123/; classtype:trojan-activity;sid:83681223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818124/; classtype:trojan-activity;sid:83681224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818125/; classtype:trojan-activity;sid:83681225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818126/; classtype:trojan-activity;sid:83681226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818114/; classtype:trojan-activity;sid:83681214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818115/; classtype:trojan-activity;sid:83681215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.m68k"; depth:10; endswith; nocase; http.host; content:"93.123.85.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818116/; classtype:trojan-activity;sid:83681216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm"; depth:9; endswith; nocase; http.host; content:"what.ravec2.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818117/; classtype:trojan-activity;sid:83681217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818118/; classtype:trojan-activity;sid:83681218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.149.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818119/; classtype:trojan-activity;sid:83681219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.spc"; depth:9; endswith; nocase; http.host; content:"93.123.85.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818120/; classtype:trojan-activity;sid:83681220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.m68k"; depth:10; endswith; nocase; http.host; content:"what.ravec2.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818121/; classtype:trojan-activity;sid:83681221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.spc"; depth:9; endswith; nocase; http.host; content:"what.ravec2.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818122/; classtype:trojan-activity;sid:83681222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818112/; classtype:trojan-activity;sid:83681212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"5.182.210.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818113/; classtype:trojan-activity;sid:83681213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm"; depth:9; endswith; nocase; http.host; content:"93.123.85.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818111/; classtype:trojan-activity;sid:83681211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818110/; classtype:trojan-activity;sid:83681210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818109/; classtype:trojan-activity;sid:83681209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.87.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818108/; classtype:trojan-activity;sid:83681208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.247.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818107/; classtype:trojan-activity;sid:83681207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.133.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818105/; classtype:trojan-activity;sid:83681205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818106/; classtype:trojan-activity;sid:83681206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.6.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818104/; classtype:trojan-activity;sid:83681204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snusikod/fac/raw/main/dfwa.exe"; depth:31; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818103/; classtype:trojan-activity;sid:83681203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.133.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818102/; classtype:trojan-activity;sid:83681202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818099/; classtype:trojan-activity;sid:83681199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818100/; classtype:trojan-activity;sid:83681200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818101/; classtype:trojan-activity;sid:83681201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818096/; classtype:trojan-activity;sid:83681196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86_64"; depth:12; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818097/; classtype:trojan-activity;sid:83681197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mips"; depth:10; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818098/; classtype:trojan-activity;sid:83681198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818093/; classtype:trojan-activity;sid:83681193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm6"; depth:10; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818094/; classtype:trojan-activity;sid:83681194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm5"; depth:10; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818095/; classtype:trojan-activity;sid:83681195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.ppc"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818087/; classtype:trojan-activity;sid:83681187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.spc"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818088/; classtype:trojan-activity;sid:83681188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mpsl"; depth:10; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818089/; classtype:trojan-activity;sid:83681189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.sh4"; depth:9; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818090/; classtype:trojan-activity;sid:83681190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.m68k"; depth:10; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818091/; classtype:trojan-activity;sid:83681191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm7"; depth:10; endswith; nocase; http.host; content:"legendsworld.in"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818092/; classtype:trojan-activity;sid:83681192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818083/; classtype:trojan-activity;sid:83681183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm7"; depth:10; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818084/; classtype:trojan-activity;sid:83681184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86_64"; depth:12; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818085/; classtype:trojan-activity;sid:83681185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mips"; depth:10; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818086/; classtype:trojan-activity;sid:83681186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.sh4"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818079/; classtype:trojan-activity;sid:83681179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mpsl"; depth:10; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818080/; classtype:trojan-activity;sid:83681180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm6"; depth:10; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818081/; classtype:trojan-activity;sid:83681181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm5"; depth:10; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818082/; classtype:trojan-activity;sid:83681182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818075/; classtype:trojan-activity;sid:83681175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.m68k"; depth:10; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818076/; classtype:trojan-activity;sid:83681176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.ppc"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818077/; classtype:trojan-activity;sid:83681177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.spc"; depth:9; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818078/; classtype:trojan-activity;sid:83681178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818073/; classtype:trojan-activity;sid:83681173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818074/; classtype:trojan-activity;sid:83681174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"lon.vani.ovh"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818072/; classtype:trojan-activity;sid:83681172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.mips"; depth:11; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818069/; classtype:trojan-activity;sid:83681169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.x86_64"; depth:13; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818070/; classtype:trojan-activity;sid:83681170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.arm7"; depth:11; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818071/; classtype:trojan-activity;sid:83681171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.arm5"; depth:11; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818067/; classtype:trojan-activity;sid:83681167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.x86"; depth:10; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818068/; classtype:trojan-activity;sid:83681168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.spc"; depth:10; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818063/; classtype:trojan-activity;sid:83681163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.sh4"; depth:10; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818064/; classtype:trojan-activity;sid:83681164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.m68k"; depth:11; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818065/; classtype:trojan-activity;sid:83681165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.mpsl"; depth:11; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818066/; classtype:trojan-activity;sid:83681166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.ppc"; depth:10; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818060/; classtype:trojan-activity;sid:83681160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.arm6"; depth:11; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818061/; classtype:trojan-activity;sid:83681161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vlxx.arm"; depth:10; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818062/; classtype:trojan-activity;sid:83681162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//c.sh"; depth:6; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818057/; classtype:trojan-activity;sid:83681157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//w.sh"; depth:6; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818058/; classtype:trojan-activity;sid:83681158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//wget.sh"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818059/; classtype:trojan-activity;sid:83681159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.149.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818056/; classtype:trojan-activity;sid:83681156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.33.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818055/; classtype:trojan-activity;sid:83681155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.238.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818054/; classtype:trojan-activity;sid:83681154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.29.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818053/; classtype:trojan-activity;sid:83681153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.198.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818052/; classtype:trojan-activity;sid:83681152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.mips"; depth:11; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818051/; classtype:trojan-activity;sid:83681151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.arm"; depth:10; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818050/; classtype:trojan-activity;sid:83681150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.arm5"; depth:11; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818049/; classtype:trojan-activity;sid:83681149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.arm"; depth:10; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818045/; classtype:trojan-activity;sid:83681145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.m68k"; depth:11; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818046/; classtype:trojan-activity;sid:83681146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.mpsl"; depth:11; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818047/; classtype:trojan-activity;sid:83681147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.arm7"; depth:11; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818048/; classtype:trojan-activity;sid:83681148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.arm6"; depth:11; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818044/; classtype:trojan-activity;sid:83681144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.ppc"; depth:10; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818042/; classtype:trojan-activity;sid:83681142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.x86"; depth:10; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818043/; classtype:trojan-activity;sid:83681143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.sh4"; depth:10; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818040/; classtype:trojan-activity;sid:83681140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.mips"; depth:11; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818041/; classtype:trojan-activity;sid:83681141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.arm7"; depth:11; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818037/; classtype:trojan-activity;sid:83681137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.ppc"; depth:10; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818038/; classtype:trojan-activity;sid:83681138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.x86_64"; depth:13; endswith; nocase; http.host; content:"proxy.heleh.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818039/; classtype:trojan-activity;sid:83681139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.arm5"; depth:11; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818033/; classtype:trojan-activity;sid:83681133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.m68k"; depth:11; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818034/; classtype:trojan-activity;sid:83681134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.arm6"; depth:11; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818035/; classtype:trojan-activity;sid:83681135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.mpsl"; depth:11; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818036/; classtype:trojan-activity;sid:83681136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.x86_64"; depth:13; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818031/; classtype:trojan-activity;sid:83681131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.x86"; depth:10; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818032/; classtype:trojan-activity;sid:83681132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bulus.sh4"; depth:10; endswith; nocase; http.host; content:"bot.vptmedia.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818030/; classtype:trojan-activity;sid:83681130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.144.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818029/; classtype:trojan-activity;sid:83681129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.175.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818028/; classtype:trojan-activity;sid:83681128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818027/; classtype:trojan-activity;sid:83681127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.12.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818026/; classtype:trojan-activity;sid:83681126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.6.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818025/; classtype:trojan-activity;sid:83681125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.52.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818024/; classtype:trojan-activity;sid:83681124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.227.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818023/; classtype:trojan-activity;sid:83681123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818022/; classtype:trojan-activity;sid:83681122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.12.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818021/; classtype:trojan-activity;sid:83681121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818020/; classtype:trojan-activity;sid:83681120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.8.137.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818018/; classtype:trojan-activity;sid:83681118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.20.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818019/; classtype:trojan-activity;sid:83681119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.251.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818017/; classtype:trojan-activity;sid:83681117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.12.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818016/; classtype:trojan-activity;sid:83681116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.100.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818015/; classtype:trojan-activity;sid:83681115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.25.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818014/; classtype:trojan-activity;sid:83681114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm7"; depth:10; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818012/; classtype:trojan-activity;sid:83681112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mips"; depth:10; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818013/; classtype:trojan-activity;sid:83681113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86"; depth:9; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818005/; classtype:trojan-activity;sid:83681105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm"; depth:9; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818006/; classtype:trojan-activity;sid:83681106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-m68k"; depth:10; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818007/; classtype:trojan-activity;sid:83681107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm6"; depth:10; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818008/; classtype:trojan-activity;sid:83681108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-sh4"; depth:9; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818009/; classtype:trojan-activity;sid:83681109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mpsl"; depth:10; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818010/; classtype:trojan-activity;sid:83681110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818011/; classtype:trojan-activity;sid:83681111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm5"; depth:10; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818003/; classtype:trojan-activity;sid:83681103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.12.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818004/; classtype:trojan-activity;sid:83681104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-ppc"; depth:9; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818002/; classtype:trojan-activity;sid:83681102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818001/; classtype:trojan-activity;sid:83681101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.203.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818000/; classtype:trojan-activity;sid:83681100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.208.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817999/; classtype:trojan-activity;sid:83681099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817997/; classtype:trojan-activity;sid:83681097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"aomacamada.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817998/; classtype:trojan-activity;sid:83681098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.187.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817996/; classtype:trojan-activity;sid:83681096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm"; depth:9; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817993/; classtype:trojan-activity;sid:83681093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mips"; depth:10; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817994/; classtype:trojan-activity;sid:83681094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817995/; classtype:trojan-activity;sid:83681095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.68.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817990/; classtype:trojan-activity;sid:83681090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.60.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817991/; classtype:trojan-activity;sid:83681091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm7"; depth:10; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817992/; classtype:trojan-activity;sid:83681092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mpsl"; depth:10; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817984/; classtype:trojan-activity;sid:83681084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86"; depth:9; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817985/; classtype:trojan-activity;sid:83681085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817986/; classtype:trojan-activity;sid:83681086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm6"; depth:10; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817987/; classtype:trojan-activity;sid:83681087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-sh4"; depth:9; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817988/; classtype:trojan-activity;sid:83681088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-m68k"; depth:10; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817989/; classtype:trojan-activity;sid:83681089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817982/; classtype:trojan-activity;sid:83681082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm5"; depth:10; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817983/; classtype:trojan-activity;sid:83681083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-ppc"; depth:9; endswith; nocase; http.host; content:"net-killler.store"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817981/; classtype:trojan-activity;sid:83681081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.80.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817980/; classtype:trojan-activity;sid:83681080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.255.107.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817979/; classtype:trojan-activity;sid:83681079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817978/; classtype:trojan-activity;sid:83681078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.6.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817977/; classtype:trojan-activity;sid:83681077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.219.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817976/; classtype:trojan-activity;sid:83681076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.70.125.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817974/; classtype:trojan-activity;sid:83681074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.218.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817975/; classtype:trojan-activity;sid:83681075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.61.93.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817972/; classtype:trojan-activity;sid:83681072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.236.187.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817973/; classtype:trojan-activity;sid:83681073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.181.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817970/; classtype:trojan-activity;sid:83681070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.251.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817971/; classtype:trojan-activity;sid:83681071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.246.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817969/; classtype:trojan-activity;sid:83681069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.31.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817968/; classtype:trojan-activity;sid:83681068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows.exe"; depth:12; endswith; nocase; http.host; content:"154.201.74.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817967/; classtype:trojan-activity;sid:83681067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.44.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817966/; classtype:trojan-activity;sid:83681066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.92.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817965/; classtype:trojan-activity;sid:83681065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.207.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817964/; classtype:trojan-activity;sid:83681064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.25.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817963/; classtype:trojan-activity;sid:83681063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.135.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817962/; classtype:trojan-activity;sid:83681062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.226.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817961/; classtype:trojan-activity;sid:83681061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.199.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817960/; classtype:trojan-activity;sid:83681060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.234.152.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817959/; classtype:trojan-activity;sid:83681059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.128.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817958/; classtype:trojan-activity;sid:83681058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.109.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817957/; classtype:trojan-activity;sid:83681057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.200.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817956/; classtype:trojan-activity;sid:83681056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.31.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817955/; classtype:trojan-activity;sid:83681055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.246.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817954/; classtype:trojan-activity;sid:83681054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.44.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817953/; classtype:trojan-activity;sid:83681053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.54.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817951/; classtype:trojan-activity;sid:83681051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.80.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817952/; classtype:trojan-activity;sid:83681052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.176.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817950/; classtype:trojan-activity;sid:83681050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"dejdl.register.arpsychotherapy.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817949/; classtype:trojan-activity;sid:83681049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.241.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817948/; classtype:trojan-activity;sid:83681048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817947/; classtype:trojan-activity;sid:83681047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817935/; classtype:trojan-activity;sid:83681035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817936/; classtype:trojan-activity;sid:83681036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817937/; classtype:trojan-activity;sid:83681037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817938/; classtype:trojan-activity;sid:83681038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817939/; classtype:trojan-activity;sid:83681039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817940/; classtype:trojan-activity;sid:83681040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817941/; classtype:trojan-activity;sid:83681041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817942/; classtype:trojan-activity;sid:83681042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817943/; classtype:trojan-activity;sid:83681043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817944/; classtype:trojan-activity;sid:83681044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817945/; classtype:trojan-activity;sid:83681045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"rooty.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817946/; classtype:trojan-activity;sid:83681046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.91.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817934/; classtype:trojan-activity;sid:83681034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817928/; classtype:trojan-activity;sid:83681028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817929/; classtype:trojan-activity;sid:83681029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817930/; classtype:trojan-activity;sid:83681030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817931/; classtype:trojan-activity;sid:83681031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817932/; classtype:trojan-activity;sid:83681032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817933/; classtype:trojan-activity;sid:83681033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817922/; classtype:trojan-activity;sid:83681022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817923/; classtype:trojan-activity;sid:83681023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817924/; classtype:trojan-activity;sid:83681024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817925/; classtype:trojan-activity;sid:83681025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817926/; classtype:trojan-activity;sid:83681026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"rootme.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817927/; classtype:trojan-activity;sid:83681027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.47.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817921/; classtype:trojan-activity;sid:83681021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.92.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817920/; classtype:trojan-activity;sid:83681020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.126.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817919/; classtype:trojan-activity;sid:83681019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.181.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817918/; classtype:trojan-activity;sid:83681018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817917/; classtype:trojan-activity;sid:83681017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.83.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817916/; classtype:trojan-activity;sid:83681016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.7.57"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817915/; classtype:trojan-activity;sid:83681015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817914/; classtype:trojan-activity;sid:83681014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.128.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817913/; classtype:trojan-activity;sid:83681013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.248.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817912/; classtype:trojan-activity;sid:83681012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.200.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817911/; classtype:trojan-activity;sid:83681011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.57"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817910/; classtype:trojan-activity;sid:83681010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.251.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817909/; classtype:trojan-activity;sid:83681009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.186.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817908/; classtype:trojan-activity;sid:83681008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.181.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817907/; classtype:trojan-activity;sid:83681007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817905/; classtype:trojan-activity;sid:83681005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.149.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817906/; classtype:trojan-activity;sid:83681006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.47.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817903/; classtype:trojan-activity;sid:83681003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.147.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817904/; classtype:trojan-activity;sid:83681004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.9.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817902/; classtype:trojan-activity;sid:83681002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.239.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817901/; classtype:trojan-activity;sid:83681001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.202.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817900/; classtype:trojan-activity;sid:83681000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.70.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817899/; classtype:trojan-activity;sid:83680999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.126.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817898/; classtype:trojan-activity;sid:83680998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.186.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817897/; classtype:trojan-activity;sid:83680997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.76.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817896/; classtype:trojan-activity;sid:83680996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817895/; classtype:trojan-activity;sid:83680995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817894/; classtype:trojan-activity;sid:83680994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817892/; classtype:trojan-activity;sid:83680992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"209.59.113.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817893/; classtype:trojan-activity;sid:83680993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.163.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817891/; classtype:trojan-activity;sid:83680991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.132.129.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817890/; classtype:trojan-activity;sid:83680990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.105.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817889/; classtype:trojan-activity;sid:83680989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.60.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817887/; classtype:trojan-activity;sid:83680987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.178.76.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817888/; classtype:trojan-activity;sid:83680988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.76.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817886/; classtype:trojan-activity;sid:83680986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.36.74.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817885/; classtype:trojan-activity;sid:83680985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.48.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817884/; classtype:trojan-activity;sid:83680984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817883/; classtype:trojan-activity;sid:83680983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.182.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817882/; classtype:trojan-activity;sid:83680982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.70.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817880/; classtype:trojan-activity;sid:83680980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.94.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817881/; classtype:trojan-activity;sid:83680981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.118.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817879/; classtype:trojan-activity;sid:83680979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.163.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817878/; classtype:trojan-activity;sid:83680978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.178.76.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817877/; classtype:trojan-activity;sid:83680977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.234.185.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817876/; classtype:trojan-activity;sid:83680976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/style/070.exe"; depth:14; endswith; nocase; http.host; content:"power.crazyfigs.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817875/; classtype:trojan-activity;sid:83680975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.60.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817874/; classtype:trojan-activity;sid:83680974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817873/; classtype:trojan-activity;sid:83680973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.181.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817872/; classtype:trojan-activity;sid:83680972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.191.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817871/; classtype:trojan-activity;sid:83680971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.208.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817870/; classtype:trojan-activity;sid:83680970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/070.exe"; depth:8; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817869/; classtype:trojan-activity;sid:83680969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.15.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817868/; classtype:trojan-activity;sid:83680968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.132.129.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817867/; classtype:trojan-activity;sid:83680967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.21.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817866/; classtype:trojan-activity;sid:83680966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.188.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817865/; classtype:trojan-activity;sid:83680965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.118.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817864/; classtype:trojan-activity;sid:83680964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817863/; classtype:trojan-activity;sid:83680963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.111.220.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817862/; classtype:trojan-activity;sid:83680962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.186.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817861/; classtype:trojan-activity;sid:83680961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.188.223.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817860/; classtype:trojan-activity;sid:83680960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.64.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817859/; classtype:trojan-activity;sid:83680959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817858/; classtype:trojan-activity;sid:83680958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.146.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817857/; classtype:trojan-activity;sid:83680957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.218.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817856/; classtype:trojan-activity;sid:83680956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.205.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817855/; classtype:trojan-activity;sid:83680955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.15.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817854/; classtype:trojan-activity;sid:83680954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817853/; classtype:trojan-activity;sid:83680953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.68.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817852/; classtype:trojan-activity;sid:83680952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.21.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817851/; classtype:trojan-activity;sid:83680951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.21.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817850/; classtype:trojan-activity;sid:83680950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.72.41.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817849/; classtype:trojan-activity;sid:83680949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.17.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817848/; classtype:trojan-activity;sid:83680948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817847/; classtype:trojan-activity;sid:83680947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817846/; classtype:trojan-activity;sid:83680946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817845/; classtype:trojan-activity;sid:83680945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.177.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817844/; classtype:trojan-activity;sid:83680944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817843/; classtype:trojan-activity;sid:83680943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817842/; classtype:trojan-activity;sid:83680942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.227.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817840/; classtype:trojan-activity;sid:83680940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.139.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817841/; classtype:trojan-activity;sid:83680941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.146.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817839/; classtype:trojan-activity;sid:83680939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.83.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817838/; classtype:trojan-activity;sid:83680938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.205.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817837/; classtype:trojan-activity;sid:83680937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transactionsummary_910020049836765_110424045239.xlsx.exe"; depth:57; endswith; nocase; http.host; content:"universalmovies.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817836/; classtype:trojan-activity;sid:83680936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.218.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817835/; classtype:trojan-activity;sid:83680935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.121.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817834/; classtype:trojan-activity;sid:83680934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817833/; classtype:trojan-activity;sid:83680933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.17.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817832/; classtype:trojan-activity;sid:83680932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.83.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817831/; classtype:trojan-activity;sid:83680931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.156.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817829/; classtype:trojan-activity;sid:83680929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.69.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817830/; classtype:trojan-activity;sid:83680930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.234.152.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817828/; classtype:trojan-activity;sid:83680928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.80.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817827/; classtype:trojan-activity;sid:83680927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817826/; classtype:trojan-activity;sid:83680926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.234.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817825/; classtype:trojan-activity;sid:83680925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.77.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817824/; classtype:trojan-activity;sid:83680924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.46.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817823/; classtype:trojan-activity;sid:83680923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.77.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817822/; classtype:trojan-activity;sid:83680922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.85.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817821/; classtype:trojan-activity;sid:83680921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.206.189.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817820/; classtype:trojan-activity;sid:83680920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.208.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817819/; classtype:trojan-activity;sid:83680919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.201.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817818/; classtype:trojan-activity;sid:83680918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.79.188.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817817/; classtype:trojan-activity;sid:83680917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.69.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817816/; classtype:trojan-activity;sid:83680916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/26fe70/disc.exe"; depth:18; endswith; nocase; http.host; content:"www.file-drop.cc"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817815/; classtype:trojan-activity;sid:83680915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.199.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817814/; classtype:trojan-activity;sid:83680914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817813/; classtype:trojan-activity;sid:83680913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.25.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817812/; classtype:trojan-activity;sid:83680912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.128.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817811/; classtype:trojan-activity;sid:83680911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.42.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817810/; classtype:trojan-activity;sid:83680910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.80.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817809/; classtype:trojan-activity;sid:83680909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.81.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817808/; classtype:trojan-activity;sid:83680908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817807/; classtype:trojan-activity;sid:83680907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.255.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817806/; classtype:trojan-activity;sid:83680906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.155.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817805/; classtype:trojan-activity;sid:83680905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.204.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817804/; classtype:trojan-activity;sid:83680904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.240.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817803/; classtype:trojan-activity;sid:83680903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.255.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817802/; classtype:trojan-activity;sid:83680902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.248.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817801/; classtype:trojan-activity;sid:83680901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.106.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817800/; classtype:trojan-activity;sid:83680900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.88.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817799/; classtype:trojan-activity;sid:83680899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.44.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817798/; classtype:trojan-activity;sid:83680898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.128.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817796/; classtype:trojan-activity;sid:83680896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.168.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817797/; classtype:trojan-activity;sid:83680897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.122.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817795/; classtype:trojan-activity;sid:83680895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.155.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817794/; classtype:trojan-activity;sid:83680894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.204.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817793/; classtype:trojan-activity;sid:83680893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.160.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817792/; classtype:trojan-activity;sid:83680892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.215.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817791/; classtype:trojan-activity;sid:83680891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.54.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817789/; classtype:trojan-activity;sid:83680889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.213.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817790/; classtype:trojan-activity;sid:83680890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.248.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817788/; classtype:trojan-activity;sid:83680888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.61.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817787/; classtype:trojan-activity;sid:83680887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.218.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817786/; classtype:trojan-activity;sid:83680886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.132.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817784/; classtype:trojan-activity;sid:83680884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.36.88.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817785/; classtype:trojan-activity;sid:83680885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.60.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817783/; classtype:trojan-activity;sid:83680883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817782/; classtype:trojan-activity;sid:83680882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.240.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817781/; classtype:trojan-activity;sid:83680881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.2.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817780/; classtype:trojan-activity;sid:83680880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817779/; classtype:trojan-activity;sid:83680879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.171.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817778/; classtype:trojan-activity;sid:83680878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.2.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817777/; classtype:trojan-activity;sid:83680877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817776/; classtype:trojan-activity;sid:83680876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.54.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817774/; classtype:trojan-activity;sid:83680874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.166.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817775/; classtype:trojan-activity;sid:83680875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.124.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817773/; classtype:trojan-activity;sid:83680873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.160.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817772/; classtype:trojan-activity;sid:83680872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.201.220.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817771/; classtype:trojan-activity;sid:83680871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.60.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817770/; classtype:trojan-activity;sid:83680870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.168.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817769/; classtype:trojan-activity;sid:83680869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.184.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817768/; classtype:trojan-activity;sid:83680868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.25.211.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817767/; classtype:trojan-activity;sid:83680867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"2.55.98.253"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817766/; classtype:trojan-activity;sid:83680866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.144.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817764/; classtype:trojan-activity;sid:83680864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.186.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817765/; classtype:trojan-activity;sid:83680865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.32.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817763/; classtype:trojan-activity;sid:83680863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.195.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817762/; classtype:trojan-activity;sid:83680862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.43.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817761/; classtype:trojan-activity;sid:83680861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.79.115.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817760/; classtype:trojan-activity;sid:83680860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.132.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817759/; classtype:trojan-activity;sid:83680859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.112.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817758/; classtype:trojan-activity;sid:83680858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.184.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817757/; classtype:trojan-activity;sid:83680857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.32.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817756/; classtype:trojan-activity;sid:83680856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.103.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817755/; classtype:trojan-activity;sid:83680855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817754/; classtype:trojan-activity;sid:83680854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817753/; classtype:trojan-activity;sid:83680853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.48.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817752/; classtype:trojan-activity;sid:83680852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.112.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817751/; classtype:trojan-activity;sid:83680851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.149.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817750/; classtype:trojan-activity;sid:83680850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.195.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817749/; classtype:trojan-activity;sid:83680849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.76.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817748/; classtype:trojan-activity;sid:83680848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.195.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817747/; classtype:trojan-activity;sid:83680847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.43.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817746/; classtype:trojan-activity;sid:83680846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817745/; classtype:trojan-activity;sid:83680845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.58.238.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817743/; classtype:trojan-activity;sid:83680843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.249.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817744/; classtype:trojan-activity;sid:83680844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.141.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817742/; classtype:trojan-activity;sid:83680842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.95.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817741/; classtype:trojan-activity;sid:83680841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.104.220.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817740/; classtype:trojan-activity;sid:83680840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817739/; classtype:trojan-activity;sid:83680839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.10.132.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817738/; classtype:trojan-activity;sid:83680838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.233.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817737/; classtype:trojan-activity;sid:83680837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.33.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817736/; classtype:trojan-activity;sid:83680836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817735/; classtype:trojan-activity;sid:83680835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.185.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817734/; classtype:trojan-activity;sid:83680834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.40.147.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817733/; classtype:trojan-activity;sid:83680833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.195.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817730/; classtype:trojan-activity;sid:83680830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.232.106.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817731/; classtype:trojan-activity;sid:83680831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.78.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817732/; classtype:trojan-activity;sid:83680832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.80.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817729/; classtype:trojan-activity;sid:83680829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817728/; classtype:trojan-activity;sid:83680828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.69.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817727/; classtype:trojan-activity;sid:83680827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.172.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817726/; classtype:trojan-activity;sid:83680826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817725/; classtype:trojan-activity;sid:83680825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.221.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817724/; classtype:trojan-activity;sid:83680824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.208.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817723/; classtype:trojan-activity;sid:83680823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.116.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817721/; classtype:trojan-activity;sid:83680821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.95.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817722/; classtype:trojan-activity;sid:83680822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.33.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817720/; classtype:trojan-activity;sid:83680820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.4.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817719/; classtype:trojan-activity;sid:83680819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.208.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817718/; classtype:trojan-activity;sid:83680818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.233.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817717/; classtype:trojan-activity;sid:83680817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817716/; classtype:trojan-activity;sid:83680816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.10.132.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817715/; classtype:trojan-activity;sid:83680815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.221.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817714/; classtype:trojan-activity;sid:83680814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.144.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817713/; classtype:trojan-activity;sid:83680813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.237.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817712/; classtype:trojan-activity;sid:83680812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.69.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817711/; classtype:trojan-activity;sid:83680811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817710/; classtype:trojan-activity;sid:83680810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817709/; classtype:trojan-activity;sid:83680809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.5.107"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817708/; classtype:trojan-activity;sid:83680808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.65.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817706/; classtype:trojan-activity;sid:83680806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817707/; classtype:trojan-activity;sid:83680807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.116.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817705/; classtype:trojan-activity;sid:83680805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.221.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817704/; classtype:trojan-activity;sid:83680804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.4.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817703/; classtype:trojan-activity;sid:83680803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.243.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817702/; classtype:trojan-activity;sid:83680802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817701/; classtype:trojan-activity;sid:83680801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.176.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817700/; classtype:trojan-activity;sid:83680800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.171.253.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817699/; classtype:trojan-activity;sid:83680799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.137.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817698/; classtype:trojan-activity;sid:83680798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.221.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817697/; classtype:trojan-activity;sid:83680797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817696/; classtype:trojan-activity;sid:83680796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.101.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817695/; classtype:trojan-activity;sid:83680795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.168.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817694/; classtype:trojan-activity;sid:83680794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.5.107"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817693/; classtype:trojan-activity;sid:83680793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.42.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817692/; classtype:trojan-activity;sid:83680792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.254.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817691/; classtype:trojan-activity;sid:83680791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817690/; classtype:trojan-activity;sid:83680790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.254.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817689/; classtype:trojan-activity;sid:83680789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.93.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817688/; classtype:trojan-activity;sid:83680788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.47.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817687/; classtype:trojan-activity;sid:83680787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.243.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817686/; classtype:trojan-activity;sid:83680786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.10.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817685/; classtype:trojan-activity;sid:83680785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817684/; classtype:trojan-activity;sid:83680784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817683/; classtype:trojan-activity;sid:83680783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.101.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817681/; classtype:trojan-activity;sid:83680781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.42.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817682/; classtype:trojan-activity;sid:83680782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.222.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817680/; classtype:trojan-activity;sid:83680780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.58.171.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817679/; classtype:trojan-activity;sid:83680779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.246.115.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817678/; classtype:trojan-activity;sid:83680778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.174.66.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817676/; classtype:trojan-activity;sid:83680776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.137.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817677/; classtype:trojan-activity;sid:83680777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668688263|3f|hash=efnapnmyzobmouzhcxw0bvnfwzkg5s4nt19fso9rcg4|7c|26|7c|dl=hkb9glqdnfmux4ym6vxhpionrn2z7hoszomksvwzx80|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817675/; classtype:trojan-activity;sid:83680775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.53.55.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817674/; classtype:trojan-activity;sid:83680774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.143.42.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817673/; classtype:trojan-activity;sid:83680773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.69.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817672/; classtype:trojan-activity;sid:83680772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.254.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817671/; classtype:trojan-activity;sid:83680771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.14.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817670/; classtype:trojan-activity;sid:83680770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.168.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817669/; classtype:trojan-activity;sid:83680769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.237.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817668/; classtype:trojan-activity;sid:83680768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.195.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817667/; classtype:trojan-activity;sid:83680767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.47.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817666/; classtype:trojan-activity;sid:83680766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817665/; classtype:trojan-activity;sid:83680765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.86.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817664/; classtype:trojan-activity;sid:83680764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.92.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817663/; classtype:trojan-activity;sid:83680763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.119.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817662/; classtype:trojan-activity;sid:83680762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.41.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817661/; classtype:trojan-activity;sid:83680761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.10.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817660/; classtype:trojan-activity;sid:83680760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.175.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817659/; classtype:trojan-activity;sid:83680759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817658/; classtype:trojan-activity;sid:83680758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.28.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817657/; classtype:trojan-activity;sid:83680757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.12.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817656/; classtype:trojan-activity;sid:83680756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.129.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817655/; classtype:trojan-activity;sid:83680755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817654/; classtype:trojan-activity;sid:83680754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.210.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817653/; classtype:trojan-activity;sid:83680753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.201.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817652/; classtype:trojan-activity;sid:83680752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.201.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817651/; classtype:trojan-activity;sid:83680751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.195.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817650/; classtype:trojan-activity;sid:83680750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.229.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817649/; classtype:trojan-activity;sid:83680749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.1.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817648/; classtype:trojan-activity;sid:83680748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.190.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817647/; classtype:trojan-activity;sid:83680747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.144.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817645/; classtype:trojan-activity;sid:83680745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.119.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817646/; classtype:trojan-activity;sid:83680746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.7.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817644/; classtype:trojan-activity;sid:83680744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.41.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817643/; classtype:trojan-activity;sid:83680743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817642/; classtype:trojan-activity;sid:83680742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.199.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817641/; classtype:trojan-activity;sid:83680741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.1.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817640/; classtype:trojan-activity;sid:83680740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.125.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817639/; classtype:trojan-activity;sid:83680739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.0.21.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817638/; classtype:trojan-activity;sid:83680738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817637/; classtype:trojan-activity;sid:83680737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.100.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817636/; classtype:trojan-activity;sid:83680736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.246.207.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817635/; classtype:trojan-activity;sid:83680735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817634/; classtype:trojan-activity;sid:83680734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.225.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817633/; classtype:trojan-activity;sid:83680733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.35.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817632/; classtype:trojan-activity;sid:83680732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817631/; classtype:trojan-activity;sid:83680731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.189.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817630/; classtype:trojan-activity;sid:83680730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.8.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817629/; classtype:trojan-activity;sid:83680729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.115.73.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817628/; classtype:trojan-activity;sid:83680728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.45.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817627/; classtype:trojan-activity;sid:83680727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.179.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817626/; classtype:trojan-activity;sid:83680726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817625/; classtype:trojan-activity;sid:83680725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817624/; classtype:trojan-activity;sid:83680724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.58.219.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817623/; classtype:trojan-activity;sid:83680723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.86.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817622/; classtype:trojan-activity;sid:83680722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.189.4.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817621/; classtype:trojan-activity;sid:83680721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.115.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817620/; classtype:trojan-activity;sid:83680720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.176.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817619/; classtype:trojan-activity;sid:83680719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817618/; classtype:trojan-activity;sid:83680718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.170.216.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817617/; classtype:trojan-activity;sid:83680717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.41.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817616/; classtype:trojan-activity;sid:83680716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.215.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817615/; classtype:trojan-activity;sid:83680715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.35.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817614/; classtype:trojan-activity;sid:83680714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817612/; classtype:trojan-activity;sid:83680712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.61.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817613/; classtype:trojan-activity;sid:83680713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.171.253.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817611/; classtype:trojan-activity;sid:83680711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817610/; classtype:trojan-activity;sid:83680710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.215.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817609/; classtype:trojan-activity;sid:83680709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.61.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817608/; classtype:trojan-activity;sid:83680708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.187.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817606/; classtype:trojan-activity;sid:83680706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.161.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817607/; classtype:trojan-activity;sid:83680707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817605/; classtype:trojan-activity;sid:83680705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.159.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817604/; classtype:trojan-activity;sid:83680704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.178.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817603/; classtype:trojan-activity;sid:83680703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.160.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817602/; classtype:trojan-activity;sid:83680702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817601/; classtype:trojan-activity;sid:83680701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.156.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817600/; classtype:trojan-activity;sid:83680700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.60.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817599/; classtype:trojan-activity;sid:83680699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.58.219.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817598/; classtype:trojan-activity;sid:83680698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.47.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817597/; classtype:trojan-activity;sid:83680697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.153.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817596/; classtype:trojan-activity;sid:83680696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817595/; classtype:trojan-activity;sid:83680695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.182.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817594/; classtype:trojan-activity;sid:83680694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.161.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817593/; classtype:trojan-activity;sid:83680693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.173.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817592/; classtype:trojan-activity;sid:83680692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817591/; classtype:trojan-activity;sid:83680691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817590/; classtype:trojan-activity;sid:83680690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817589/; classtype:trojan-activity;sid:83680689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.139.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817588/; classtype:trojan-activity;sid:83680688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817587/; classtype:trojan-activity;sid:83680687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.199.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817586/; classtype:trojan-activity;sid:83680686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817585/; classtype:trojan-activity;sid:83680685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.176.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817584/; classtype:trojan-activity;sid:83680684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.178.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817583/; classtype:trojan-activity;sid:83680683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.84.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817582/; classtype:trojan-activity;sid:83680682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.61.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817581/; classtype:trojan-activity;sid:83680681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.93.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817579/; classtype:trojan-activity;sid:83680679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.159.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817580/; classtype:trojan-activity;sid:83680680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.60.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817578/; classtype:trojan-activity;sid:83680678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.160.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817577/; classtype:trojan-activity;sid:83680677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817576/; classtype:trojan-activity;sid:83680676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817575/; classtype:trojan-activity;sid:83680675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.98.214.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817574/; classtype:trojan-activity;sid:83680674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.226.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817573/; classtype:trojan-activity;sid:83680673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.16.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817572/; classtype:trojan-activity;sid:83680672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.173.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817571/; classtype:trojan-activity;sid:83680671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.93.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817570/; classtype:trojan-activity;sid:83680670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.125.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817569/; classtype:trojan-activity;sid:83680669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.61.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817568/; classtype:trojan-activity;sid:83680668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.148.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817567/; classtype:trojan-activity;sid:83680667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.55.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817565/; classtype:trojan-activity;sid:83680665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.86.160.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817566/; classtype:trojan-activity;sid:83680666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.93.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817564/; classtype:trojan-activity;sid:83680664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.205.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817563/; classtype:trojan-activity;sid:83680663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.84.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817562/; classtype:trojan-activity;sid:83680662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.240.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817561/; classtype:trojan-activity;sid:83680661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817560/; classtype:trojan-activity;sid:83680660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.98.214.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817559/; classtype:trojan-activity;sid:83680659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817558/; classtype:trojan-activity;sid:83680658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.55.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817554/; classtype:trojan-activity;sid:83680654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.189.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817555/; classtype:trojan-activity;sid:83680655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.182.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817556/; classtype:trojan-activity;sid:83680656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.245.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817557/; classtype:trojan-activity;sid:83680657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.173.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817553/; classtype:trojan-activity;sid:83680653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.42.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817552/; classtype:trojan-activity;sid:83680652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.226.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817551/; classtype:trojan-activity;sid:83680651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.148.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817550/; classtype:trojan-activity;sid:83680650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.31.135.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817549/; classtype:trojan-activity;sid:83680649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.240.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817548/; classtype:trojan-activity;sid:83680648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xxq39a5f9ejp"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817547/; classtype:trojan-activity;sid:83680647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.107.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817546/; classtype:trojan-activity;sid:83680646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.241.18.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817545/; classtype:trojan-activity;sid:83680645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.243.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817544/; classtype:trojan-activity;sid:83680644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.121.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817543/; classtype:trojan-activity;sid:83680643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.29.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817542/; classtype:trojan-activity;sid:83680642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817541/; classtype:trojan-activity;sid:83680641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.182.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817540/; classtype:trojan-activity;sid:83680640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.85.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817539/; classtype:trojan-activity;sid:83680639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.186.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817537/; classtype:trojan-activity;sid:83680637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.132.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817538/; classtype:trojan-activity;sid:83680638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.71.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817536/; classtype:trojan-activity;sid:83680636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.225.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817535/; classtype:trojan-activity;sid:83680635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.51.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817534/; classtype:trojan-activity;sid:83680634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.63.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817533/; classtype:trojan-activity;sid:83680633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.240.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817532/; classtype:trojan-activity;sid:83680632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.42.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817531/; classtype:trojan-activity;sid:83680631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817530/; classtype:trojan-activity;sid:83680630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.75.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817529/; classtype:trojan-activity;sid:83680629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.241.18.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817528/; classtype:trojan-activity;sid:83680628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.121.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817527/; classtype:trojan-activity;sid:83680627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817526/; classtype:trojan-activity;sid:83680626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.59.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817525/; classtype:trojan-activity;sid:83680625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.207.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817524/; classtype:trojan-activity;sid:83680624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.38.141.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817523/; classtype:trojan-activity;sid:83680623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.184.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817522/; classtype:trojan-activity;sid:83680622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.123.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817521/; classtype:trojan-activity;sid:83680621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.159.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817520/; classtype:trojan-activity;sid:83680620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.86.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817519/; classtype:trojan-activity;sid:83680619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.51.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817518/; classtype:trojan-activity;sid:83680618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817517/; classtype:trojan-activity;sid:83680617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"mucp.register.arpsychotherapy.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817516/; classtype:trojan-activity;sid:83680616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.194.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817515/; classtype:trojan-activity;sid:83680615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.190.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817514/; classtype:trojan-activity;sid:83680614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.63.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817513/; classtype:trojan-activity;sid:83680613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.98.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817511/; classtype:trojan-activity;sid:83680611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"156.47.241.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817512/; classtype:trojan-activity;sid:83680612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668743587|3f|hash=qwfg6zlqpr3eafhlz2b1kzffnezfolzehzftiane6vd|7c|26|7c|dl=de1tr4uzwwa9c7yqdsfy2wys97vmw04yv3xwzq3fz1l|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817510/; classtype:trojan-activity;sid:83680610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817509/; classtype:trojan-activity;sid:83680609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.175.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817507/; classtype:trojan-activity;sid:83680607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.207.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817508/; classtype:trojan-activity;sid:83680608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.31.135.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817506/; classtype:trojan-activity;sid:83680606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.246.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817505/; classtype:trojan-activity;sid:83680605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.184.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817504/; classtype:trojan-activity;sid:83680604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817503/; classtype:trojan-activity;sid:83680603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.21.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817502/; classtype:trojan-activity;sid:83680602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.82.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817501/; classtype:trojan-activity;sid:83680601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.38.141.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817500/; classtype:trojan-activity;sid:83680600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.62.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817499/; classtype:trojan-activity;sid:83680599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.123.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817498/; classtype:trojan-activity;sid:83680598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.167.250.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817497/; classtype:trojan-activity;sid:83680597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.86.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817496/; classtype:trojan-activity;sid:83680596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817495/; classtype:trojan-activity;sid:83680595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817494/; classtype:trojan-activity;sid:83680594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.205.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817493/; classtype:trojan-activity;sid:83680593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.9.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817492/; classtype:trojan-activity;sid:83680592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.89.175.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817491/; classtype:trojan-activity;sid:83680591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.143.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817489/; classtype:trojan-activity;sid:83680589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.180.243.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817490/; classtype:trojan-activity;sid:83680590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.195.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817488/; classtype:trojan-activity;sid:83680588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.254.82.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817487/; classtype:trojan-activity;sid:83680587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.157.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817486/; classtype:trojan-activity;sid:83680586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.166.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817485/; classtype:trojan-activity;sid:83680585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817484/; classtype:trojan-activity;sid:83680584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.236.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817483/; classtype:trojan-activity;sid:83680583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.175.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817482/; classtype:trojan-activity;sid:83680582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.240.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817481/; classtype:trojan-activity;sid:83680581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.102.122.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817480/; classtype:trojan-activity;sid:83680580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.62.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817479/; classtype:trojan-activity;sid:83680579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817478/; classtype:trojan-activity;sid:83680578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.166.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817477/; classtype:trojan-activity;sid:83680577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.60.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817476/; classtype:trojan-activity;sid:83680576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.191.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817475/; classtype:trojan-activity;sid:83680575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.10.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817474/; classtype:trojan-activity;sid:83680574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.123.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817473/; classtype:trojan-activity;sid:83680573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.111.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817472/; classtype:trojan-activity;sid:83680572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.192.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817471/; classtype:trojan-activity;sid:83680571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.92.82.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817470/; classtype:trojan-activity;sid:83680570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.103.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817469/; classtype:trojan-activity;sid:83680569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.175.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817468/; classtype:trojan-activity;sid:83680568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817467/; classtype:trojan-activity;sid:83680567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.236.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817466/; classtype:trojan-activity;sid:83680566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817465/; classtype:trojan-activity;sid:83680565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.10.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817464/; classtype:trojan-activity;sid:83680564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.60.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817462/; classtype:trojan-activity;sid:83680562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.115.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817463/; classtype:trojan-activity;sid:83680563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.129.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817460/; classtype:trojan-activity;sid:83680560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.225.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817461/; classtype:trojan-activity;sid:83680561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server/ww12/appgate2103v01.exe"; depth:31; endswith; nocase; http.host; content:"77.221.151.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817459/; classtype:trojan-activity;sid:83680559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amady.exe"; depth:10; endswith; nocase; http.host; content:"163.5.215.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817458/; classtype:trojan-activity;sid:83680558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amzey.exe"; depth:10; endswith; nocase; http.host; content:"163.5.215.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817457/; classtype:trojan-activity;sid:83680557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/files/1x26nvw6aqhh64w/mb90gklcm4eiwtz/build_1gyxidxruc.exe"; depth:63; endswith; nocase; http.host; content:"148.135.72.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817455/; classtype:trojan-activity;sid:83680555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/style/070.exe"; depth:14; endswith; nocase; http.host; content:"power.crazyfigs.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817456/; classtype:trojan-activity;sid:83680556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/setup.exe"; depth:16; endswith; nocase; http.host; content:"5.42.64.17"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817453/; classtype:trojan-activity;sid:83680553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d8d1e3a4bbaa51cc5062674f36cfd353/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817454/; classtype:trojan-activity;sid:83680554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hera/amadka.exe"; depth:16; endswith; nocase; http.host; content:"147.45.47.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817452/; classtype:trojan-activity;sid:83680552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.233.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817451/; classtype:trojan-activity;sid:83680551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uni400uni.exe"; depth:14; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817450/; classtype:trojan-activity;sid:83680550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/001mx.exe"; depth:16; endswith; nocase; http.host; content:"5.42.64.17"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817447/; classtype:trojan-activity;sid:83680547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"bishopberrian.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817448/; classtype:trojan-activity;sid:83680548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4fad2995abc2c1fceb6992452c268fd/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817449/; classtype:trojan-activity;sid:83680549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.191.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817446/; classtype:trojan-activity;sid:83680546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.123.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817445/; classtype:trojan-activity;sid:83680545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xjvkpdr0bkzl"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817444/; classtype:trojan-activity;sid:83680544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.184.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817443/; classtype:trojan-activity;sid:83680543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xrbud0wwn4la"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817441/; classtype:trojan-activity;sid:83680541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x7rzviwadkb5"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817442/; classtype:trojan-activity;sid:83680542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817440/; classtype:trojan-activity;sid:83680540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.238.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817439/; classtype:trojan-activity;sid:83680539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.185.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817438/; classtype:trojan-activity;sid:83680538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.61.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817437/; classtype:trojan-activity;sid:83680537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm6"; depth:10; endswith; nocase; http.host; content:"66.187.4.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817434/; classtype:trojan-activity;sid:83680534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"66.187.4.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817435/; classtype:trojan-activity;sid:83680535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm7"; depth:10; endswith; nocase; http.host; content:"66.187.4.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817436/; classtype:trojan-activity;sid:83680536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817430/; classtype:trojan-activity;sid:83680530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5.nn"; depth:8; endswith; nocase; http.host; content:"193.233.202.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817431/; classtype:trojan-activity;sid:83680531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.nn"; depth:8; endswith; nocase; http.host; content:"193.233.202.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817432/; classtype:trojan-activity;sid:83680532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.m68k"; depth:10; endswith; nocase; http.host; content:"66.187.4.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817433/; classtype:trojan-activity;sid:83680533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817420/; classtype:trojan-activity;sid:83680520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.10.91.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817421/; classtype:trojan-activity;sid:83680521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm"; depth:9; endswith; nocase; http.host; content:"66.187.4.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817422/; classtype:trojan-activity;sid:83680522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.mips"; depth:10; endswith; nocase; http.host; content:"66.187.4.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817423/; classtype:trojan-activity;sid:83680523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817424/; classtype:trojan-activity;sid:83680524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7.nn"; depth:8; endswith; nocase; http.host; content:"193.233.202.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817425/; classtype:trojan-activity;sid:83680525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm5"; depth:10; endswith; nocase; http.host; content:"66.187.4.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817426/; classtype:trojan-activity;sid:83680526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mil"; depth:4; endswith; nocase; http.host; content:"193.233.202.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817427/; classtype:trojan-activity;sid:83680527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4t"; depth:14; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817428/; classtype:trojan-activity;sid:83680528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm.nn"; depth:7; endswith; nocase; http.host; content:"193.233.202.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817429/; classtype:trojan-activity;sid:83680529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.spc"; depth:12; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817417/; classtype:trojan-activity;sid:83680517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6.nn"; depth:8; endswith; nocase; http.host; content:"193.233.202.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817418/; classtype:trojan-activity;sid:83680518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817419/; classtype:trojan-activity;sid:83680519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817412/; classtype:trojan-activity;sid:83680512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baa"; depth:4; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817413/; classtype:trojan-activity;sid:83680513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4"; depth:13; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817414/; classtype:trojan-activity;sid:83680514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab"; depth:4; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817415/; classtype:trojan-activity;sid:83680515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.ppc"; depth:9; endswith; nocase; http.host; content:"66.187.4.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817416/; classtype:trojan-activity;sid:83680516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817407/; classtype:trojan-activity;sid:83680507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bac"; depth:4; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817408/; classtype:trojan-activity;sid:83680508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817409/; classtype:trojan-activity;sid:83680509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bad"; depth:4; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817410/; classtype:trojan-activity;sid:83680510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.i686"; depth:13; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817411/; classtype:trojan-activity;sid:83680511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817406/; classtype:trojan-activity;sid:83680506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817402/; classtype:trojan-activity;sid:83680502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"95.216.182.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817403/; classtype:trojan-activity;sid:83680503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"95.216.182.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817404/; classtype:trojan-activity;sid:83680504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817405/; classtype:trojan-activity;sid:83680505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817398/; classtype:trojan-activity;sid:83680498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817399/; classtype:trojan-activity;sid:83680499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817400/; classtype:trojan-activity;sid:83680500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817401/; classtype:trojan-activity;sid:83680501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817394/; classtype:trojan-activity;sid:83680494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817395/; classtype:trojan-activity;sid:83680495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817396/; classtype:trojan-activity;sid:83680496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.128.232.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817397/; classtype:trojan-activity;sid:83680497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817391/; classtype:trojan-activity;sid:83680491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68"; depth:12; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817392/; classtype:trojan-activity;sid:83680492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"92.249.48.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817393/; classtype:trojan-activity;sid:83680493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.104.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817390/; classtype:trojan-activity;sid:83680490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.211.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817389/; classtype:trojan-activity;sid:83680489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817388/; classtype:trojan-activity;sid:83680488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.157.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817387/; classtype:trojan-activity;sid:83680487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817386/; classtype:trojan-activity;sid:83680486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.168.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817385/; classtype:trojan-activity;sid:83680485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.160.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817384/; classtype:trojan-activity;sid:83680484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817383/; classtype:trojan-activity;sid:83680483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.159.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817382/; classtype:trojan-activity;sid:83680482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.159.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817379/; classtype:trojan-activity;sid:83680479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.4.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817380/; classtype:trojan-activity;sid:83680480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.223.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817381/; classtype:trojan-activity;sid:83680481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817378/; classtype:trojan-activity;sid:83680478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817377/; classtype:trojan-activity;sid:83680477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//136.244.98.80:443/x86"; depth:23; endswith; nocase; http.host; content:"ttp"; depth:3; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817376/; classtype:trojan-activity;sid:83680476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817375/; classtype:trojan-activity;sid:83680475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.168.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817374/; classtype:trojan-activity;sid:83680474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.53.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817373/; classtype:trojan-activity;sid:83680473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run"; depth:4; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817372/; classtype:trojan-activity;sid:83680472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.46.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817371/; classtype:trojan-activity;sid:83680471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.71.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817370/; classtype:trojan-activity;sid:83680470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.185.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817369/; classtype:trojan-activity;sid:83680469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.103.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817368/; classtype:trojan-activity;sid:83680468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.246.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817367/; classtype:trojan-activity;sid:83680467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.215.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817365/; classtype:trojan-activity;sid:83680465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.100.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817366/; classtype:trojan-activity;sid:83680466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.250.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817364/; classtype:trojan-activity;sid:83680464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.146.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817363/; classtype:trojan-activity;sid:83680463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1leskp_nathtsuiiefwvkpyabua7qmogr"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817362/; classtype:trojan-activity;sid:83680462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nvbkmbrpzmdlsvmx1gfj0nylrjleqw"; depth:66; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817361/; classtype:trojan-activity;sid:83680461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=4e6f63f4c3c86180%21112|7c|26|7c|authkey=!aji85fsyq6pgubw"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817360/; classtype:trojan-activity;sid:83680460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/771/542/original/new_image.jpg"; depth:42; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817359/; classtype:trojan-activity;sid:83680459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.48.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817358/; classtype:trojan-activity;sid:83680458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nurs33pjxezqhl9ciafopya6u7i1vpkv"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817356/; classtype:trojan-activity;sid:83680456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/eclat.txt"; depth:21; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817355/; classtype:trojan-activity;sid:83680455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/5asfs"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817354/; classtype:trojan-activity;sid:83680454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.53.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817353/; classtype:trojan-activity;sid:83680453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2020/hjc.exe"; depth:13; endswith; nocase; http.host; content:"103.198.26.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817352/; classtype:trojan-activity;sid:83680452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.132.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817351/; classtype:trojan-activity;sid:83680451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.28.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817350/; classtype:trojan-activity;sid:83680450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.36.250.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817349/; classtype:trojan-activity;sid:83680449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0porecqxedazscu.scr"; depth:20; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817348/; classtype:trojan-activity;sid:83680448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cmkermn30.bin"; depth:14; endswith; nocase; http.host; content:"94.156.79.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817347/; classtype:trojan-activity;sid:83680447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rkenstaten.dsp"; depth:15; endswith; nocase; http.host; content:"94.156.79.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817346/; classtype:trojan-activity;sid:83680446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.146.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817345/; classtype:trojan-activity;sid:83680445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817344/; classtype:trojan-activity;sid:83680444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.32.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817343/; classtype:trojan-activity;sid:83680443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.216.140.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817342/; classtype:trojan-activity;sid:83680442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.159.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817340/; classtype:trojan-activity;sid:83680440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817341/; classtype:trojan-activity;sid:83680441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.138.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817337/; classtype:trojan-activity;sid:83680437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gtfcpd82.bin"; depth:13; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817338/; classtype:trojan-activity;sid:83680438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fodgngerovergangs.prm"; depth:22; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817339/; classtype:trojan-activity;sid:83680439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afmagringer.xsn"; depth:16; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817336/; classtype:trojan-activity;sid:83680436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vhhjqwfijn142.bin"; depth:18; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817329/; classtype:trojan-activity;sid:83680429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssssaxccu156.bin"; depth:17; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817330/; classtype:trojan-activity;sid:83680430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licences.ttf"; depth:13; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817331/; classtype:trojan-activity;sid:83680431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"5.206.227.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817332/; classtype:trojan-activity;sid:83680432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taktreguleringsaftaler.dwp"; depth:27; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817333/; classtype:trojan-activity;sid:83680433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"5.206.227.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817334/; classtype:trojan-activity;sid:83680434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pseudoisomer27.rar"; depth:19; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817335/; classtype:trojan-activity;sid:83680435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/signposting13.sea"; depth:18; endswith; nocase; http.host; content:"192.3.216.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817328/; classtype:trojan-activity;sid:83680428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sjyxpdsubezh78.bin"; depth:19; endswith; nocase; http.host; content:"192.3.216.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817326/; classtype:trojan-activity;sid:83680426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.71.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817327/; classtype:trojan-activity;sid:83680427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.48.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817325/; classtype:trojan-activity;sid:83680425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.214.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817324/; classtype:trojan-activity;sid:83680424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.188.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817323/; classtype:trojan-activity;sid:83680423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.36.250.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817321/; classtype:trojan-activity;sid:83680421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.228.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817322/; classtype:trojan-activity;sid:83680422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817320/; classtype:trojan-activity;sid:83680420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.38.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817319/; classtype:trojan-activity;sid:83680419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.132.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817318/; classtype:trojan-activity;sid:83680418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.85.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817317/; classtype:trojan-activity;sid:83680417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.101.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817316/; classtype:trojan-activity;sid:83680416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.129.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817315/; classtype:trojan-activity;sid:83680415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intimacao/downloads/done"; depth:25; endswith; nocase; http.host; content:"advogadosassociadosmw.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817314/; classtype:trojan-activity;sid:83680414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.77.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817313/; classtype:trojan-activity;sid:83680413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.215.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817312/; classtype:trojan-activity;sid:83680412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.227.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817311/; classtype:trojan-activity;sid:83680411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.80.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817310/; classtype:trojan-activity;sid:83680410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.138.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817309/; classtype:trojan-activity;sid:83680409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.228.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817308/; classtype:trojan-activity;sid:83680408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.10.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817307/; classtype:trojan-activity;sid:83680407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.101.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817306/; classtype:trojan-activity;sid:83680406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.129.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817305/; classtype:trojan-activity;sid:83680405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.188.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817304/; classtype:trojan-activity;sid:83680404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817303/; classtype:trojan-activity;sid:83680403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817302/; classtype:trojan-activity;sid:83680402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.117.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817301/; classtype:trojan-activity;sid:83680401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817300/; classtype:trojan-activity;sid:83680400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.203.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817299/; classtype:trojan-activity;sid:83680399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.207.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817298/; classtype:trojan-activity;sid:83680398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.37.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817297/; classtype:trojan-activity;sid:83680397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.29.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817295/; classtype:trojan-activity;sid:83680395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817296/; classtype:trojan-activity;sid:83680396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.88.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817293/; classtype:trojan-activity;sid:83680393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.77.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817294/; classtype:trojan-activity;sid:83680394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.29.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817292/; classtype:trojan-activity;sid:83680392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.215.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817291/; classtype:trojan-activity;sid:83680391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.48.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817290/; classtype:trojan-activity;sid:83680390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.21.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817289/; classtype:trojan-activity;sid:83680389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817287/; classtype:trojan-activity;sid:83680387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.48.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817288/; classtype:trojan-activity;sid:83680388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.138.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817286/; classtype:trojan-activity;sid:83680386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.199.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817285/; classtype:trojan-activity;sid:83680385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.199.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817284/; classtype:trojan-activity;sid:83680384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.76.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817283/; classtype:trojan-activity;sid:83680383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.228.72.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817282/; classtype:trojan-activity;sid:83680382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817281/; classtype:trojan-activity;sid:83680381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.211.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817280/; classtype:trojan-activity;sid:83680380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.117.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817279/; classtype:trojan-activity;sid:83680379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.11.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817278/; classtype:trojan-activity;sid:83680378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.179.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817277/; classtype:trojan-activity;sid:83680377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.30.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817276/; classtype:trojan-activity;sid:83680376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.76.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817275/; classtype:trojan-activity;sid:83680375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817274/; classtype:trojan-activity;sid:83680374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817273/; classtype:trojan-activity;sid:83680373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.50.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817272/; classtype:trojan-activity;sid:83680372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.40.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817271/; classtype:trojan-activity;sid:83680371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.156.79.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817270/; classtype:trojan-activity;sid:83680370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817269/; classtype:trojan-activity;sid:83680369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817268/; classtype:trojan-activity;sid:83680368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817267/; classtype:trojan-activity;sid:83680367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.82.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817266/; classtype:trojan-activity;sid:83680366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.231.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817265/; classtype:trojan-activity;sid:83680365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.174.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817264/; classtype:trojan-activity;sid:83680364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.32.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817263/; classtype:trojan-activity;sid:83680363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.43.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817262/; classtype:trojan-activity;sid:83680362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.136.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817261/; classtype:trojan-activity;sid:83680361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.149.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817260/; classtype:trojan-activity;sid:83680360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.211.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817258/; classtype:trojan-activity;sid:83680358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.0.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817259/; classtype:trojan-activity;sid:83680359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.183.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817257/; classtype:trojan-activity;sid:83680357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.212.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817256/; classtype:trojan-activity;sid:83680356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.151.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817255/; classtype:trojan-activity;sid:83680355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.200.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817254/; classtype:trojan-activity;sid:83680354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.7.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817252/; classtype:trojan-activity;sid:83680352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.82.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817253/; classtype:trojan-activity;sid:83680353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.48.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817251/; classtype:trojan-activity;sid:83680351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.174.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817250/; classtype:trojan-activity;sid:83680350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.36.104"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817249/; classtype:trojan-activity;sid:83680349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.237.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817248/; classtype:trojan-activity;sid:83680348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.75.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817246/; classtype:trojan-activity;sid:83680346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.62.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817247/; classtype:trojan-activity;sid:83680347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.188.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817245/; classtype:trojan-activity;sid:83680345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.101.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817244/; classtype:trojan-activity;sid:83680344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.16.82.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817243/; classtype:trojan-activity;sid:83680343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.13.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817242/; classtype:trojan-activity;sid:83680342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.48.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817241/; classtype:trojan-activity;sid:83680341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.193.36.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817240/; classtype:trojan-activity;sid:83680340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.212.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817238/; classtype:trojan-activity;sid:83680338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.7.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817237/; classtype:trojan-activity;sid:83680337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/src.tgz"; depth:8; endswith; nocase; http.host; content:"216.250.118.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817236/; classtype:trojan-activity;sid:83680336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public_html.zip"; depth:16; endswith; nocase; http.host; content:"216.250.118.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817235/; classtype:trojan-activity;sid:83680335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/file.pdf.lnk"; depth:23; endswith; nocase; http.host; content:"91.92.253.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817232/; classtype:trojan-activity;sid:83680332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/sa162.pdf.lnk"; depth:24; endswith; nocase; http.host; content:"91.92.253.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817233/; classtype:trojan-activity;sid:83680333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/factura_sa161.pdf.lnk"; depth:32; endswith; nocase; http.host; content:"91.92.253.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817234/; classtype:trojan-activity;sid:83680334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/sa161.pdf.lnk"; depth:24; endswith; nocase; http.host; content:"91.92.253.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817231/; classtype:trojan-activity;sid:83680331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stage2"; depth:7; endswith; nocase; http.host; content:"0had.com"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817229/; classtype:trojan-activity;sid:83680329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disabilitycharge.exe"; depth:21; endswith; nocase; http.host; content:"0had.com"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817230/; classtype:trojan-activity;sid:83680330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/last_stage"; depth:11; endswith; nocase; http.host; content:"93.190.140.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817228/; classtype:trojan-activity;sid:83680328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.40.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817227/; classtype:trojan-activity;sid:83680327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817226/; classtype:trojan-activity;sid:83680326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.225.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817225/; classtype:trojan-activity;sid:83680325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.6.214"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817224/; classtype:trojan-activity;sid:83680324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.115.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817223/; classtype:trojan-activity;sid:83680323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817222/; classtype:trojan-activity;sid:83680322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.67.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817221/; classtype:trojan-activity;sid:83680321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817220/; classtype:trojan-activity;sid:83680320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.40.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817219/; classtype:trojan-activity;sid:83680319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.213.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817218/; classtype:trojan-activity;sid:83680318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.158.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817217/; classtype:trojan-activity;sid:83680317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.141.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817216/; classtype:trojan-activity;sid:83680316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817214/; classtype:trojan-activity;sid:83680314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.61.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817215/; classtype:trojan-activity;sid:83680315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.104.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817213/; classtype:trojan-activity;sid:83680313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.86.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817212/; classtype:trojan-activity;sid:83680312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817207/; classtype:trojan-activity;sid:83680307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817208/; classtype:trojan-activity;sid:83680308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817209/; classtype:trojan-activity;sid:83680309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817210/; classtype:trojan-activity;sid:83680310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817211/; classtype:trojan-activity;sid:83680311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817204/; classtype:trojan-activity;sid:83680304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817205/; classtype:trojan-activity;sid:83680305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817206/; classtype:trojan-activity;sid:83680306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.38.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817199/; classtype:trojan-activity;sid:83680299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817200/; classtype:trojan-activity;sid:83680300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817201/; classtype:trojan-activity;sid:83680301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817202/; classtype:trojan-activity;sid:83680302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"45.128.232.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817203/; classtype:trojan-activity;sid:83680303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.48.59.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817198/; classtype:trojan-activity;sid:83680298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.208.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817197/; classtype:trojan-activity;sid:83680297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.37.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817196/; classtype:trojan-activity;sid:83680296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mips"; depth:12; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817194/; classtype:trojan-activity;sid:83680294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.mips"; depth:17; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817195/; classtype:trojan-activity;sid:83680295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mipsel"; depth:14; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817186/; classtype:trojan-activity;sid:83680286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sh4"; depth:11; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817187/; classtype:trojan-activity;sid:83680287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm5"; depth:12; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817188/; classtype:trojan-activity;sid:83680288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sparc"; depth:13; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817189/; classtype:trojan-activity;sid:83680289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arm5"; depth:17; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817190/; classtype:trojan-activity;sid:83680290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arm"; depth:16; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817191/; classtype:trojan-activity;sid:83680291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.m68k"; depth:17; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817192/; classtype:trojan-activity;sid:83680292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.powerpc"; depth:20; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817193/; classtype:trojan-activity;sid:83680293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arm6"; depth:17; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817179/; classtype:trojan-activity;sid:83680279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817180/; classtype:trojan-activity;sid:83680280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arm7"; depth:17; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817181/; classtype:trojan-activity;sid:83680281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.sh4"; depth:16; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817182/; classtype:trojan-activity;sid:83680282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.mipsel"; depth:19; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817183/; classtype:trojan-activity;sid:83680283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.m68k"; depth:12; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817184/; classtype:trojan-activity;sid:83680284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.sparc"; depth:18; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817185/; classtype:trojan-activity;sid:83680285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm6"; depth:12; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817177/; classtype:trojan-activity;sid:83680277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.powerpc"; depth:15; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817178/; classtype:trojan-activity;sid:83680278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.93.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817176/; classtype:trojan-activity;sid:83680276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668737557|3f|hash=zzozuj3jqwirzdx43h1xsdbjjpbjtttmo0tqvklosyt|7c|26|7c|dl=6oxtbnlmm4w0j3jkshohhhwc3ra1banpcoe86ijtcm0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817175/; classtype:trojan-activity;sid:83680275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.213.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817174/; classtype:trojan-activity;sid:83680274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.93.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817173/; classtype:trojan-activity;sid:83680273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817172/; classtype:trojan-activity;sid:83680272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817171/; classtype:trojan-activity;sid:83680271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xosl4tr8v5cv"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817170/; classtype:trojan-activity;sid:83680270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xr2q067lle5e"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817169/; classtype:trojan-activity;sid:83680269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xwv5xgmapxkq"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817167/; classtype:trojan-activity;sid:83680267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x6umfeq0i3xb"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817168/; classtype:trojan-activity;sid:83680268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.235.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817166/; classtype:trojan-activity;sid:83680266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.15.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817165/; classtype:trojan-activity;sid:83680265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817164/; classtype:trojan-activity;sid:83680264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.54.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817163/; classtype:trojan-activity;sid:83680263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"5.206.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817162/; classtype:trojan-activity;sid:83680262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/logo.jpg"; depth:13; endswith; nocase; http.host; content:"public-ftp.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817161/; classtype:trojan-activity;sid:83680261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tjpemvtkauopkjfzmdnqpamhdehx63.bin"; depth:35; endswith; nocase; http.host; content:"kraljevikonaci.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817159/; classtype:trojan-activity;sid:83680259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.24.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817157/; classtype:trojan-activity;sid:83680257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/piodroealmbpb243.bin"; depth:21; endswith; nocase; http.host; content:"ricohltd.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817158/; classtype:trojan-activity;sid:83680258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/dol98/shortcut.exe"; depth:23; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817156/; classtype:trojan-activity;sid:83680256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.52.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817155/; classtype:trojan-activity;sid:83680255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.174.238.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817154/; classtype:trojan-activity;sid:83680254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.149.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817151/; classtype:trojan-activity;sid:83680251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.176.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817152/; classtype:trojan-activity;sid:83680252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.131.41.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817153/; classtype:trojan-activity;sid:83680253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.174.238.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817150/; classtype:trojan-activity;sid:83680250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/v6neism7b7lfw878ky7ww/cheatrun.zip|3f|rlkey=g278e4s48qqphghx7esn34jq5|7c|26|7c|dl=0"; depth:91; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817149/; classtype:trojan-activity;sid:83680249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coolismoney/laughing-octo-tribble/releases/download/v2/crazycore.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817148/; classtype:trojan-activity;sid:83680248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/leon-1040documents.zip"; depth:32; endswith; nocase; http.host; content:"taxdocview.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817147/; classtype:trojan-activity;sid:83680247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stage"; depth:6; endswith; nocase; http.host; content:"0had.com"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817145/; classtype:trojan-activity;sid:83680245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php|3f|8838"; depth:17; endswith; nocase; http.host; content:"beautyservicenearme.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817146/; classtype:trojan-activity;sid:83680246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help/per.php"; depth:13; endswith; nocase; http.host; content:"onesmartiptv.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817144/; classtype:trojan-activity;sid:83680244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gorps112.pcx"; depth:13; endswith; nocase; http.host; content:"192.3.216.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817142/; classtype:trojan-activity;sid:83680242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817143/; classtype:trojan-activity;sid:83680243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nlwwhqdzv162.bin"; depth:17; endswith; nocase; http.host; content:"192.3.216.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817141/; classtype:trojan-activity;sid:83680241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/factura"; depth:8; endswith; nocase; http.host; content:"93.190.140.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817139/; classtype:trojan-activity;sid:83680239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disabilitycharge.exe"; depth:21; endswith; nocase; http.host; content:"93.190.140.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817140/; classtype:trojan-activity;sid:83680240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luyou.sh"; depth:9; endswith; nocase; http.host; content:"tcp.bzwl888.sbs"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817137/; classtype:trojan-activity;sid:83680237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sogax86"; depth:8; endswith; nocase; http.host; content:"tcp.bzwl888.sbs"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817138/; classtype:trojan-activity;sid:83680238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.144.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817136/; classtype:trojan-activity;sid:83680236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.36.250.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817135/; classtype:trojan-activity;sid:83680235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.243.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817133/; classtype:trojan-activity;sid:83680233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817134/; classtype:trojan-activity;sid:83680234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817132/; classtype:trojan-activity;sid:83680232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.234.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817131/; classtype:trojan-activity;sid:83680231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.246.10.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817130/; classtype:trojan-activity;sid:83680230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817129/; classtype:trojan-activity;sid:83680229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.60.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817128/; classtype:trojan-activity;sid:83680228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817127/; classtype:trojan-activity;sid:83680227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.102.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817126/; classtype:trojan-activity;sid:83680226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luyou.sh"; depth:9; endswith; nocase; http.host; content:"bzwl888.sbs"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817125/; classtype:trojan-activity;sid:83680225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817124/; classtype:trojan-activity;sid:83680224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luyou.sh"; depth:9; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817123/; classtype:trojan-activity;sid:83680223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817122/; classtype:trojan-activity;sid:83680222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.149.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817121/; classtype:trojan-activity;sid:83680221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.233.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817120/; classtype:trojan-activity;sid:83680220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.235.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817119/; classtype:trojan-activity;sid:83680219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817118/; classtype:trojan-activity;sid:83680218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.78.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817116/; classtype:trojan-activity;sid:83680216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.53.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817117/; classtype:trojan-activity;sid:83680217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.94.13.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817115/; classtype:trojan-activity;sid:83680215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"bmp.register.arpsychotherapy.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817114/; classtype:trojan-activity;sid:83680214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ypoh.register.arpsychotherapy.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817110/; classtype:trojan-activity;sid:83680210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817111/; classtype:trojan-activity;sid:83680211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.82.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817112/; classtype:trojan-activity;sid:83680212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.24.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817113/; classtype:trojan-activity;sid:83680213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.102.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817109/; classtype:trojan-activity;sid:83680209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817108/; classtype:trojan-activity;sid:83680208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.79.111.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817106/; classtype:trojan-activity;sid:83680206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.225.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817107/; classtype:trojan-activity;sid:83680207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668730630|3f|hash=p0neizzdqvcpre5k7wrzy0suyxtq5qcmygxglzdzj40|7c|26|7c|dl=o1pdew1milw9zr0ry59bq21efonz0d9ncx6enzheazg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817105/; classtype:trojan-activity;sid:83680205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.178.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817104/; classtype:trojan-activity;sid:83680204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817103/; classtype:trojan-activity;sid:83680203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.132.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817102/; classtype:trojan-activity;sid:83680202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.30.146.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817101/; classtype:trojan-activity;sid:83680201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.236.185.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817100/; classtype:trojan-activity;sid:83680200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.75.60.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817099/; classtype:trojan-activity;sid:83680199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.2.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817098/; classtype:trojan-activity;sid:83680198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.61.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817097/; classtype:trojan-activity;sid:83680197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.78.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817096/; classtype:trojan-activity;sid:83680196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.185.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817095/; classtype:trojan-activity;sid:83680195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817090/; classtype:trojan-activity;sid:83680190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817091/; classtype:trojan-activity;sid:83680191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817092/; classtype:trojan-activity;sid:83680192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817093/; classtype:trojan-activity;sid:83680193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817094/; classtype:trojan-activity;sid:83680194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817089/; classtype:trojan-activity;sid:83680189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.232.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817088/; classtype:trojan-activity;sid:83680188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817087/; classtype:trojan-activity;sid:83680187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.235.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817086/; classtype:trojan-activity;sid:83680186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.8.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817083/; classtype:trojan-activity;sid:83680183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.168.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817084/; classtype:trojan-activity;sid:83680184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.177.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817085/; classtype:trojan-activity;sid:83680185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.41.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817082/; classtype:trojan-activity;sid:83680182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.108.211.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817081/; classtype:trojan-activity;sid:83680181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.182.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817080/; classtype:trojan-activity;sid:83680180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.35.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817079/; classtype:trojan-activity;sid:83680179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.160.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817078/; classtype:trojan-activity;sid:83680178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.52.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817077/; classtype:trojan-activity;sid:83680177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817076/; classtype:trojan-activity;sid:83680176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817075/; classtype:trojan-activity;sid:83680175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.86.244.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817074/; classtype:trojan-activity;sid:83680174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.133.89.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817073/; classtype:trojan-activity;sid:83680173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.147.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817072/; classtype:trojan-activity;sid:83680172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817071/; classtype:trojan-activity;sid:83680171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.90.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817070/; classtype:trojan-activity;sid:83680170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.232.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817069/; classtype:trojan-activity;sid:83680169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.208.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817068/; classtype:trojan-activity;sid:83680168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.52.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817067/; classtype:trojan-activity;sid:83680167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817066/; classtype:trojan-activity;sid:83680166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.246.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817065/; classtype:trojan-activity;sid:83680165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.64.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817064/; classtype:trojan-activity;sid:83680164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817063/; classtype:trojan-activity;sid:83680163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.208.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817062/; classtype:trojan-activity;sid:83680162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817061/; classtype:trojan-activity;sid:83680161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.2.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817060/; classtype:trojan-activity;sid:83680160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.148.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817059/; classtype:trojan-activity;sid:83680159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817058/; classtype:trojan-activity;sid:83680158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.133.89.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817057/; classtype:trojan-activity;sid:83680157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817056/; classtype:trojan-activity;sid:83680156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.118.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817055/; classtype:trojan-activity;sid:83680155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.199.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817054/; classtype:trojan-activity;sid:83680154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.56.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817053/; classtype:trojan-activity;sid:83680153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817052/; classtype:trojan-activity;sid:83680152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.90.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817051/; classtype:trojan-activity;sid:83680151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.185.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817049/; classtype:trojan-activity;sid:83680149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.9.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817050/; classtype:trojan-activity;sid:83680150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.64.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817048/; classtype:trojan-activity;sid:83680148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.236.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817046/; classtype:trojan-activity;sid:83680146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.101.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817047/; classtype:trojan-activity;sid:83680147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.246.207.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817045/; classtype:trojan-activity;sid:83680145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.98.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817044/; classtype:trojan-activity;sid:83680144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.4.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817043/; classtype:trojan-activity;sid:83680143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.251.21.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817042/; classtype:trojan-activity;sid:83680142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817041/; classtype:trojan-activity;sid:83680141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817040/; classtype:trojan-activity;sid:83680140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.39.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817039/; classtype:trojan-activity;sid:83680139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.13.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817038/; classtype:trojan-activity;sid:83680138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817037/; classtype:trojan-activity;sid:83680137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817036/; classtype:trojan-activity;sid:83680136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817035/; classtype:trojan-activity;sid:83680135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817034/; classtype:trojan-activity;sid:83680134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.39.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817033/; classtype:trojan-activity;sid:83680133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817032/; classtype:trojan-activity;sid:83680132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.75.60.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817031/; classtype:trojan-activity;sid:83680131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817030/; classtype:trojan-activity;sid:83680130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.245.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817029/; classtype:trojan-activity;sid:83680129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"bn.networkbn.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817026/; classtype:trojan-activity;sid:83680126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"bn.networkbn.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817027/; classtype:trojan-activity;sid:83680127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"bn.networkbn.click"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817028/; classtype:trojan-activity;sid:83680128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.82.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817025/; classtype:trojan-activity;sid:83680125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.19.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817024/; classtype:trojan-activity;sid:83680124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817021/; classtype:trojan-activity;sid:83680121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817022/; classtype:trojan-activity;sid:83680122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817023/; classtype:trojan-activity;sid:83680123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.39.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817020/; classtype:trojan-activity;sid:83680120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817014/; classtype:trojan-activity;sid:83680114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817015/; classtype:trojan-activity;sid:83680115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817016/; classtype:trojan-activity;sid:83680116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817017/; classtype:trojan-activity;sid:83680117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817018/; classtype:trojan-activity;sid:83680118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817019/; classtype:trojan-activity;sid:83680119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817010/; classtype:trojan-activity;sid:83680110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817011/; classtype:trojan-activity;sid:83680111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817012/; classtype:trojan-activity;sid:83680112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817013/; classtype:trojan-activity;sid:83680113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817008/; classtype:trojan-activity;sid:83680108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817009/; classtype:trojan-activity;sid:83680109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817006/; classtype:trojan-activity;sid:83680106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"103.167.88.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817007/; classtype:trojan-activity;sid:83680107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.191.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817005/; classtype:trojan-activity;sid:83680105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.199.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817004/; classtype:trojan-activity;sid:83680104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.148.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817002/; classtype:trojan-activity;sid:83680102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.80.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817003/; classtype:trojan-activity;sid:83680103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.251.21.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817001/; classtype:trojan-activity;sid:83680101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.174.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817000/; classtype:trojan-activity;sid:83680100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.42.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816999/; classtype:trojan-activity;sid:83680099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816998/; classtype:trojan-activity;sid:83680098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.91.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816997/; classtype:trojan-activity;sid:83680097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.193.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816995/; classtype:trojan-activity;sid:83680095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.56.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816996/; classtype:trojan-activity;sid:83680096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.82.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816994/; classtype:trojan-activity;sid:83680094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.128.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816993/; classtype:trojan-activity;sid:83680093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.238.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816992/; classtype:trojan-activity;sid:83680092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.138.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816991/; classtype:trojan-activity;sid:83680091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.19.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816990/; classtype:trojan-activity;sid:83680090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.14.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816989/; classtype:trojan-activity;sid:83680089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.201.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816988/; classtype:trojan-activity;sid:83680088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816987/; classtype:trojan-activity;sid:83680087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.62.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816986/; classtype:trojan-activity;sid:83680086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.246.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816985/; classtype:trojan-activity;sid:83680085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xmrhz7vhljjd"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816983/; classtype:trojan-activity;sid:83680083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.75.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816984/; classtype:trojan-activity;sid:83680084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816982/; classtype:trojan-activity;sid:83680082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.40.115.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816981/; classtype:trojan-activity;sid:83680081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.45.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816980/; classtype:trojan-activity;sid:83680080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.69.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816979/; classtype:trojan-activity;sid:83680079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.181.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816978/; classtype:trojan-activity;sid:83680078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.123.71.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816977/; classtype:trojan-activity;sid:83680077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.91.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816976/; classtype:trojan-activity;sid:83680076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.56.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816975/; classtype:trojan-activity;sid:83680075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.174.238.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816974/; classtype:trojan-activity;sid:83680074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.201.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816973/; classtype:trojan-activity;sid:83680073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.14.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816972/; classtype:trojan-activity;sid:83680072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.84.33.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816971/; classtype:trojan-activity;sid:83680071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816970/; classtype:trojan-activity;sid:83680070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.76.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816969/; classtype:trojan-activity;sid:83680069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.220.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816968/; classtype:trojan-activity;sid:83680068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.222.237.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816967/; classtype:trojan-activity;sid:83680067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816966/; classtype:trojan-activity;sid:83680066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.232.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816965/; classtype:trojan-activity;sid:83680065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.24.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816963/; classtype:trojan-activity;sid:83680063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.104.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816964/; classtype:trojan-activity;sid:83680064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.13.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816962/; classtype:trojan-activity;sid:83680062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.123.71.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816960/; classtype:trojan-activity;sid:83680060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.68.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816961/; classtype:trojan-activity;sid:83680061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816959/; classtype:trojan-activity;sid:83680059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.56.156.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816957/; classtype:trojan-activity;sid:83680057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.112.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816958/; classtype:trojan-activity;sid:83680058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.64.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816956/; classtype:trojan-activity;sid:83680056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.158.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816955/; classtype:trojan-activity;sid:83680055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.79.72.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816954/; classtype:trojan-activity;sid:83680054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.223.178.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816953/; classtype:trojan-activity;sid:83680053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.156.10.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816952/; classtype:trojan-activity;sid:83680052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.46.90.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816951/; classtype:trojan-activity;sid:83680051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.180.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816950/; classtype:trojan-activity;sid:83680050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.142.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816949/; classtype:trojan-activity;sid:83680049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.33.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816948/; classtype:trojan-activity;sid:83680048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816947/; classtype:trojan-activity;sid:83680047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.115.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816946/; classtype:trojan-activity;sid:83680046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.95.160.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816945/; classtype:trojan-activity;sid:83680045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.188.62.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816944/; classtype:trojan-activity;sid:83680044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.64.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816943/; classtype:trojan-activity;sid:83680043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.153.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816941/; classtype:trojan-activity;sid:83680041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.109.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816942/; classtype:trojan-activity;sid:83680042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.119.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816940/; classtype:trojan-activity;sid:83680040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"159.196.149.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816939/; classtype:trojan-activity;sid:83680039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.240.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816935/; classtype:trojan-activity;sid:83680035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.7.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816936/; classtype:trojan-activity;sid:83680036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.71.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816937/; classtype:trojan-activity;sid:83680037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.255.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816938/; classtype:trojan-activity;sid:83680038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.152.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816934/; classtype:trojan-activity;sid:83680034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.220.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816933/; classtype:trojan-activity;sid:83680033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.140.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816932/; classtype:trojan-activity;sid:83680032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.44.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816930/; classtype:trojan-activity;sid:83680030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.114.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816931/; classtype:trojan-activity;sid:83680031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.36.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816929/; classtype:trojan-activity;sid:83680029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816928/; classtype:trojan-activity;sid:83680028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.104.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816927/; classtype:trojan-activity;sid:83680027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816926/; classtype:trojan-activity;sid:83680026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816925/; classtype:trojan-activity;sid:83680025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.180.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816920/; classtype:trojan-activity;sid:83680020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816921/; classtype:trojan-activity;sid:83680021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.183.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816922/; classtype:trojan-activity;sid:83680022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.124.44.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816923/; classtype:trojan-activity;sid:83680023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.86.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816924/; classtype:trojan-activity;sid:83680024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.75.176.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816919/; classtype:trojan-activity;sid:83680019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816918/; classtype:trojan-activity;sid:83680018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.122.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816917/; classtype:trojan-activity;sid:83680017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.175.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816916/; classtype:trojan-activity;sid:83680016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.64.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816915/; classtype:trojan-activity;sid:83680015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.44.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816914/; classtype:trojan-activity;sid:83680014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.79.72.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816913/; classtype:trojan-activity;sid:83680013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816912/; classtype:trojan-activity;sid:83680012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.69.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816911/; classtype:trojan-activity;sid:83680011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.160.161.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816910/; classtype:trojan-activity;sid:83680010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.153.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816909/; classtype:trojan-activity;sid:83680009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.97.141.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816908/; classtype:trojan-activity;sid:83680008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.213.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816907/; classtype:trojan-activity;sid:83680007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.53.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816906/; classtype:trojan-activity;sid:83680006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.248.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816905/; classtype:trojan-activity;sid:83680005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.55.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816904/; classtype:trojan-activity;sid:83680004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.140.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816903/; classtype:trojan-activity;sid:83680003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816902/; classtype:trojan-activity;sid:83680002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.57.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816901/; classtype:trojan-activity;sid:83680001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.172.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816900/; classtype:trojan-activity;sid:83680000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.114.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816899/; classtype:trojan-activity;sid:83679999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816898/; classtype:trojan-activity;sid:83679998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.248.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816896/; classtype:trojan-activity;sid:83679996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.222.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816897/; classtype:trojan-activity;sid:83679997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816895/; classtype:trojan-activity;sid:83679995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.83.230.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816894/; classtype:trojan-activity;sid:83679994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.194.169.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816893/; classtype:trojan-activity;sid:83679993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.60.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816892/; classtype:trojan-activity;sid:83679992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.93.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816891/; classtype:trojan-activity;sid:83679991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.26.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816890/; classtype:trojan-activity;sid:83679990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.55.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816889/; classtype:trojan-activity;sid:83679989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.57.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816888/; classtype:trojan-activity;sid:83679988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.192.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816886/; classtype:trojan-activity;sid:83679986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.213.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816887/; classtype:trojan-activity;sid:83679987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.214.162.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816884/; classtype:trojan-activity;sid:83679984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.58.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816885/; classtype:trojan-activity;sid:83679985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816883/; classtype:trojan-activity;sid:83679983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.60.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816882/; classtype:trojan-activity;sid:83679982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.21.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816881/; classtype:trojan-activity;sid:83679981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816880/; classtype:trojan-activity;sid:83679980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.222.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816879/; classtype:trojan-activity;sid:83679979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.67.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816878/; classtype:trojan-activity;sid:83679978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.29.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816877/; classtype:trojan-activity;sid:83679977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.60.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816876/; classtype:trojan-activity;sid:83679976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816875/; classtype:trojan-activity;sid:83679975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.184.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816874/; classtype:trojan-activity;sid:83679974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mipsel"; depth:14; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816867/; classtype:trojan-activity;sid:83679967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.powerpc"; depth:15; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816868/; classtype:trojan-activity;sid:83679968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm6"; depth:12; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816869/; classtype:trojan-activity;sid:83679969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sparc"; depth:13; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816870/; classtype:trojan-activity;sid:83679970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mips"; depth:12; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816871/; classtype:trojan-activity;sid:83679971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sh4"; depth:11; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816872/; classtype:trojan-activity;sid:83679972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm5"; depth:12; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816873/; classtype:trojan-activity;sid:83679973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816865/; classtype:trojan-activity;sid:83679965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.m68k"; depth:12; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816866/; classtype:trojan-activity;sid:83679966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/02.dll"; depth:14; endswith; nocase; http.host; content:"45.77.68.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816863/; classtype:trojan-activity;sid:83679963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/02.dll"; depth:14; endswith; nocase; http.host; content:"45.77.68.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816864/; classtype:trojan-activity;sid:83679964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grace/gf.txt"; depth:13; endswith; nocase; http.host; content:"fanconom.shop"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816862/; classtype:trojan-activity;sid:83679962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816854/; classtype:trojan-activity;sid:83679954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.213.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816853/; classtype:trojan-activity;sid:83679953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdfyngfsiufgsinunfgiuv/setualmajority.exe"; depth:42; endswith; nocase; http.host; content:"giftsendercapital.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816852/; classtype:trojan-activity;sid:83679952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.75.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816851/; classtype:trojan-activity;sid:83679951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.233.211.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816850/; classtype:trojan-activity;sid:83679950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.55.13.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816849/; classtype:trojan-activity;sid:83679949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/vgyzwzt4"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816848/; classtype:trojan-activity;sid:83679948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.94.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816847/; classtype:trojan-activity;sid:83679947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/02.dll"; depth:14; endswith; nocase; http.host; content:"upd5.pro"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816846/; classtype:trojan-activity;sid:83679946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/02.dll"; depth:14; endswith; nocase; http.host; content:"upd112.appspot.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816845/; classtype:trojan-activity;sid:83679945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.192.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816844/; classtype:trojan-activity;sid:83679944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816843/; classtype:trojan-activity;sid:83679943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"dead-cheap-doma.in"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816842/; classtype:trojan-activity;sid:83679942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"dead-cheap-doma.in"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816836/; classtype:trojan-activity;sid:83679936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"dead-cheap-doma.in"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816837/; classtype:trojan-activity;sid:83679937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"dead-cheap-doma.in"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816838/; classtype:trojan-activity;sid:83679938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"dead-cheap-doma.in"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816839/; classtype:trojan-activity;sid:83679939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"dead-cheap-doma.in"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816840/; classtype:trojan-activity;sid:83679940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"dead-cheap-doma.in"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816841/; classtype:trojan-activity;sid:83679941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816835/; classtype:trojan-activity;sid:83679935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vl.php"; depth:7; endswith; nocase; http.host; content:"gihibml.org"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816834/; classtype:trojan-activity;sid:83679934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.71.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816833/; classtype:trojan-activity;sid:83679933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668724628|3f|hash=qmz03gfvrsvglgbibmzyrp0rkobxufxtq8xz6f8s4kc|7c|26|7c|dl=ulww917wtaurj3gn7qsb6pok64pir9qcyh3hipckrvz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816832/; classtype:trojan-activity;sid:83679932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.98.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816831/; classtype:trojan-activity;sid:83679931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816830/; classtype:trojan-activity;sid:83679930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.199.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816829/; classtype:trojan-activity;sid:83679929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wzm.exe"; depth:8; endswith; nocase; http.host; content:"speedy34.myvnc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816828/; classtype:trojan-activity;sid:83679928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.98.44.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816827/; classtype:trojan-activity;sid:83679927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.146.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816826/; classtype:trojan-activity;sid:83679926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.64.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816825/; classtype:trojan-activity;sid:83679925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"185.196.11.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816824/; classtype:trojan-activity;sid:83679924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.161.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816823/; classtype:trojan-activity;sid:83679923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.228.72.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816822/; classtype:trojan-activity;sid:83679922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816821/; classtype:trojan-activity;sid:83679921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816819/; classtype:trojan-activity;sid:83679919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816820/; classtype:trojan-activity;sid:83679920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816813/; classtype:trojan-activity;sid:83679913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816814/; classtype:trojan-activity;sid:83679914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816815/; classtype:trojan-activity;sid:83679915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816816/; classtype:trojan-activity;sid:83679916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816817/; classtype:trojan-activity;sid:83679917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816818/; classtype:trojan-activity;sid:83679918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816812/; classtype:trojan-activity;sid:83679912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816811/; classtype:trojan-activity;sid:83679911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.126.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816809/; classtype:trojan-activity;sid:83679909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.185.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816810/; classtype:trojan-activity;sid:83679910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.184.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816808/; classtype:trojan-activity;sid:83679908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.54.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816807/; classtype:trojan-activity;sid:83679907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.98.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816806/; classtype:trojan-activity;sid:83679906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816805/; classtype:trojan-activity;sid:83679905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.253.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816803/; classtype:trojan-activity;sid:83679903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.175.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816804/; classtype:trojan-activity;sid:83679904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816802/; classtype:trojan-activity;sid:83679902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/w8owz"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816800/; classtype:trojan-activity;sid:83679900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grace/mac.txt"; depth:14; endswith; nocase; http.host; content:"fanconom.shop"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816801/; classtype:trojan-activity;sid:83679901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"185.216.70.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816798/; classtype:trojan-activity;sid:83679898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816799/; classtype:trojan-activity;sid:83679899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmxw3nwszw7f1zs.scr"; depth:20; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816797/; classtype:trojan-activity;sid:83679897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.183.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816796/; classtype:trojan-activity;sid:83679896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcckypztem152.bin"; depth:18; endswith; nocase; http.host; content:"94.156.79.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816795/; classtype:trojan-activity;sid:83679895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc3.sh"; depth:8; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816792/; classtype:trojan-activity;sid:83679892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc1.sh"; depth:8; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816793/; classtype:trojan-activity;sid:83679893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc2.sh"; depth:8; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816794/; classtype:trojan-activity;sid:83679894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nig.sh"; depth:7; endswith; nocase; http.host; content:"94.156.67.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816791/; classtype:trojan-activity;sid:83679891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1xvz2091l1k-zeof_px7wmbd_qtminrph"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816790/; classtype:trojan-activity;sid:83679890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1-jsweddknpk98ghqbnqyofen8x8ww5oa"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816789/; classtype:trojan-activity;sid:83679889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh"; depth:8; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816788/; classtype:trojan-activity;sid:83679888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816787/; classtype:trojan-activity;sid:83679887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816781/; classtype:trojan-activity;sid:83679881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sack.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816782/; classtype:trojan-activity;sid:83679882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li.sh"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816783/; classtype:trojan-activity;sid:83679883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.sh"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816784/; classtype:trojan-activity;sid:83679884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lil.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816785/; classtype:trojan-activity;sid:83679885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swt.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816786/; classtype:trojan-activity;sid:83679886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816776/; classtype:trojan-activity;sid:83679876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vio.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816777/; classtype:trojan-activity;sid:83679877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816778/; classtype:trojan-activity;sid:83679878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smd.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816779/; classtype:trojan-activity;sid:83679879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcm.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816780/; classtype:trojan-activity;sid:83679880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ont.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816771/; classtype:trojan-activity;sid:83679871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kws.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816772/; classtype:trojan-activity;sid:83679872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hell.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816773/; classtype:trojan-activity;sid:83679873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pog.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816774/; classtype:trojan-activity;sid:83679874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816775/; classtype:trojan-activity;sid:83679875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hair.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816768/; classtype:trojan-activity;sid:83679868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n.sh"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816769/; classtype:trojan-activity;sid:83679869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc.sh"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816770/; classtype:trojan-activity;sid:83679870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816760/; classtype:trojan-activity;sid:83679860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tell.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816761/; classtype:trojan-activity;sid:83679861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgets.sh"; depth:9; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816762/; classtype:trojan-activity;sid:83679862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ar.sh"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816763/; classtype:trojan-activity;sid:83679863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vowan.sh"; depth:9; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816764/; classtype:trojan-activity;sid:83679864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sony.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816765/; classtype:trojan-activity;sid:83679865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cable.sh"; depth:9; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816766/; classtype:trojan-activity;sid:83679866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/geo.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816767/; classtype:trojan-activity;sid:83679867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.sh"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816738/; classtype:trojan-activity;sid:83679838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h.sh"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816739/; classtype:trojan-activity;sid:83679839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seagate.sh"; depth:11; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816740/; classtype:trojan-activity;sid:83679840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nlte.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816741/; classtype:trojan-activity;sid:83679841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thc.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816742/; classtype:trojan-activity;sid:83679842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.sh"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816743/; classtype:trojan-activity;sid:83679843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816744/; classtype:trojan-activity;sid:83679844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smc.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816745/; classtype:trojan-activity;sid:83679845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/link.sh"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816746/; classtype:trojan-activity;sid:83679846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816747/; classtype:trojan-activity;sid:83679847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brick.sh"; depth:9; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816748/; classtype:trojan-activity;sid:83679848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.sh"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816749/; classtype:trojan-activity;sid:83679849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usr.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816750/; classtype:trojan-activity;sid:83679850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816751/; classtype:trojan-activity;sid:83679851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usa.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816752/; classtype:trojan-activity;sid:83679852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816753/; classtype:trojan-activity;sid:83679853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phy.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816754/; classtype:trojan-activity;sid:83679854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mob.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816755/; classtype:trojan-activity;sid:83679855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usw.sh"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816756/; classtype:trojan-activity;sid:83679856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grandstream.sh"; depth:15; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816757/; classtype:trojan-activity;sid:83679857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.sh"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816758/; classtype:trojan-activity;sid:83679858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swget.sh"; depth:9; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816759/; classtype:trojan-activity;sid:83679859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidb.sh"; depth:9; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816737/; classtype:trojan-activity;sid:83679837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816729/; classtype:trojan-activity;sid:83679829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816730/; classtype:trojan-activity;sid:83679830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kraxe"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816731/; classtype:trojan-activity;sid:83679831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816732/; classtype:trojan-activity;sid:83679832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bork"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816733/; classtype:trojan-activity;sid:83679833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816734/; classtype:trojan-activity;sid:83679834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816735/; classtype:trojan-activity;sid:83679835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ze"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816736/; classtype:trojan-activity;sid:83679836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netcom"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816726/; classtype:trojan-activity;sid:83679826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poco"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816727/; classtype:trojan-activity;sid:83679827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nel"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816728/; classtype:trojan-activity;sid:83679828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816711/; classtype:trojan-activity;sid:83679811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smc2"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816712/; classtype:trojan-activity;sid:83679812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816713/; classtype:trojan-activity;sid:83679813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vbn"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816714/; classtype:trojan-activity;sid:83679814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gp"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816715/; classtype:trojan-activity;sid:83679815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816716/; classtype:trojan-activity;sid:83679816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816717/; classtype:trojan-activity;sid:83679817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smc1"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816718/; classtype:trojan-activity;sid:83679818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816719/; classtype:trojan-activity;sid:83679819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webp"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816720/; classtype:trojan-activity;sid:83679820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/af"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816721/; classtype:trojan-activity;sid:83679821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bo"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816722/; classtype:trojan-activity;sid:83679822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/so"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816723/; classtype:trojan-activity;sid:83679823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816724/; classtype:trojan-activity;sid:83679824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sd"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816725/; classtype:trojan-activity;sid:83679825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wed"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816706/; classtype:trojan-activity;sid:83679806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.72.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816707/; classtype:trojan-activity;sid:83679807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tot"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816708/; classtype:trojan-activity;sid:83679808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816709/; classtype:trojan-activity;sid:83679809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdt"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816710/; classtype:trojan-activity;sid:83679810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/st"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816699/; classtype:trojan-activity;sid:83679799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esf"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816700/; classtype:trojan-activity;sid:83679800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4g"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816701/; classtype:trojan-activity;sid:83679801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816702/; classtype:trojan-activity;sid:83679802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rob"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816703/; classtype:trojan-activity;sid:83679803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zm"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816704/; classtype:trojan-activity;sid:83679804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816705/; classtype:trojan-activity;sid:83679805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lil"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816692/; classtype:trojan-activity;sid:83679792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pew"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816693/; classtype:trojan-activity;sid:83679793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bai"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816694/; classtype:trojan-activity;sid:83679794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816695/; classtype:trojan-activity;sid:83679795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffdgsfg"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816696/; classtype:trojan-activity;sid:83679796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816697/; classtype:trojan-activity;sid:83679797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wg"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816698/; classtype:trojan-activity;sid:83679798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vnpon"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816685/; classtype:trojan-activity;sid:83679785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816686/; classtype:trojan-activity;sid:83679786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816687/; classtype:trojan-activity;sid:83679787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bah"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816688/; classtype:trojan-activity;sid:83679788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plc"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816689/; classtype:trojan-activity;sid:83679789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnipc"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816690/; classtype:trojan-activity;sid:83679790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zb"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816691/; classtype:trojan-activity;sid:83679791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olor"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816677/; classtype:trojan-activity;sid:83679777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816678/; classtype:trojan-activity;sid:83679778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sksk"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816679/; classtype:trojan-activity;sid:83679779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816680/; classtype:trojan-activity;sid:83679780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816681/; classtype:trojan-activity;sid:83679781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boa"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816682/; classtype:trojan-activity;sid:83679782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sk"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816683/; classtype:trojan-activity;sid:83679783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/to"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816684/; classtype:trojan-activity;sid:83679784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/po"; depth:3; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816676/; classtype:trojan-activity;sid:83679776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816674/; classtype:trojan-activity;sid:83679774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816675/; classtype:trojan-activity;sid:83679775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.135.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816673/; classtype:trojan-activity;sid:83679773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.13.162.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816672/; classtype:trojan-activity;sid:83679772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.147.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816671/; classtype:trojan-activity;sid:83679771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zqiigk3vltiliw7beofk35swomzt1xq8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816670/; classtype:trojan-activity;sid:83679770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816666/; classtype:trojan-activity;sid:83679766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816667/; classtype:trojan-activity;sid:83679767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816668/; classtype:trojan-activity;sid:83679768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816669/; classtype:trojan-activity;sid:83679769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1oemt_kafwwgoyjugzz-evvzqmauem0py"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816662/; classtype:trojan-activity;sid:83679762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hmxpggdyaw67lkxikssfpfqwipawakss"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816663/; classtype:trojan-activity;sid:83679763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1a0xrc890z3jyhooad4gvdhcq_fbz7oba"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816664/; classtype:trojan-activity;sid:83679764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kqpw1yogbrtnssvhbdeupzj5spsgnywx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816665/; classtype:trojan-activity;sid:83679765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816661/; classtype:trojan-activity;sid:83679761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.29.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816660/; classtype:trojan-activity;sid:83679760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816657/; classtype:trojan-activity;sid:83679757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816658/; classtype:trojan-activity;sid:83679758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816659/; classtype:trojan-activity;sid:83679759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=162qchorhdroem_avckrfkklzfmtwc8u9"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816654/; classtype:trojan-activity;sid:83679754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hhelovs0i3qill9lretk4it0gqsk44o3"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816655/; classtype:trojan-activity;sid:83679755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1k10rjnt_qlypomp4x3wycd85pgxmwhmk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816656/; classtype:trojan-activity;sid:83679756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/zwwse"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816652/; classtype:trojan-activity;sid:83679752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1elor_mfe1qmm7xiondhgoz3onwuttt8n"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816653/; classtype:trojan-activity;sid:83679753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb"; depth:3; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816647/; classtype:trojan-activity;sid:83679747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816648/; classtype:trojan-activity;sid:83679748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816649/; classtype:trojan-activity;sid:83679749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816650/; classtype:trojan-activity;sid:83679750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816651/; classtype:trojan-activity;sid:83679751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816646/; classtype:trojan-activity;sid:83679746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816642/; classtype:trojan-activity;sid:83679742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816643/; classtype:trojan-activity;sid:83679743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816644/; classtype:trojan-activity;sid:83679744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816645/; classtype:trojan-activity;sid:83679745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816641/; classtype:trojan-activity;sid:83679741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run"; depth:4; endswith; nocase; http.host; content:"136.244.98.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816640/; classtype:trojan-activity;sid:83679740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.72.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816639/; classtype:trojan-activity;sid:83679739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.185.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816638/; classtype:trojan-activity;sid:83679738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.232.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816637/; classtype:trojan-activity;sid:83679737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.205.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816636/; classtype:trojan-activity;sid:83679736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.183.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816635/; classtype:trojan-activity;sid:83679735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_yd-kjrhq4dpfnly_s4yytm4njjpwapu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816634/; classtype:trojan-activity;sid:83679734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//static/aqua.arm5"; depth:18; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816633/; classtype:trojan-activity;sid:83679733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1h1hc1tr1clhrkotyhz4tngmzew2gosnw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816632/; classtype:trojan-activity;sid:83679732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.68.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816631/; classtype:trojan-activity;sid:83679731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//static/aqua.arm4"; depth:18; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816629/; classtype:trojan-activity;sid:83679729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.135.167.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816630/; classtype:trojan-activity;sid:83679730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.147.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816628/; classtype:trojan-activity;sid:83679728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gleamer.mix"; depth:12; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816627/; classtype:trojan-activity;sid:83679727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yhefulefhskyhxykesmpv163.bin"; depth:29; endswith; nocase; http.host; content:"87.121.105.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816626/; classtype:trojan-activity;sid:83679726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.34.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816625/; classtype:trojan-activity;sid:83679725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.232.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816624/; classtype:trojan-activity;sid:83679724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"40.133.224.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816623/; classtype:trojan-activity;sid:83679723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.220.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816622/; classtype:trojan-activity;sid:83679722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.13.162.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816621/; classtype:trojan-activity;sid:83679721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.175.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816620/; classtype:trojan-activity;sid:83679720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.178.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816619/; classtype:trojan-activity;sid:83679719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.34.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816618/; classtype:trojan-activity;sid:83679718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.205.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816617/; classtype:trojan-activity;sid:83679717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.22.238.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816616/; classtype:trojan-activity;sid:83679716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.143.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816615/; classtype:trojan-activity;sid:83679715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.103.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816614/; classtype:trojan-activity;sid:83679714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"45.61.184.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816613/; classtype:trojan-activity;sid:83679713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.184.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816612/; classtype:trojan-activity;sid:83679712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.135.167.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816611/; classtype:trojan-activity;sid:83679711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.102.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816610/; classtype:trojan-activity;sid:83679710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.7.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816609/; classtype:trojan-activity;sid:83679709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.163.30.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816608/; classtype:trojan-activity;sid:83679708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.101.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816607/; classtype:trojan-activity;sid:83679707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.24.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816606/; classtype:trojan-activity;sid:83679706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"40.133.224.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816605/; classtype:trojan-activity;sid:83679705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10"; depth:3; endswith; nocase; http.host; content:"45.61.184.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816604/; classtype:trojan-activity;sid:83679704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"45.61.184.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816601/; classtype:trojan-activity;sid:83679701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"45.61.184.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816602/; classtype:trojan-activity;sid:83679702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xd"; depth:3; endswith; nocase; http.host; content:"45.61.184.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816603/; classtype:trojan-activity;sid:83679703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.47.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816600/; classtype:trojan-activity;sid:83679700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.255.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816599/; classtype:trojan-activity;sid:83679699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.220.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816598/; classtype:trojan-activity;sid:83679698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.69.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816597/; classtype:trojan-activity;sid:83679697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x2/tartare.chm"; depth:15; endswith; nocase; http.host; content:"nitio.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816596/; classtype:trojan-activity;sid:83679696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.54.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816595/; classtype:trojan-activity;sid:83679695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.206.177.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816594/; classtype:trojan-activity;sid:83679694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.128.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816593/; classtype:trojan-activity;sid:83679693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.202.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816592/; classtype:trojan-activity;sid:83679692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh.bin"; depth:7; endswith; nocase; http.host; content:"trailers24.eu"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816591/; classtype:trojan-activity;sid:83679691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.141.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816590/; classtype:trojan-activity;sid:83679690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.143.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816589/; classtype:trojan-activity;sid:83679689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/logo2.jpg"; depth:14; endswith; nocase; http.host; content:"public-ftp.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816588/; classtype:trojan-activity;sid:83679688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sogax86"; depth:8; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816585/; classtype:trojan-activity;sid:83679685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ccf.exe"; depth:8; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816586/; classtype:trojan-activity;sid:83679686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ccf.exe"; depth:8; endswith; nocase; http.host; content:"bzwl888.sbs"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816587/; classtype:trojan-activity;sid:83679687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sogax86"; depth:8; endswith; nocase; http.host; content:"bzwl888.sbs"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816584/; classtype:trojan-activity;sid:83679684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"bzwl888.sbs"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816583/; classtype:trojan-activity;sid:83679683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816582/; classtype:trojan-activity;sid:83679682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816576/; classtype:trojan-activity;sid:83679676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816577/; classtype:trojan-activity;sid:83679677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816578/; classtype:trojan-activity;sid:83679678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816579/; classtype:trojan-activity;sid:83679679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816580/; classtype:trojan-activity;sid:83679680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816581/; classtype:trojan-activity;sid:83679681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816570/; classtype:trojan-activity;sid:83679670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816571/; classtype:trojan-activity;sid:83679671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816572/; classtype:trojan-activity;sid:83679672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816573/; classtype:trojan-activity;sid:83679673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816574/; classtype:trojan-activity;sid:83679674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816575/; classtype:trojan-activity;sid:83679675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816564/; classtype:trojan-activity;sid:83679664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816565/; classtype:trojan-activity;sid:83679665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816566/; classtype:trojan-activity;sid:83679666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816567/; classtype:trojan-activity;sid:83679667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816568/; classtype:trojan-activity;sid:83679668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816569/; classtype:trojan-activity;sid:83679669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"jswl.bzwl888.sbs"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816563/; classtype:trojan-activity;sid:83679663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jbnvj66bwyu3ycv.scr"; depth:20; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816562/; classtype:trojan-activity;sid:83679662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transfusionist.vbs"; depth:19; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816561/; classtype:trojan-activity;sid:83679661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.7.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816560/; classtype:trojan-activity;sid:83679660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1oszynfpkz4rwifqvmv8vs6hk702ip0vt"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816558/; classtype:trojan-activity;sid:83679658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1teinjuneai-sri4cb40u9krl2x7xjdgg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816559/; classtype:trojan-activity;sid:83679659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h8w3nxjq4gya5ed.scr"; depth:20; endswith; nocase; http.host; content:"dukeenergyltd.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816556/; classtype:trojan-activity;sid:83679656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o9rbxkf6zjdk949.scr"; depth:20; endswith; nocase; http.host; content:"universalmovies.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816557/; classtype:trojan-activity;sid:83679657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.255.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816555/; classtype:trojan-activity;sid:83679655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.113.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816554/; classtype:trojan-activity;sid:83679654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.186.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816553/; classtype:trojan-activity;sid:83679653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.126.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816552/; classtype:trojan-activity;sid:83679652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.4.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816551/; classtype:trojan-activity;sid:83679651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.113.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816550/; classtype:trojan-activity;sid:83679650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.191.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816549/; classtype:trojan-activity;sid:83679649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"38.55.201.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816548/; classtype:trojan-activity;sid:83679648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pf"; depth:3; endswith; nocase; http.host; content:"45.61.184.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816547/; classtype:trojan-activity;sid:83679647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.100.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816546/; classtype:trojan-activity;sid:83679646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816545/; classtype:trojan-activity;sid:83679645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816541/; classtype:trojan-activity;sid:83679641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816542/; classtype:trojan-activity;sid:83679642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816543/; classtype:trojan-activity;sid:83679643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816544/; classtype:trojan-activity;sid:83679644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816539/; classtype:trojan-activity;sid:83679639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"94.156.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816540/; classtype:trojan-activity;sid:83679640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.47.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816538/; classtype:trojan-activity;sid:83679638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.141.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816537/; classtype:trojan-activity;sid:83679637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.189.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816536/; classtype:trojan-activity;sid:83679636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.225.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816535/; classtype:trojan-activity;sid:83679635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80/hmf.txt"; depth:11; endswith; nocase; http.host; content:"23.95.60.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816534/; classtype:trojan-activity;sid:83679634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80/hnm/ireallywantakissfrommywifesheisverybeautifulgirlwhoilovealotsheisreallybeautifulgirleveriseenshe___ismybabygirlmylove.doc"; depth:129; endswith; nocase; http.host; content:"23.95.60.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816533/; classtype:trojan-activity;sid:83679633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/hnv/exampleofimage.jpeg"; depth:30; endswith; nocase; http.host; content:"23.95.60.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816532/; classtype:trojan-activity;sid:83679632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.210.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816531/; classtype:trojan-activity;sid:83679631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.188.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816530/; classtype:trojan-activity;sid:83679630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.132.181.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816529/; classtype:trojan-activity;sid:83679629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.50.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816528/; classtype:trojan-activity;sid:83679628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.120.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816527/; classtype:trojan-activity;sid:83679627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.38.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816526/; classtype:trojan-activity;sid:83679626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.36.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816525/; classtype:trojan-activity;sid:83679625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dacha/rules.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816524/; classtype:trojan-activity;sid:83679624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.227.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816523/; classtype:trojan-activity;sid:83679623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.127.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816521/; classtype:trojan-activity;sid:83679621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storvesirs43.psm"; depth:17; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816522/; classtype:trojan-activity;sid:83679622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816519/; classtype:trojan-activity;sid:83679619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.186.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816520/; classtype:trojan-activity;sid:83679620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiyilo235.bin"; depth:14; endswith; nocase; http.host; content:"94.156.79.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816516/; classtype:trojan-activity;sid:83679616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816517/; classtype:trojan-activity;sid:83679617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agterskibe.fla"; depth:15; endswith; nocase; http.host; content:"94.156.79.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816518/; classtype:trojan-activity;sid:83679618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.13.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816514/; classtype:trojan-activity;sid:83679614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udemiljets.pfm"; depth:15; endswith; nocase; http.host; content:"94.156.79.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816515/; classtype:trojan-activity;sid:83679615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.8.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816513/; classtype:trojan-activity;sid:83679613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.175.93.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816512/; classtype:trojan-activity;sid:83679612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.60.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816511/; classtype:trojan-activity;sid:83679611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.95.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816509/; classtype:trojan-activity;sid:83679609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.191.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816510/; classtype:trojan-activity;sid:83679610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.189.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816508/; classtype:trojan-activity;sid:83679608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fud_new.exe"; depth:12; endswith; nocase; http.host; content:"topgamecheats.dev"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816507/; classtype:trojan-activity;sid:83679607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ysnpkrcwwaljfspn146.bin"; depth:24; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816505/; classtype:trojan-activity;sid:83679605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flyvnings.u32"; depth:14; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816506/; classtype:trojan-activity;sid:83679606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.181.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816504/; classtype:trojan-activity;sid:83679604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.120.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816503/; classtype:trojan-activity;sid:83679603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816502/; classtype:trojan-activity;sid:83679602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.170.28.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816501/; classtype:trojan-activity;sid:83679601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.127.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816500/; classtype:trojan-activity;sid:83679600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.248.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816499/; classtype:trojan-activity;sid:83679599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js.exe"; depth:7; endswith; nocase; http.host; content:"103.215.80.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816498/; classtype:trojan-activity;sid:83679598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file_premium/24xvqq41933390z/payment_confirmation.tgz/file"; depth:59; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816497/; classtype:trojan-activity;sid:83679597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.36.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816496/; classtype:trojan-activity;sid:83679596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22.exe"; depth:7; endswith; nocase; http.host; content:"bishopberrian.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816494/; classtype:trojan-activity;sid:83679594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"bishopberrian.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816495/; classtype:trojan-activity;sid:83679595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wq.pdf"; depth:7; endswith; nocase; http.host; content:"yawwacorp.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816493/; classtype:trojan-activity;sid:83679593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.126.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816492/; classtype:trojan-activity;sid:83679592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.175.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816491/; classtype:trojan-activity;sid:83679591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816488/; classtype:trojan-activity;sid:83679588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"188.166.239.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816489/; classtype:trojan-activity;sid:83679589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.161.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816490/; classtype:trojan-activity;sid:83679590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.51.156"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816487/; classtype:trojan-activity;sid:83679587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.176.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816485/; classtype:trojan-activity;sid:83679585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.18.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816486/; classtype:trojan-activity;sid:83679586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.224.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816484/; classtype:trojan-activity;sid:83679584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.206.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816483/; classtype:trojan-activity;sid:83679583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.187.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816482/; classtype:trojan-activity;sid:83679582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.248.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816481/; classtype:trojan-activity;sid:83679581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816477/; classtype:trojan-activity;sid:83679577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816478/; classtype:trojan-activity;sid:83679578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816479/; classtype:trojan-activity;sid:83679579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816480/; classtype:trojan-activity;sid:83679580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816475/; classtype:trojan-activity;sid:83679575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816476/; classtype:trojan-activity;sid:83679576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816472/; classtype:trojan-activity;sid:83679572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816473/; classtype:trojan-activity;sid:83679573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816474/; classtype:trojan-activity;sid:83679574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm7"; depth:10; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816471/; classtype:trojan-activity;sid:83679571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816470/; classtype:trojan-activity;sid:83679570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816465/; classtype:trojan-activity;sid:83679565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm4"; depth:10; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816466/; classtype:trojan-activity;sid:83679566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816467/; classtype:trojan-activity;sid:83679567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816468/; classtype:trojan-activity;sid:83679568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816469/; classtype:trojan-activity;sid:83679569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816459/; classtype:trojan-activity;sid:83679559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816460/; classtype:trojan-activity;sid:83679560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816461/; classtype:trojan-activity;sid:83679561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm"; depth:9; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816462/; classtype:trojan-activity;sid:83679562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816463/; classtype:trojan-activity;sid:83679563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816464/; classtype:trojan-activity;sid:83679564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816452/; classtype:trojan-activity;sid:83679552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816453/; classtype:trojan-activity;sid:83679553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816454/; classtype:trojan-activity;sid:83679554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816455/; classtype:trojan-activity;sid:83679555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816456/; classtype:trojan-activity;sid:83679556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816457/; classtype:trojan-activity;sid:83679557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"vivki.epiddserica.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816458/; classtype:trojan-activity;sid:83679558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.34.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816451/; classtype:trojan-activity;sid:83679551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.77.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816450/; classtype:trojan-activity;sid:83679550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816448/; classtype:trojan-activity;sid:83679548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816449/; classtype:trojan-activity;sid:83679549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.mpsl"; depth:13; endswith; nocase; http.host; content:"superdomain.africa"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816447/; classtype:trojan-activity;sid:83679547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.201.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816446/; classtype:trojan-activity;sid:83679546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.11.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816445/; classtype:trojan-activity;sid:83679545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.220.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816444/; classtype:trojan-activity;sid:83679544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.46.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816443/; classtype:trojan-activity;sid:83679543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.95.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816442/; classtype:trojan-activity;sid:83679542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.8.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816441/; classtype:trojan-activity;sid:83679541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.139.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816440/; classtype:trojan-activity;sid:83679540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.192.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816439/; classtype:trojan-activity;sid:83679539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.192.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816438/; classtype:trojan-activity;sid:83679538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm5"; depth:6; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816437/; classtype:trojan-activity;sid:83679537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.194.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816436/; classtype:trojan-activity;sid:83679536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.221.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816435/; classtype:trojan-activity;sid:83679535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816434/; classtype:trojan-activity;sid:83679534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.242.46.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816433/; classtype:trojan-activity;sid:83679533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.99.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816432/; classtype:trojan-activity;sid:83679532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.248.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816431/; classtype:trojan-activity;sid:83679531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.201.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816430/; classtype:trojan-activity;sid:83679530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.69.158.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816429/; classtype:trojan-activity;sid:83679529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.234.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816428/; classtype:trojan-activity;sid:83679528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.arm7"; depth:17; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816425/; classtype:trojan-activity;sid:83679525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.x86"; depth:16; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816426/; classtype:trojan-activity;sid:83679526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.mips"; depth:17; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816427/; classtype:trojan-activity;sid:83679527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.mpsl"; depth:17; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816418/; classtype:trojan-activity;sid:83679518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.arm5"; depth:17; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816419/; classtype:trojan-activity;sid:83679519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.sh4"; depth:16; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816420/; classtype:trojan-activity;sid:83679520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816421/; classtype:trojan-activity;sid:83679521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.m68k"; depth:17; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816422/; classtype:trojan-activity;sid:83679522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.arm"; depth:16; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816423/; classtype:trojan-activity;sid:83679523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.230.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816424/; classtype:trojan-activity;sid:83679524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816410/; classtype:trojan-activity;sid:83679510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816411/; classtype:trojan-activity;sid:83679511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816412/; classtype:trojan-activity;sid:83679512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816413/; classtype:trojan-activity;sid:83679513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816414/; classtype:trojan-activity;sid:83679514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.spc"; depth:16; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816415/; classtype:trojan-activity;sid:83679515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.arm6"; depth:17; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816416/; classtype:trojan-activity;sid:83679516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.ppc"; depth:16; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816417/; classtype:trojan-activity;sid:83679517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.12.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816409/; classtype:trojan-activity;sid:83679509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.34.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816408/; classtype:trojan-activity;sid:83679508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.172.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816407/; classtype:trojan-activity;sid:83679507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816406/; classtype:trojan-activity;sid:83679506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816399/; classtype:trojan-activity;sid:83679499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816400/; classtype:trojan-activity;sid:83679500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816401/; classtype:trojan-activity;sid:83679501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816402/; classtype:trojan-activity;sid:83679502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816403/; classtype:trojan-activity;sid:83679503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816404/; classtype:trojan-activity;sid:83679504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816405/; classtype:trojan-activity;sid:83679505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816396/; classtype:trojan-activity;sid:83679496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816397/; classtype:trojan-activity;sid:83679497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"kayomirai.kro.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816398/; classtype:trojan-activity;sid:83679498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.12.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816395/; classtype:trojan-activity;sid:83679495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.220.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816394/; classtype:trojan-activity;sid:83679494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.78.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816393/; classtype:trojan-activity;sid:83679493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.199.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816392/; classtype:trojan-activity;sid:83679492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816391/; classtype:trojan-activity;sid:83679491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.102.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816390/; classtype:trojan-activity;sid:83679490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.192.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816389/; classtype:trojan-activity;sid:83679489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.225.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816388/; classtype:trojan-activity;sid:83679488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/current.exe"; depth:12; endswith; nocase; http.host; content:"flowers4world.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816380/; classtype:trojan-activity;sid:83679480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm"; depth:52; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816381/; classtype:trojan-activity;sid:83679481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; depth:53; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816382/; classtype:trojan-activity;sid:83679482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86_64"; depth:55; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816383/; classtype:trojan-activity;sid:83679483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816384/; classtype:trojan-activity;sid:83679484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816385/; classtype:trojan-activity;sid:83679485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816386/; classtype:trojan-activity;sid:83679486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816387/; classtype:trojan-activity;sid:83679487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816379/; classtype:trojan-activity;sid:83679479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816373/; classtype:trojan-activity;sid:83679473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816374/; classtype:trojan-activity;sid:83679474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816375/; classtype:trojan-activity;sid:83679475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816376/; classtype:trojan-activity;sid:83679476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816377/; classtype:trojan-activity;sid:83679477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816378/; classtype:trojan-activity;sid:83679478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"ezz.ust.cx"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816372/; classtype:trojan-activity;sid:83679472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.228.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816371/; classtype:trojan-activity;sid:83679471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.221.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816370/; classtype:trojan-activity;sid:83679470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.52.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816369/; classtype:trojan-activity;sid:83679469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.201.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816368/; classtype:trojan-activity;sid:83679468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816367/; classtype:trojan-activity;sid:83679467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816366/; classtype:trojan-activity;sid:83679466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816365/; classtype:trojan-activity;sid:83679465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816364/; classtype:trojan-activity;sid:83679464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816362/; classtype:trojan-activity;sid:83679462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"134.255.211.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816363/; classtype:trojan-activity;sid:83679463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816361/; classtype:trojan-activity;sid:83679461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816357/; classtype:trojan-activity;sid:83679457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86_64"; depth:12; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816358/; classtype:trojan-activity;sid:83679458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816359/; classtype:trojan-activity;sid:83679459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"185.196.11.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816360/; classtype:trojan-activity;sid:83679460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816356/; classtype:trojan-activity;sid:83679456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816352/; classtype:trojan-activity;sid:83679452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sparc"; depth:11; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816353/; classtype:trojan-activity;sid:83679453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816354/; classtype:trojan-activity;sid:83679454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm4"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816355/; classtype:trojan-activity;sid:83679455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816346/; classtype:trojan-activity;sid:83679446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686_1"; depth:7; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816347/; classtype:trojan-activity;sid:83679447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816348/; classtype:trojan-activity;sid:83679448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816349/; classtype:trojan-activity;sid:83679449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816350/; classtype:trojan-activity;sid:83679450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816351/; classtype:trojan-activity;sid:83679451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816343/; classtype:trojan-activity;sid:83679443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816344/; classtype:trojan-activity;sid:83679444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.ppc"; depth:9; endswith; nocase; http.host; content:"44.215.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816345/; classtype:trojan-activity;sid:83679445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816337/; classtype:trojan-activity;sid:83679437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816338/; classtype:trojan-activity;sid:83679438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.196.11.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816339/; classtype:trojan-activity;sid:83679439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.196.11.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816340/; classtype:trojan-activity;sid:83679440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816341/; classtype:trojan-activity;sid:83679441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816342/; classtype:trojan-activity;sid:83679442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816327/; classtype:trojan-activity;sid:83679427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816328/; classtype:trojan-activity;sid:83679428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816329/; classtype:trojan-activity;sid:83679429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816330/; classtype:trojan-activity;sid:83679430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816331/; classtype:trojan-activity;sid:83679431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816332/; classtype:trojan-activity;sid:83679432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"92.249.48.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816333/; classtype:trojan-activity;sid:83679433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"44.215.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816334/; classtype:trojan-activity;sid:83679434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816335/; classtype:trojan-activity;sid:83679435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816336/; classtype:trojan-activity;sid:83679436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816319/; classtype:trojan-activity;sid:83679419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.196.11.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816320/; classtype:trojan-activity;sid:83679420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816321/; classtype:trojan-activity;sid:83679421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816322/; classtype:trojan-activity;sid:83679422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816323/; classtype:trojan-activity;sid:83679423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816324/; classtype:trojan-activity;sid:83679424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm6"; depth:10; endswith; nocase; http.host; content:"44.215.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816325/; classtype:trojan-activity;sid:83679425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"194.110.247.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816326/; classtype:trojan-activity;sid:83679426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.196.11.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816313/; classtype:trojan-activity;sid:83679413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816314/; classtype:trojan-activity;sid:83679414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816315/; classtype:trojan-activity;sid:83679415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"185.196.11.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816316/; classtype:trojan-activity;sid:83679416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816317/; classtype:trojan-activity;sid:83679417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"212.70.149.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816318/; classtype:trojan-activity;sid:83679418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.196.11.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816309/; classtype:trojan-activity;sid:83679409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm7"; depth:10; endswith; nocase; http.host; content:"44.215.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816310/; classtype:trojan-activity;sid:83679410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.mips"; depth:10; endswith; nocase; http.host; content:"44.215.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816311/; classtype:trojan-activity;sid:83679411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.mips"; depth:13; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816312/; classtype:trojan-activity;sid:83679412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm5"; depth:10; endswith; nocase; http.host; content:"44.215.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816307/; classtype:trojan-activity;sid:83679407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816308/; classtype:trojan-activity;sid:83679408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816302/; classtype:trojan-activity;sid:83679402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perspc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816303/; classtype:trojan-activity;sid:83679403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm"; depth:9; endswith; nocase; http.host; content:"44.215.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816304/; classtype:trojan-activity;sid:83679404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.m68k"; depth:10; endswith; nocase; http.host; content:"44.215.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816305/; classtype:trojan-activity;sid:83679405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidtest"; depth:9; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816306/; classtype:trojan-activity;sid:83679406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm6"; depth:13; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816296/; classtype:trojan-activity;sid:83679396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816297/; classtype:trojan-activity;sid:83679397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perm68k"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816298/; classtype:trojan-activity;sid:83679398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816299/; classtype:trojan-activity;sid:83679399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.mpsl"; depth:13; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816300/; classtype:trojan-activity;sid:83679400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816301/; classtype:trojan-activity;sid:83679401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816293/; classtype:trojan-activity;sid:83679393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/permpsl"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816294/; classtype:trojan-activity;sid:83679394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816295/; classtype:trojan-activity;sid:83679395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816275/; classtype:trojan-activity;sid:83679375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm68k"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816276/; classtype:trojan-activity;sid:83679376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816277/; classtype:trojan-activity;sid:83679377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816278/; classtype:trojan-activity;sid:83679378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm5n"; depth:14; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816279/; classtype:trojan-activity;sid:83679379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816280/; classtype:trojan-activity;sid:83679380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816281/; classtype:trojan-activity;sid:83679381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816282/; classtype:trojan-activity;sid:83679382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816283/; classtype:trojan-activity;sid:83679383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perppc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816284/; classtype:trojan-activity;sid:83679384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/permips"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816285/; classtype:trojan-activity;sid:83679385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816286/; classtype:trojan-activity;sid:83679386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816287/; classtype:trojan-activity;sid:83679387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816288/; classtype:trojan-activity;sid:83679388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipst"; depth:6; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816289/; classtype:trojan-activity;sid:83679389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816290/; classtype:trojan-activity;sid:83679390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816291/; classtype:trojan-activity;sid:83679391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm7"; depth:13; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816292/; classtype:trojan-activity;sid:83679392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.x86_64"; depth:15; endswith; nocase; http.host; content:"185.150.26.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816268/; classtype:trojan-activity;sid:83679368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816269/; classtype:trojan-activity;sid:83679369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816270/; classtype:trojan-activity;sid:83679370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816271/; classtype:trojan-activity;sid:83679371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816272/; classtype:trojan-activity;sid:83679372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816273/; classtype:trojan-activity;sid:83679373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816274/; classtype:trojan-activity;sid:83679374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.69.158.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816267/; classtype:trojan-activity;sid:83679367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.89.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816266/; classtype:trojan-activity;sid:83679366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.75.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816265/; classtype:trojan-activity;sid:83679365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.234.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816264/; classtype:trojan-activity;sid:83679364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.191.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816262/; classtype:trojan-activity;sid:83679362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.53.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816263/; classtype:trojan-activity;sid:83679363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816255/; classtype:trojan-activity;sid:83679355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816256/; classtype:trojan-activity;sid:83679356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816257/; classtype:trojan-activity;sid:83679357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816258/; classtype:trojan-activity;sid:83679358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816259/; classtype:trojan-activity;sid:83679359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816260/; classtype:trojan-activity;sid:83679360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816261/; classtype:trojan-activity;sid:83679361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.232.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816254/; classtype:trojan-activity;sid:83679354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816253/; classtype:trojan-activity;sid:83679353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.96.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816252/; classtype:trojan-activity;sid:83679352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.102.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816251/; classtype:trojan-activity;sid:83679351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.143.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816250/; classtype:trojan-activity;sid:83679350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.134.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816249/; classtype:trojan-activity;sid:83679349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.197.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816248/; classtype:trojan-activity;sid:83679348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.181.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816247/; classtype:trojan-activity;sid:83679347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.210.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816246/; classtype:trojan-activity;sid:83679346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.223.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816245/; classtype:trojan-activity;sid:83679345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.211.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816244/; classtype:trojan-activity;sid:83679344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816243/; classtype:trojan-activity;sid:83679343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816241/; classtype:trojan-activity;sid:83679341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816242/; classtype:trojan-activity;sid:83679342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816240/; classtype:trojan-activity;sid:83679340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816237/; classtype:trojan-activity;sid:83679337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816238/; classtype:trojan-activity;sid:83679338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816239/; classtype:trojan-activity;sid:83679339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816232/; classtype:trojan-activity;sid:83679332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816233/; classtype:trojan-activity;sid:83679333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816234/; classtype:trojan-activity;sid:83679334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816235/; classtype:trojan-activity;sid:83679335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816236/; classtype:trojan-activity;sid:83679336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm"; depth:9; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816229/; classtype:trojan-activity;sid:83679329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm4"; depth:10; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816230/; classtype:trojan-activity;sid:83679330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816231/; classtype:trojan-activity;sid:83679331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816225/; classtype:trojan-activity;sid:83679325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816226/; classtype:trojan-activity;sid:83679326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816227/; classtype:trojan-activity;sid:83679327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816228/; classtype:trojan-activity;sid:83679328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816216/; classtype:trojan-activity;sid:83679316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816217/; classtype:trojan-activity;sid:83679317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816218/; classtype:trojan-activity;sid:83679318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816219/; classtype:trojan-activity;sid:83679319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816220/; classtype:trojan-activity;sid:83679320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816221/; classtype:trojan-activity;sid:83679321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816222/; classtype:trojan-activity;sid:83679322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816223/; classtype:trojan-activity;sid:83679323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816224/; classtype:trojan-activity;sid:83679324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.37.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816215/; classtype:trojan-activity;sid:83679315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.232.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816214/; classtype:trojan-activity;sid:83679314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.225.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816213/; classtype:trojan-activity;sid:83679313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.65.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816212/; classtype:trojan-activity;sid:83679312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.66.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816211/; classtype:trojan-activity;sid:83679311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.3.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816210/; classtype:trojan-activity;sid:83679310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.22.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816209/; classtype:trojan-activity;sid:83679309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.53.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816208/; classtype:trojan-activity;sid:83679308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.37.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816206/; classtype:trojan-activity;sid:83679306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816207/; classtype:trojan-activity;sid:83679307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.214.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816205/; classtype:trojan-activity;sid:83679305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.211.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816204/; classtype:trojan-activity;sid:83679304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.151.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816203/; classtype:trojan-activity;sid:83679303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.151.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816202/; classtype:trojan-activity;sid:83679302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.193.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816201/; classtype:trojan-activity;sid:83679301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.246.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816200/; classtype:trojan-activity;sid:83679300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.229.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816198/; classtype:trojan-activity;sid:83679298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.232.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816199/; classtype:trojan-activity;sid:83679299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816197/; classtype:trojan-activity;sid:83679297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.30.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816196/; classtype:trojan-activity;sid:83679296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.231.196.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816195/; classtype:trojan-activity;sid:83679295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.72.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816194/; classtype:trojan-activity;sid:83679294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.140.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816193/; classtype:trojan-activity;sid:83679293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.79.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816192/; classtype:trojan-activity;sid:83679292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.80.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816191/; classtype:trojan-activity;sid:83679291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.247.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816190/; classtype:trojan-activity;sid:83679290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.193.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816189/; classtype:trojan-activity;sid:83679289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.sh4"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816188/; classtype:trojan-activity;sid:83679288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm6"; depth:10; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816182/; classtype:trojan-activity;sid:83679282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mpsl"; depth:10; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816183/; classtype:trojan-activity;sid:83679283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.mips"; depth:10; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816184/; classtype:trojan-activity;sid:83679284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.spc"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816185/; classtype:trojan-activity;sid:83679285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816186/; classtype:trojan-activity;sid:83679286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.74.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816187/; classtype:trojan-activity;sid:83679287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.ppc"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816181/; classtype:trojan-activity;sid:83679281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.78.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816180/; classtype:trojan-activity;sid:83679280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.27.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816178/; classtype:trojan-activity;sid:83679278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.191.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816179/; classtype:trojan-activity;sid:83679279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816177/; classtype:trojan-activity;sid:83679277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.117.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816176/; classtype:trojan-activity;sid:83679276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.130.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816175/; classtype:trojan-activity;sid:83679275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amadey.exe"; depth:11; endswith; nocase; http.host; content:"topgamecheats.dev"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816174/; classtype:trojan-activity;sid:83679274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.m68k"; depth:10; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816173/; classtype:trojan-activity;sid:83679273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.79.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816171/; classtype:trojan-activity;sid:83679271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.140.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816172/; classtype:trojan-activity;sid:83679272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm5"; depth:10; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816167/; classtype:trojan-activity;sid:83679267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.x86_64"; depth:12; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816168/; classtype:trojan-activity;sid:83679268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm"; depth:9; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816169/; classtype:trojan-activity;sid:83679269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//bot.arm7"; depth:10; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816170/; classtype:trojan-activity;sid:83679270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"222.134.175.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816166/; classtype:trojan-activity;sid:83679266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.58.180.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816165/; classtype:trojan-activity;sid:83679265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.113.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816164/; classtype:trojan-activity;sid:83679264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.212.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816163/; classtype:trojan-activity;sid:83679263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"66.23.144.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816162/; classtype:trojan-activity;sid:83679262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.137.0.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816161/; classtype:trojan-activity;sid:83679261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.121.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816160/; classtype:trojan-activity;sid:83679260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.68.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816159/; classtype:trojan-activity;sid:83679259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.212.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816158/; classtype:trojan-activity;sid:83679258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.68.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816157/; classtype:trojan-activity;sid:83679257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.243.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816156/; classtype:trojan-activity;sid:83679256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.27.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816155/; classtype:trojan-activity;sid:83679255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"209.59.113.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816154/; classtype:trojan-activity;sid:83679254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.74.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816153/; classtype:trojan-activity;sid:83679253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.78.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816151/; classtype:trojan-activity;sid:83679251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.237.241.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816152/; classtype:trojan-activity;sid:83679252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.247.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816150/; classtype:trojan-activity;sid:83679250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.27.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816149/; classtype:trojan-activity;sid:83679249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.232.48.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816148/; classtype:trojan-activity;sid:83679248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.12.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816147/; classtype:trojan-activity;sid:83679247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816145/; classtype:trojan-activity;sid:83679245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.140.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816146/; classtype:trojan-activity;sid:83679246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816144/; classtype:trojan-activity;sid:83679244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"51.83.180.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816143/; classtype:trojan-activity;sid:83679243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.130.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816142/; classtype:trojan-activity;sid:83679242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816141/; classtype:trojan-activity;sid:83679241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.212.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816140/; classtype:trojan-activity;sid:83679240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.52.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816139/; classtype:trojan-activity;sid:83679239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.243.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816138/; classtype:trojan-activity;sid:83679238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.146.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816137/; classtype:trojan-activity;sid:83679237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm6"; depth:9; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816136/; classtype:trojan-activity;sid:83679236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm"; depth:8; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816135/; classtype:trojan-activity;sid:83679235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/mpsl"; depth:9; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816127/; classtype:trojan-activity;sid:83679227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/x86"; depth:8; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816128/; classtype:trojan-activity;sid:83679228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm7"; depth:9; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816129/; classtype:trojan-activity;sid:83679229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/mips"; depth:9; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816130/; classtype:trojan-activity;sid:83679230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/ppc"; depth:8; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816131/; classtype:trojan-activity;sid:83679231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/sh4"; depth:8; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816132/; classtype:trojan-activity;sid:83679232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/m68k"; depth:9; endswith; nocase; http.host; content:"91.92.250.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816133/; classtype:trojan-activity;sid:83679233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.87.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816134/; classtype:trojan-activity;sid:83679234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.121.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816125/; classtype:trojan-activity;sid:83679225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.68.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816126/; classtype:trojan-activity;sid:83679226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816123/; classtype:trojan-activity;sid:83679223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816124/; classtype:trojan-activity;sid:83679224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.192.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816122/; classtype:trojan-activity;sid:83679222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"209.59.113.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816121/; classtype:trojan-activity;sid:83679221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816119/; classtype:trojan-activity;sid:83679219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816120/; classtype:trojan-activity;sid:83679220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816115/; classtype:trojan-activity;sid:83679215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816116/; classtype:trojan-activity;sid:83679216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816117/; classtype:trojan-activity;sid:83679217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816118/; classtype:trojan-activity;sid:83679218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.202.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816114/; classtype:trojan-activity;sid:83679214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.176.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816113/; classtype:trojan-activity;sid:83679213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.117.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816112/; classtype:trojan-activity;sid:83679212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xlamlikeiamverymuchwithentirethingslovertokissthegreatlogswhichcomingotmewithenitrelove__okmyconmennytokiss.doc"; depth:112; endswith; nocase; http.host; content:"192.3.216.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816110/; classtype:trojan-activity;sid:83679210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.201.221.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816111/; classtype:trojan-activity;sid:83679211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.249.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816109/; classtype:trojan-activity;sid:83679209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.58.180.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816108/; classtype:trojan-activity;sid:83679208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816107/; classtype:trojan-activity;sid:83679207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816106/; classtype:trojan-activity;sid:83679206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.213.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816105/; classtype:trojan-activity;sid:83679205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.234.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816103/; classtype:trojan-activity;sid:83679203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.175.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816104/; classtype:trojan-activity;sid:83679204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.243.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816102/; classtype:trojan-activity;sid:83679202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.215.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816101/; classtype:trojan-activity;sid:83679201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816099/; classtype:trojan-activity;sid:83679199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.25.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816100/; classtype:trojan-activity;sid:83679200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.212.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816098/; classtype:trojan-activity;sid:83679198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.16.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816097/; classtype:trojan-activity;sid:83679197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.48.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816096/; classtype:trojan-activity;sid:83679196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816095/; classtype:trojan-activity;sid:83679195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.146.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816094/; classtype:trojan-activity;sid:83679194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.87.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816093/; classtype:trojan-activity;sid:83679193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.83.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816092/; classtype:trojan-activity;sid:83679192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.202.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816091/; classtype:trojan-activity;sid:83679191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.172.19.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816090/; classtype:trojan-activity;sid:83679190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816089/; classtype:trojan-activity;sid:83679189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.234.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816088/; classtype:trojan-activity;sid:83679188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.163.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816087/; classtype:trojan-activity;sid:83679187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816086/; classtype:trojan-activity;sid:83679186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.213.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816085/; classtype:trojan-activity;sid:83679185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.16.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816084/; classtype:trojan-activity;sid:83679184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.215.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816083/; classtype:trojan-activity;sid:83679183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816082/; classtype:trojan-activity;sid:83679182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816081/; classtype:trojan-activity;sid:83679181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.48.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816080/; classtype:trojan-activity;sid:83679180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.21.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816079/; classtype:trojan-activity;sid:83679179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.237.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816078/; classtype:trojan-activity;sid:83679178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.53.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816077/; classtype:trojan-activity;sid:83679177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.224.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816076/; classtype:trojan-activity;sid:83679176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.exe"; depth:12; endswith; nocase; http.host; content:"194.116.172.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816075/; classtype:trojan-activity;sid:83679175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.107.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816074/; classtype:trojan-activity;sid:83679174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.11.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816073/; classtype:trojan-activity;sid:83679173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.121.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816072/; classtype:trojan-activity;sid:83679172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.160.228.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816071/; classtype:trojan-activity;sid:83679171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.104.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816070/; classtype:trojan-activity;sid:83679170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816069/; classtype:trojan-activity;sid:83679169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.83.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816068/; classtype:trojan-activity;sid:83679168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.163.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816067/; classtype:trojan-activity;sid:83679167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.188.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816066/; classtype:trojan-activity;sid:83679166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.164.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816065/; classtype:trojan-activity;sid:83679165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816064/; classtype:trojan-activity;sid:83679164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.106.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816063/; classtype:trojan-activity;sid:83679163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816062/; classtype:trojan-activity;sid:83679162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"87.120.84.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816061/; classtype:trojan-activity;sid:83679161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.102.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816060/; classtype:trojan-activity;sid:83679160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.4.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816059/; classtype:trojan-activity;sid:83679159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.224.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816058/; classtype:trojan-activity;sid:83679158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.107.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816056/; classtype:trojan-activity;sid:83679156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.55.128.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816057/; classtype:trojan-activity;sid:83679157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.45.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816055/; classtype:trojan-activity;sid:83679155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.177.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816054/; classtype:trojan-activity;sid:83679154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.225.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816053/; classtype:trojan-activity;sid:83679153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816052/; classtype:trojan-activity;sid:83679152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816051/; classtype:trojan-activity;sid:83679151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.56.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816050/; classtype:trojan-activity;sid:83679150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.56.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816048/; classtype:trojan-activity;sid:83679148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.244.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816049/; classtype:trojan-activity;sid:83679149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.202.207.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816047/; classtype:trojan-activity;sid:83679147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.79.116.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816046/; classtype:trojan-activity;sid:83679146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.234.191.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816045/; classtype:trojan-activity;sid:83679145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.236.211.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816044/; classtype:trojan-activity;sid:83679144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816042/; classtype:trojan-activity;sid:83679142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.35.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816043/; classtype:trojan-activity;sid:83679143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.215.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816041/; classtype:trojan-activity;sid:83679141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.98.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816040/; classtype:trojan-activity;sid:83679140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.170.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816039/; classtype:trojan-activity;sid:83679139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.208.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816038/; classtype:trojan-activity;sid:83679138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.1.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816037/; classtype:trojan-activity;sid:83679137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816036/; classtype:trojan-activity;sid:83679136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.164.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816035/; classtype:trojan-activity;sid:83679135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816034/; classtype:trojan-activity;sid:83679134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.45.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816032/; classtype:trojan-activity;sid:83679132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.150.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816033/; classtype:trojan-activity;sid:83679133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.0.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816031/; classtype:trojan-activity;sid:83679131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.4.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816030/; classtype:trojan-activity;sid:83679130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.178.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816029/; classtype:trojan-activity;sid:83679129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.165.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816028/; classtype:trojan-activity;sid:83679128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816027/; classtype:trojan-activity;sid:83679127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.79.116.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816026/; classtype:trojan-activity;sid:83679126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.166.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816025/; classtype:trojan-activity;sid:83679125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.254.189.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816024/; classtype:trojan-activity;sid:83679124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.236.211.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816023/; classtype:trojan-activity;sid:83679123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.184.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816022/; classtype:trojan-activity;sid:83679122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.193.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816021/; classtype:trojan-activity;sid:83679121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.234.191.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816020/; classtype:trojan-activity;sid:83679120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.22.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816019/; classtype:trojan-activity;sid:83679119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816018/; classtype:trojan-activity;sid:83679118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.33.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816017/; classtype:trojan-activity;sid:83679117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.229.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816016/; classtype:trojan-activity;sid:83679116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.6.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816015/; classtype:trojan-activity;sid:83679115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.103.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816014/; classtype:trojan-activity;sid:83679114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816013/; classtype:trojan-activity;sid:83679113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816012/; classtype:trojan-activity;sid:83679112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.26.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816011/; classtype:trojan-activity;sid:83679111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.106.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816010/; classtype:trojan-activity;sid:83679110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.195.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816009/; classtype:trojan-activity;sid:83679109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.170.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816008/; classtype:trojan-activity;sid:83679108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.64.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816007/; classtype:trojan-activity;sid:83679107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.178.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816006/; classtype:trojan-activity;sid:83679106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.138.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816003/; classtype:trojan-activity;sid:83679103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.63.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816004/; classtype:trojan-activity;sid:83679104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.132.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816005/; classtype:trojan-activity;sid:83679105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.167.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816002/; classtype:trojan-activity;sid:83679102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816001/; classtype:trojan-activity;sid:83679101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.6.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816000/; classtype:trojan-activity;sid:83679100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.52.59.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815999/; classtype:trojan-activity;sid:83679099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.44.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815998/; classtype:trojan-activity;sid:83679098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.132.78.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815997/; classtype:trojan-activity;sid:83679097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.133.89.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815996/; classtype:trojan-activity;sid:83679096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.166.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815995/; classtype:trojan-activity;sid:83679095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.78.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815993/; classtype:trojan-activity;sid:83679093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.212.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815994/; classtype:trojan-activity;sid:83679094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.64.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815992/; classtype:trojan-activity;sid:83679092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.186.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815990/; classtype:trojan-activity;sid:83679090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.52.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815991/; classtype:trojan-activity;sid:83679091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.100.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815989/; classtype:trojan-activity;sid:83679089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.63.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815988/; classtype:trojan-activity;sid:83679088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.127.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815987/; classtype:trojan-activity;sid:83679087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.167.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815986/; classtype:trojan-activity;sid:83679086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.26.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815985/; classtype:trojan-activity;sid:83679085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.67.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815984/; classtype:trojan-activity;sid:83679084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.124.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815983/; classtype:trojan-activity;sid:83679083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.216.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815982/; classtype:trojan-activity;sid:83679082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.42.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815980/; classtype:trojan-activity;sid:83679080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.148.144.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815981/; classtype:trojan-activity;sid:83679081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.52.59.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815979/; classtype:trojan-activity;sid:83679079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.166.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815978/; classtype:trojan-activity;sid:83679078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.129.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815977/; classtype:trojan-activity;sid:83679077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815976/; classtype:trojan-activity;sid:83679076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bubl"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815975/; classtype:trojan-activity;sid:83679075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.186.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815974/; classtype:trojan-activity;sid:83679074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.86.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815973/; classtype:trojan-activity;sid:83679073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.40.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815972/; classtype:trojan-activity;sid:83679072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.41.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815971/; classtype:trojan-activity;sid:83679071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.161.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815970/; classtype:trojan-activity;sid:83679070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815969/; classtype:trojan-activity;sid:83679069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.236.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815968/; classtype:trojan-activity;sid:83679068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.214.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815967/; classtype:trojan-activity;sid:83679067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.250.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815966/; classtype:trojan-activity;sid:83679066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815965/; classtype:trojan-activity;sid:83679065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.153.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815964/; classtype:trojan-activity;sid:83679064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.40.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815963/; classtype:trojan-activity;sid:83679063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.6.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815962/; classtype:trojan-activity;sid:83679062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.80.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815961/; classtype:trojan-activity;sid:83679061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.80.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815960/; classtype:trojan-activity;sid:83679060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.147.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815959/; classtype:trojan-activity;sid:83679059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.40.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815958/; classtype:trojan-activity;sid:83679058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.214.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815957/; classtype:trojan-activity;sid:83679057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.236.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815956/; classtype:trojan-activity;sid:83679056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.41.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815955/; classtype:trojan-activity;sid:83679055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.244.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815954/; classtype:trojan-activity;sid:83679054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.250.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815952/; classtype:trojan-activity;sid:83679052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.243.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815953/; classtype:trojan-activity;sid:83679053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.61.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815951/; classtype:trojan-activity;sid:83679051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.99.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815950/; classtype:trojan-activity;sid:83679050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815949/; classtype:trojan-activity;sid:83679049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.187.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815948/; classtype:trojan-activity;sid:83679048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"fbu.register.arpsychotherapy.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815947/; classtype:trojan-activity;sid:83679047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.145.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815946/; classtype:trojan-activity;sid:83679046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.153.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815945/; classtype:trojan-activity;sid:83679045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.250.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815944/; classtype:trojan-activity;sid:83679044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.250.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815943/; classtype:trojan-activity;sid:83679043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.214.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815942/; classtype:trojan-activity;sid:83679042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm7"; depth:10; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815941/; classtype:trojan-activity;sid:83679041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.53.55.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815940/; classtype:trojan-activity;sid:83679040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815939/; classtype:trojan-activity;sid:83679039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.172.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815938/; classtype:trojan-activity;sid:83679038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.140.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815937/; classtype:trojan-activity;sid:83679037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.7.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815936/; classtype:trojan-activity;sid:83679036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.187.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815935/; classtype:trojan-activity;sid:83679035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.61.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815934/; classtype:trojan-activity;sid:83679034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.110.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815933/; classtype:trojan-activity;sid:83679033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.90.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815932/; classtype:trojan-activity;sid:83679032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.99.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815931/; classtype:trojan-activity;sid:83679031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.145.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815930/; classtype:trojan-activity;sid:83679030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.80.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815929/; classtype:trojan-activity;sid:83679029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.176.107.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815928/; classtype:trojan-activity;sid:83679028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.8.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815927/; classtype:trojan-activity;sid:83679027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.202.55.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815926/; classtype:trojan-activity;sid:83679026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.0.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815925/; classtype:trojan-activity;sid:83679025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.64.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815924/; classtype:trojan-activity;sid:83679024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.92.82.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815923/; classtype:trojan-activity;sid:83679023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.243.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815922/; classtype:trojan-activity;sid:83679022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815921/; classtype:trojan-activity;sid:83679021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.7.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815920/; classtype:trojan-activity;sid:83679020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815919/; classtype:trojan-activity;sid:83679019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.21.176.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815917/; classtype:trojan-activity;sid:83679017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.180.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815918/; classtype:trojan-activity;sid:83679018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815916/; classtype:trojan-activity;sid:83679016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.208.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815914/; classtype:trojan-activity;sid:83679014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.243.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815915/; classtype:trojan-activity;sid:83679015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.13.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815912/; classtype:trojan-activity;sid:83679012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.103.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815913/; classtype:trojan-activity;sid:83679013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.181.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815911/; classtype:trojan-activity;sid:83679011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.0.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815910/; classtype:trojan-activity;sid:83679010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815909/; classtype:trojan-activity;sid:83679009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.64.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815908/; classtype:trojan-activity;sid:83679008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.148.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815907/; classtype:trojan-activity;sid:83679007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815906/; classtype:trojan-activity;sid:83679006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.26.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815905/; classtype:trojan-activity;sid:83679005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.84.61.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815904/; classtype:trojan-activity;sid:83679004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815903/; classtype:trojan-activity;sid:83679003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.117.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815902/; classtype:trojan-activity;sid:83679002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815901/; classtype:trojan-activity;sid:83679001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.84.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815900/; classtype:trojan-activity;sid:83679000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.44.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815899/; classtype:trojan-activity;sid:83678999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.122.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815898/; classtype:trojan-activity;sid:83678998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815897/; classtype:trojan-activity;sid:83678997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.10.132.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815896/; classtype:trojan-activity;sid:83678996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.244.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815895/; classtype:trojan-activity;sid:83678995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.170.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815894/; classtype:trojan-activity;sid:83678994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.148.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815893/; classtype:trojan-activity;sid:83678993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815892/; classtype:trojan-activity;sid:83678992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815891/; classtype:trojan-activity;sid:83678991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.150.77.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815890/; classtype:trojan-activity;sid:83678990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815889/; classtype:trojan-activity;sid:83678989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.40.197.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815888/; classtype:trojan-activity;sid:83678988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.1.195"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815887/; classtype:trojan-activity;sid:83678987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.89.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815886/; classtype:trojan-activity;sid:83678986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.110.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815884/; classtype:trojan-activity;sid:83678984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.44.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815885/; classtype:trojan-activity;sid:83678985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815882/; classtype:trojan-activity;sid:83678982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815883/; classtype:trojan-activity;sid:83678983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.37.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815881/; classtype:trojan-activity;sid:83678981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.84.61.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815880/; classtype:trojan-activity;sid:83678980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.200.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815879/; classtype:trojan-activity;sid:83678979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.133.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815878/; classtype:trojan-activity;sid:83678978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.72.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815877/; classtype:trojan-activity;sid:83678977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815876/; classtype:trojan-activity;sid:83678976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.244.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815875/; classtype:trojan-activity;sid:83678975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.80.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815874/; classtype:trojan-activity;sid:83678974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815873/; classtype:trojan-activity;sid:83678973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.124.44.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815872/; classtype:trojan-activity;sid:83678972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.238.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815871/; classtype:trojan-activity;sid:83678971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815870/; classtype:trojan-activity;sid:83678970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.39.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815868/; classtype:trojan-activity;sid:83678968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.207.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815869/; classtype:trojan-activity;sid:83678969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815867/; classtype:trojan-activity;sid:83678967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.150.77.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815866/; classtype:trojan-activity;sid:83678966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.53.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815865/; classtype:trojan-activity;sid:83678965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815864/; classtype:trojan-activity;sid:83678964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.217.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815862/; classtype:trojan-activity;sid:83678962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.130.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815863/; classtype:trojan-activity;sid:83678963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"akvv.register.arpsychotherapy.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815861/; classtype:trojan-activity;sid:83678961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.72.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815860/; classtype:trojan-activity;sid:83678960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.152.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815859/; classtype:trojan-activity;sid:83678959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.146.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815858/; classtype:trojan-activity;sid:83678958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.140.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815857/; classtype:trojan-activity;sid:83678957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.245.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815856/; classtype:trojan-activity;sid:83678956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.20.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815855/; classtype:trojan-activity;sid:83678955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.210.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815854/; classtype:trojan-activity;sid:83678954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815853/; classtype:trojan-activity;sid:83678953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.168.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815852/; classtype:trojan-activity;sid:83678952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.125.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815850/; classtype:trojan-activity;sid:83678950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.39.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815851/; classtype:trojan-activity;sid:83678951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.152.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815849/; classtype:trojan-activity;sid:83678949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.117.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815848/; classtype:trojan-activity;sid:83678948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815847/; classtype:trojan-activity;sid:83678947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.78.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815846/; classtype:trojan-activity;sid:83678946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.47.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815845/; classtype:trojan-activity;sid:83678945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.177.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815844/; classtype:trojan-activity;sid:83678944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.146.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815843/; classtype:trojan-activity;sid:83678943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.118.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815841/; classtype:trojan-activity;sid:83678941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.244.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815842/; classtype:trojan-activity;sid:83678942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.210.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815840/; classtype:trojan-activity;sid:83678940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.47.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815839/; classtype:trojan-activity;sid:83678939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.82.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815838/; classtype:trojan-activity;sid:83678938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.20.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815837/; classtype:trojan-activity;sid:83678937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.252.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815836/; classtype:trojan-activity;sid:83678936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815835/; classtype:trojan-activity;sid:83678935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.155.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815834/; classtype:trojan-activity;sid:83678934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815833/; classtype:trojan-activity;sid:83678933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"107.174.205.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815832/; classtype:trojan-activity;sid:83678932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815831/; classtype:trojan-activity;sid:83678931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815829/; classtype:trojan-activity;sid:83678929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815830/; classtype:trojan-activity;sid:83678930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.debug.dbg"; depth:13; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815826/; classtype:trojan-activity;sid:83678926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sx86"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815827/; classtype:trojan-activity;sid:83678927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.smips"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815828/; classtype:trojan-activity;sid:83678928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.245.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815825/; classtype:trojan-activity;sid:83678925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sx86_64"; depth:11; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815824/; classtype:trojan-activity;sid:83678924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc"; depth:3; endswith; nocase; http.host; content:"94.156.66.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815821/; classtype:trojan-activity;sid:83678921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sarm"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815822/; classtype:trojan-activity;sid:83678922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sarm5"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815823/; classtype:trojan-activity;sid:83678923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815819/; classtype:trojan-activity;sid:83678919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815820/; classtype:trojan-activity;sid:83678920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sarm6"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815817/; classtype:trojan-activity;sid:83678917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sarm7"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815818/; classtype:trojan-activity;sid:83678918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815812/; classtype:trojan-activity;sid:83678912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"74.119.193.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815813/; classtype:trojan-activity;sid:83678913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815814/; classtype:trojan-activity;sid:83678914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815815/; classtype:trojan-activity;sid:83678915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815816/; classtype:trojan-activity;sid:83678916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/key"; depth:4; endswith; nocase; http.host; content:"91.92.255.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815809/; classtype:trojan-activity;sid:83678909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815810/; classtype:trojan-activity;sid:83678910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"209.141.57.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815811/; classtype:trojan-activity;sid:83678911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815802/; classtype:trojan-activity;sid:83678902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815803/; classtype:trojan-activity;sid:83678903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"91.240.118.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815804/; classtype:trojan-activity;sid:83678904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815805/; classtype:trojan-activity;sid:83678905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"185.150.26.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815806/; classtype:trojan-activity;sid:83678906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"94.156.66.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815807/; classtype:trojan-activity;sid:83678907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"62.138.18.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815808/; classtype:trojan-activity;sid:83678908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.238.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815799/; classtype:trojan-activity;sid:83678899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815800/; classtype:trojan-activity;sid:83678900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815801/; classtype:trojan-activity;sid:83678901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sspc"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815797/; classtype:trojan-activity;sid:83678897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"91.92.255.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815798/; classtype:trojan-activity;sid:83678898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"141.98.7.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815796/; classtype:trojan-activity;sid:83678896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.smpsl"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815794/; classtype:trojan-activity;sid:83678894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sm68k"; depth:9; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815795/; classtype:trojan-activity;sid:83678895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magic"; depth:6; endswith; nocase; http.host; content:"91.92.255.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815793/; classtype:trojan-activity;sid:83678893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sppc"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815791/; classtype:trojan-activity;sid:83678891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.ssh4"; depth:8; endswith; nocase; http.host; content:"45.88.90.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815792/; classtype:trojan-activity;sid:83678892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815790/; classtype:trojan-activity;sid:83678890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.28.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815789/; classtype:trojan-activity;sid:83678889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.210.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815788/; classtype:trojan-activity;sid:83678888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.63.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815787/; classtype:trojan-activity;sid:83678887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.187.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815786/; classtype:trojan-activity;sid:83678886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.105.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815785/; classtype:trojan-activity;sid:83678885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.42.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815784/; classtype:trojan-activity;sid:83678884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.252.29.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815783/; classtype:trojan-activity;sid:83678883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815782/; classtype:trojan-activity;sid:83678882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.245.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815781/; classtype:trojan-activity;sid:83678881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.238.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815780/; classtype:trojan-activity;sid:83678880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.252.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815779/; classtype:trojan-activity;sid:83678879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.118.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815778/; classtype:trojan-activity;sid:83678878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.41.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815777/; classtype:trojan-activity;sid:83678877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.187.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815775/; classtype:trojan-activity;sid:83678875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.244.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815776/; classtype:trojan-activity;sid:83678876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815774/; classtype:trojan-activity;sid:83678874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.210.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815773/; classtype:trojan-activity;sid:83678873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.189.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815772/; classtype:trojan-activity;sid:83678872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"158.255.82.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815771/; classtype:trojan-activity;sid:83678871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.124.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815769/; classtype:trojan-activity;sid:83678869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.105.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815770/; classtype:trojan-activity;sid:83678870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.96.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815768/; classtype:trojan-activity;sid:83678868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815767/; classtype:trojan-activity;sid:83678867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.5.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815766/; classtype:trojan-activity;sid:83678866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/hot-random-image/index.html"; depth:47; endswith; nocase; http.host; content:"www.mlmigration.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815765/; classtype:trojan-activity;sid:83678865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/hot-random-image/index.html"; depth:47; endswith; nocase; http.host; content:"iespppomabamba.edu.pe"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815764/; classtype:trojan-activity;sid:83678864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/hot-random-image/index.html"; depth:47; endswith; nocase; http.host; content:"prominencedigiworld.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815763/; classtype:trojan-activity;sid:83678863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/hot-random-image/index.html"; depth:47; endswith; nocase; http.host; content:"rummyking24.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815762/; classtype:trojan-activity;sid:83678862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/hot-random-image/index.html"; depth:47; endswith; nocase; http.host; content:"akshayascientifics.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815760/; classtype:trojan-activity;sid:83678860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/hot-random-image/index.html"; depth:47; endswith; nocase; http.host; content:"www.prottahobarta.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815761/; classtype:trojan-activity;sid:83678861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.211.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815759/; classtype:trojan-activity;sid:83678859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.247.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815758/; classtype:trojan-activity;sid:83678858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.24.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815757/; classtype:trojan-activity;sid:83678857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xhtozki0ibbi"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815755/; classtype:trojan-activity;sid:83678855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xotraqwx9p44"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815756/; classtype:trojan-activity;sid:83678856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.28.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815754/; classtype:trojan-activity;sid:83678854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815753/; classtype:trojan-activity;sid:83678853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815752/; classtype:trojan-activity;sid:83678852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.189.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815751/; classtype:trojan-activity;sid:83678851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.41.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815750/; classtype:trojan-activity;sid:83678850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.96.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815749/; classtype:trojan-activity;sid:83678849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.161.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815748/; classtype:trojan-activity;sid:83678848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.43.109.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815747/; classtype:trojan-activity;sid:83678847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.84.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815746/; classtype:trojan-activity;sid:83678846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.124.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815745/; classtype:trojan-activity;sid:83678845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.24.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815744/; classtype:trojan-activity;sid:83678844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.55.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815743/; classtype:trojan-activity;sid:83678843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.211.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815742/; classtype:trojan-activity;sid:83678842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.54.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815741/; classtype:trojan-activity;sid:83678841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.215.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815740/; classtype:trojan-activity;sid:83678840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.40.140.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815739/; classtype:trojan-activity;sid:83678839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.92.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815738/; classtype:trojan-activity;sid:83678838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.149.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815737/; classtype:trojan-activity;sid:83678837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.90.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815736/; classtype:trojan-activity;sid:83678836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815735/; classtype:trojan-activity;sid:83678835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.178.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815734/; classtype:trojan-activity;sid:83678834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.171.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815733/; classtype:trojan-activity;sid:83678833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.174.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815732/; classtype:trojan-activity;sid:83678832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.69.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815731/; classtype:trojan-activity;sid:83678831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.249.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815730/; classtype:trojan-activity;sid:83678830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.92.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815729/; classtype:trojan-activity;sid:83678829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.215.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815728/; classtype:trojan-activity;sid:83678828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.34.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815727/; classtype:trojan-activity;sid:83678827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.203.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815726/; classtype:trojan-activity;sid:83678826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.22.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815725/; classtype:trojan-activity;sid:83678825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.55.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815724/; classtype:trojan-activity;sid:83678824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815723/; classtype:trojan-activity;sid:83678823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.150.77.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815722/; classtype:trojan-activity;sid:83678822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/game.exe"; depth:9; endswith; nocase; http.host; content:"spanchtoc.bond"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815721/; classtype:trojan-activity;sid:83678821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.79.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815720/; classtype:trojan-activity;sid:83678820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.32.247.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815719/; classtype:trojan-activity;sid:83678819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815718/; classtype:trojan-activity;sid:83678818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.90.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815717/; classtype:trojan-activity;sid:83678817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.100.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815716/; classtype:trojan-activity;sid:83678816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.210.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815715/; classtype:trojan-activity;sid:83678815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.71.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815714/; classtype:trojan-activity;sid:83678814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.203.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815713/; classtype:trojan-activity;sid:83678813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.mips"; depth:27; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815706/; classtype:trojan-activity;sid:83678806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.x86"; depth:26; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815707/; classtype:trojan-activity;sid:83678807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.x86_64"; depth:19; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815708/; classtype:trojan-activity;sid:83678808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm5"; depth:27; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815709/; classtype:trojan-activity;sid:83678809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.i686"; depth:17; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815710/; classtype:trojan-activity;sid:83678810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm5"; depth:17; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815711/; classtype:trojan-activity;sid:83678811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.mips"; depth:17; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815712/; classtype:trojan-activity;sid:83678812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.dbg"; depth:26; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815704/; classtype:trojan-activity;sid:83678804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm7"; depth:17; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815705/; classtype:trojan-activity;sid:83678805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm6"; depth:17; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815702/; classtype:trojan-activity;sid:83678802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm7"; depth:27; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815703/; classtype:trojan-activity;sid:83678803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.ppc"; depth:26; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815697/; classtype:trojan-activity;sid:83678797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.mpsl"; depth:27; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815698/; classtype:trojan-activity;sid:83678798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.m68k"; depth:27; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815699/; classtype:trojan-activity;sid:83678799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.m68k"; depth:17; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815700/; classtype:trojan-activity;sid:83678800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm4"; depth:27; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815701/; classtype:trojan-activity;sid:83678801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.arm6"; depth:27; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815694/; classtype:trojan-activity;sid:83678794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.x86_64"; depth:29; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815695/; classtype:trojan-activity;sid:83678795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.sh4"; depth:16; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815696/; classtype:trojan-activity;sid:83678796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.spc"; depth:16; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815692/; classtype:trojan-activity;sid:83678792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.mpsl"; depth:17; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815693/; classtype:trojan-activity;sid:83678793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.arm4"; depth:17; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815690/; classtype:trojan-activity;sid:83678790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.spc"; depth:26; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815691/; classtype:trojan-activity;sid:83678791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.sh4"; depth:26; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815688/; classtype:trojan-activity;sid:83678788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.ppc"; depth:16; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815689/; classtype:trojan-activity;sid:83678789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/no_killer/aqua.i686"; depth:27; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815686/; classtype:trojan-activity;sid:83678786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.dbg"; depth:16; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815687/; classtype:trojan-activity;sid:83678787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.249.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815685/; classtype:trojan-activity;sid:83678785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.171.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815684/; classtype:trojan-activity;sid:83678784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.215.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815682/; classtype:trojan-activity;sid:83678782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.219.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815683/; classtype:trojan-activity;sid:83678783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.183.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815680/; classtype:trojan-activity;sid:83678780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.197.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815681/; classtype:trojan-activity;sid:83678781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.180.158.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815679/; classtype:trojan-activity;sid:83678779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.32.247.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815677/; classtype:trojan-activity;sid:83678777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.5.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815678/; classtype:trojan-activity;sid:83678778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.39.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815676/; classtype:trojan-activity;sid:83678776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.168.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815675/; classtype:trojan-activity;sid:83678775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.79.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815674/; classtype:trojan-activity;sid:83678774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.5.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815673/; classtype:trojan-activity;sid:83678773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.45.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815670/; classtype:trojan-activity;sid:83678770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.188.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815671/; classtype:trojan-activity;sid:83678771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815672/; classtype:trojan-activity;sid:83678772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.132.78.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815669/; classtype:trojan-activity;sid:83678769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.29.146.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815668/; classtype:trojan-activity;sid:83678768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.219.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815667/; classtype:trojan-activity;sid:83678767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.47.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815666/; classtype:trojan-activity;sid:83678766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.15.218.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815665/; classtype:trojan-activity;sid:83678765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.2.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815664/; classtype:trojan-activity;sid:83678764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.86.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815663/; classtype:trojan-activity;sid:83678763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815660/; classtype:trojan-activity;sid:83678760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815661/; classtype:trojan-activity;sid:83678761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815662/; classtype:trojan-activity;sid:83678762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815653/; classtype:trojan-activity;sid:83678753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815654/; classtype:trojan-activity;sid:83678754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815655/; classtype:trojan-activity;sid:83678755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815656/; classtype:trojan-activity;sid:83678756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815657/; classtype:trojan-activity;sid:83678757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815658/; classtype:trojan-activity;sid:83678758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815659/; classtype:trojan-activity;sid:83678759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.120.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815652/; classtype:trojan-activity;sid:83678752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.72.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815651/; classtype:trojan-activity;sid:83678751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.224.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815650/; classtype:trojan-activity;sid:83678750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815649/; classtype:trojan-activity;sid:83678749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.238.177.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815648/; classtype:trojan-activity;sid:83678748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.47.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815647/; classtype:trojan-activity;sid:83678747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/current.exe"; depth:12; endswith; nocase; http.host; content:"world4flowers.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815646/; classtype:trojan-activity;sid:83678746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815645/; classtype:trojan-activity;sid:83678745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.120.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815644/; classtype:trojan-activity;sid:83678744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.120.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815643/; classtype:trojan-activity;sid:83678743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815642/; classtype:trojan-activity;sid:83678742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.153.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815641/; classtype:trojan-activity;sid:83678741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.201.133.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815640/; classtype:trojan-activity;sid:83678740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.69.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815638/; classtype:trojan-activity;sid:83678738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815639/; classtype:trojan-activity;sid:83678739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815637/; classtype:trojan-activity;sid:83678737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.224.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815635/; classtype:trojan-activity;sid:83678735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.61.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815636/; classtype:trojan-activity;sid:83678736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.182.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815633/; classtype:trojan-activity;sid:83678733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.238.177.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815634/; classtype:trojan-activity;sid:83678734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.226.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815632/; classtype:trojan-activity;sid:83678732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.215.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815631/; classtype:trojan-activity;sid:83678731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.193.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815630/; classtype:trojan-activity;sid:83678730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.172.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815629/; classtype:trojan-activity;sid:83678729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ii"; depth:3; endswith; nocase; http.host; content:"palberryslicker.sbs"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815628/; classtype:trojan-activity;sid:83678728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.222.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815627/; classtype:trojan-activity;sid:83678727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.82.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815626/; classtype:trojan-activity;sid:83678726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.72.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815625/; classtype:trojan-activity;sid:83678725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815624/; classtype:trojan-activity;sid:83678724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.182.185.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815623/; classtype:trojan-activity;sid:83678723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.83.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815622/; classtype:trojan-activity;sid:83678722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.121.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815621/; classtype:trojan-activity;sid:83678721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bubd"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815620/; classtype:trojan-activity;sid:83678720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bube"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815619/; classtype:trojan-activity;sid:83678719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.90.102.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815618/; classtype:trojan-activity;sid:83678718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.97"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815617/; classtype:trojan-activity;sid:83678717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.208.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815615/; classtype:trojan-activity;sid:83678715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.6.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815616/; classtype:trojan-activity;sid:83678716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/logo4.jpg"; depth:17; endswith; nocase; http.host; content:"sdshsjakdjsaljdkasda.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815614/; classtype:trojan-activity;sid:83678714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/share/avp.msi"; depth:14; endswith; nocase; http.host; content:"krd6.com"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815613/; classtype:trojan-activity;sid:83678713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aab"; depth:4; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815612/; classtype:trojan-activity;sid:83678712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815608/; classtype:trojan-activity;sid:83678708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aad"; depth:4; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815609/; classtype:trojan-activity;sid:83678709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815610/; classtype:trojan-activity;sid:83678710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aac"; depth:4; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815611/; classtype:trojan-activity;sid:83678711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"185.140.53.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815607/; classtype:trojan-activity;sid:83678707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.152.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815606/; classtype:trojan-activity;sid:83678706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815605/; classtype:trojan-activity;sid:83678705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.61.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815604/; classtype:trojan-activity;sid:83678704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.215.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815603/; classtype:trojan-activity;sid:83678703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.94.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815602/; classtype:trojan-activity;sid:83678702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.82.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815599/; classtype:trojan-activity;sid:83678699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.84.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815600/; classtype:trojan-activity;sid:83678700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.146.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815601/; classtype:trojan-activity;sid:83678701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815598/; classtype:trojan-activity;sid:83678698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.147.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815597/; classtype:trojan-activity;sid:83678697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815596/; classtype:trojan-activity;sid:83678696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.22.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815595/; classtype:trojan-activity;sid:83678695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.238.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815594/; classtype:trojan-activity;sid:83678694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.17.226.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815593/; classtype:trojan-activity;sid:83678693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.172.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815592/; classtype:trojan-activity;sid:83678692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.72.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815591/; classtype:trojan-activity;sid:83678691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.7.182"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815590/; classtype:trojan-activity;sid:83678690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815589/; classtype:trojan-activity;sid:83678689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815588/; classtype:trojan-activity;sid:83678688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.172.19.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815587/; classtype:trojan-activity;sid:83678687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.34.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815586/; classtype:trojan-activity;sid:83678686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.36.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815585/; classtype:trojan-activity;sid:83678685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.152.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815584/; classtype:trojan-activity;sid:83678684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.190.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815583/; classtype:trojan-activity;sid:83678683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.97"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815582/; classtype:trojan-activity;sid:83678682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.176.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815580/; classtype:trojan-activity;sid:83678680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.42.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815581/; classtype:trojan-activity;sid:83678681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.112.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815579/; classtype:trojan-activity;sid:83678679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815578/; classtype:trojan-activity;sid:83678678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"afwme.register.arpsychotherapy.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815577/; classtype:trojan-activity;sid:83678677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.170.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815576/; classtype:trojan-activity;sid:83678676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.94.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815575/; classtype:trojan-activity;sid:83678675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.95.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815574/; classtype:trojan-activity;sid:83678674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mips"; depth:12; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815566/; classtype:trojan-activity;sid:83678666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.m68k"; depth:12; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815567/; classtype:trojan-activity;sid:83678667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sh4"; depth:11; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815568/; classtype:trojan-activity;sid:83678668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm6"; depth:12; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815569/; classtype:trojan-activity;sid:83678669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.powerpc"; depth:15; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815570/; classtype:trojan-activity;sid:83678670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm5"; depth:12; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815571/; classtype:trojan-activity;sid:83678671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.78.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815572/; classtype:trojan-activity;sid:83678672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mipsel"; depth:14; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815573/; classtype:trojan-activity;sid:83678673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sparc"; depth:13; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815565/; classtype:trojan-activity;sid:83678665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.255.208.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815564/; classtype:trojan-activity;sid:83678664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.246.124.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815563/; classtype:trojan-activity;sid:83678663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.0.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815562/; classtype:trojan-activity;sid:83678662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.192.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815561/; classtype:trojan-activity;sid:83678661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.45.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815560/; classtype:trojan-activity;sid:83678660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.149.139.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815559/; classtype:trojan-activity;sid:83678659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.43.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815558/; classtype:trojan-activity;sid:83678658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815557/; classtype:trojan-activity;sid:83678657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.206.51.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815556/; classtype:trojan-activity;sid:83678656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.78.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815555/; classtype:trojan-activity;sid:83678655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815554/; classtype:trojan-activity;sid:83678654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"217.69.15.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815553/; classtype:trojan-activity;sid:83678653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668707770|3f|hash=bv4pz1v97zngtzwqpn8llivt1gzuu1wygqjcr4mesko|7c|26|7c|dl=fg2d9ovvc100vdeiizv3ifir4smejduh7rnpteektv0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815552/; classtype:trojan-activity;sid:83678652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.196.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815551/; classtype:trojan-activity;sid:83678651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.155.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815550/; classtype:trojan-activity;sid:83678650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.224.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815549/; classtype:trojan-activity;sid:83678649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.48.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815548/; classtype:trojan-activity;sid:83678648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.91.14.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815547/; classtype:trojan-activity;sid:83678647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.170.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815546/; classtype:trojan-activity;sid:83678646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.229.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815545/; classtype:trojan-activity;sid:83678645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.93.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815544/; classtype:trojan-activity;sid:83678644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.115.254.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815543/; classtype:trojan-activity;sid:83678643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815541/; classtype:trojan-activity;sid:83678641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.102.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815542/; classtype:trojan-activity;sid:83678642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.77.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815538/; classtype:trojan-activity;sid:83678638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.3.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815539/; classtype:trojan-activity;sid:83678639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.173.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815540/; classtype:trojan-activity;sid:83678640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.55.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815537/; classtype:trojan-activity;sid:83678637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.60.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815536/; classtype:trojan-activity;sid:83678636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.227.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815535/; classtype:trojan-activity;sid:83678635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.82.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815533/; classtype:trojan-activity;sid:83678633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.43.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815534/; classtype:trojan-activity;sid:83678634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.149.139.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815532/; classtype:trojan-activity;sid:83678632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815531/; classtype:trojan-activity;sid:83678631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668706588|3f|hash=cas6km0ftrznqfyftz7jyxkzdtxibfna0d31zwd3f1l|7c|26|7c|dl=etrquhzntdlxkxjitzknfjjpeplxdk3kn6vrzz2108w|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815530/; classtype:trojan-activity;sid:83678630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.2.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815529/; classtype:trojan-activity;sid:83678629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.206.51.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815528/; classtype:trojan-activity;sid:83678628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815527/; classtype:trojan-activity;sid:83678627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.91.14.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815526/; classtype:trojan-activity;sid:83678626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.255.208.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815525/; classtype:trojan-activity;sid:83678625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.24.85.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815524/; classtype:trojan-activity;sid:83678624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.133.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815523/; classtype:trojan-activity;sid:83678623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.8.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815522/; classtype:trojan-activity;sid:83678622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.84.33.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815521/; classtype:trojan-activity;sid:83678621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.46.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815520/; classtype:trojan-activity;sid:83678620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.111.82.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815519/; classtype:trojan-activity;sid:83678619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.48.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815518/; classtype:trojan-activity;sid:83678618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815517/; classtype:trojan-activity;sid:83678617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.155.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815516/; classtype:trojan-activity;sid:83678616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.231.114.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815515/; classtype:trojan-activity;sid:83678615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.86.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815512/; classtype:trojan-activity;sid:83678612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.16.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815513/; classtype:trojan-activity;sid:83678613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.218.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815514/; classtype:trojan-activity;sid:83678614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.16.82.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815511/; classtype:trojan-activity;sid:83678611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.132.78.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815510/; classtype:trojan-activity;sid:83678610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb1.sh"; depth:8; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815509/; classtype:trojan-activity;sid:83678609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu.sh"; depth:8; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815508/; classtype:trojan-activity;sid:83678608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb1.sh"; depth:8; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815506/; classtype:trojan-activity;sid:83678606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb3.sh"; depth:8; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815507/; classtype:trojan-activity;sid:83678607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb2.sh"; depth:8; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815502/; classtype:trojan-activity;sid:83678602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb2.sh"; depth:8; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815503/; classtype:trojan-activity;sid:83678603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb3.sh"; depth:8; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815504/; classtype:trojan-activity;sid:83678604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu.sh"; depth:8; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815505/; classtype:trojan-activity;sid:83678605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.58.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815501/; classtype:trojan-activity;sid:83678601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm"; depth:10; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815494/; classtype:trojan-activity;sid:83678594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm6"; depth:11; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815495/; classtype:trojan-activity;sid:83678595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm5"; depth:11; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815496/; classtype:trojan-activity;sid:83678596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm7"; depth:11; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815497/; classtype:trojan-activity;sid:83678597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86"; depth:10; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815498/; classtype:trojan-activity;sid:83678598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86_64"; depth:13; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815499/; classtype:trojan-activity;sid:83678599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mips"; depth:11; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815500/; classtype:trojan-activity;sid:83678600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.spc"; depth:10; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815490/; classtype:trojan-activity;sid:83678590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.ppc"; depth:10; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815491/; classtype:trojan-activity;sid:83678591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.m68k"; depth:11; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815492/; classtype:trojan-activity;sid:83678592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mpsl"; depth:11; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815493/; classtype:trojan-activity;sid:83678593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.sh4"; depth:10; endswith; nocase; http.host; content:"net-killer.verminteam.link"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815489/; classtype:trojan-activity;sid:83678589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.197.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815488/; classtype:trojan-activity;sid:83678588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.111.82.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815487/; classtype:trojan-activity;sid:83678587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.223.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815486/; classtype:trojan-activity;sid:83678586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815485/; classtype:trojan-activity;sid:83678585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.30.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815484/; classtype:trojan-activity;sid:83678584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.129.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815483/; classtype:trojan-activity;sid:83678583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815482/; classtype:trojan-activity;sid:83678582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb1.sh"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815478/; classtype:trojan-activity;sid:83678578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu.sh"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815479/; classtype:trojan-activity;sid:83678579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb3.sh"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815480/; classtype:trojan-activity;sid:83678580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb2.sh"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815481/; classtype:trojan-activity;sid:83678581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm7"; depth:11; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815477/; classtype:trojan-activity;sid:83678577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86_64"; depth:13; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815474/; classtype:trojan-activity;sid:83678574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm"; depth:10; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815475/; classtype:trojan-activity;sid:83678575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86"; depth:10; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815476/; classtype:trojan-activity;sid:83678576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mpsl"; depth:11; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815473/; classtype:trojan-activity;sid:83678573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.ppc"; depth:10; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815472/; classtype:trojan-activity;sid:83678572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm6"; depth:11; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815471/; classtype:trojan-activity;sid:83678571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm5"; depth:11; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815470/; classtype:trojan-activity;sid:83678570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mips"; depth:11; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815469/; classtype:trojan-activity;sid:83678569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.sh4"; depth:10; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815466/; classtype:trojan-activity;sid:83678566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.spc"; depth:10; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815467/; classtype:trojan-activity;sid:83678567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.m68k"; depth:11; endswith; nocase; http.host; content:"botnettajima.ddns.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815468/; classtype:trojan-activity;sid:83678568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mips"; depth:11; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815465/; classtype:trojan-activity;sid:83678565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm5"; depth:11; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815464/; classtype:trojan-activity;sid:83678564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm7"; depth:11; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815462/; classtype:trojan-activity;sid:83678562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.ppc"; depth:10; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815463/; classtype:trojan-activity;sid:83678563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86_64"; depth:13; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815460/; classtype:trojan-activity;sid:83678560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm6"; depth:11; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815461/; classtype:trojan-activity;sid:83678561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.m68k"; depth:11; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815458/; classtype:trojan-activity;sid:83678558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.arm"; depth:10; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815459/; classtype:trojan-activity;sid:83678559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.sh4"; depth:10; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815454/; classtype:trojan-activity;sid:83678554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.x86"; depth:10; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815455/; classtype:trojan-activity;sid:83678555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.spc"; depth:10; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815456/; classtype:trojan-activity;sid:83678556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tajma.mpsl"; depth:11; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815457/; classtype:trojan-activity;sid:83678557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.147.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815453/; classtype:trojan-activity;sid:83678553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.225.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815452/; classtype:trojan-activity;sid:83678552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815450/; classtype:trojan-activity;sid:83678550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.75.209.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815451/; classtype:trojan-activity;sid:83678551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815444/; classtype:trojan-activity;sid:83678544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815445/; classtype:trojan-activity;sid:83678545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815446/; classtype:trojan-activity;sid:83678546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815447/; classtype:trojan-activity;sid:83678547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815448/; classtype:trojan-activity;sid:83678548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815449/; classtype:trojan-activity;sid:83678549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815440/; classtype:trojan-activity;sid:83678540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815441/; classtype:trojan-activity;sid:83678541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815442/; classtype:trojan-activity;sid:83678542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"93.123.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815443/; classtype:trojan-activity;sid:83678543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.102.122.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815438/; classtype:trojan-activity;sid:83678538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.148.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815439/; classtype:trojan-activity;sid:83678539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.127.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815437/; classtype:trojan-activity;sid:83678537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.197.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815436/; classtype:trojan-activity;sid:83678536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.223.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815435/; classtype:trojan-activity;sid:83678535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.23.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815434/; classtype:trojan-activity;sid:83678534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.51.173.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815433/; classtype:trojan-activity;sid:83678533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.21.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815432/; classtype:trojan-activity;sid:83678532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815431/; classtype:trojan-activity;sid:83678531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.17.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815430/; classtype:trojan-activity;sid:83678530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.207.62.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815429/; classtype:trojan-activity;sid:83678529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.137.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815428/; classtype:trojan-activity;sid:83678528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.254.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815427/; classtype:trojan-activity;sid:83678527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.254.189.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815426/; classtype:trojan-activity;sid:83678526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.127.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815425/; classtype:trojan-activity;sid:83678525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.34.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815424/; classtype:trojan-activity;sid:83678524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.184.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815423/; classtype:trojan-activity;sid:83678523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.184.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815422/; classtype:trojan-activity;sid:83678522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.21.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815421/; classtype:trojan-activity;sid:83678521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.137.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815420/; classtype:trojan-activity;sid:83678520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.67.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815419/; classtype:trojan-activity;sid:83678519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.34.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815418/; classtype:trojan-activity;sid:83678518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.149.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815417/; classtype:trojan-activity;sid:83678517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.205.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815415/; classtype:trojan-activity;sid:83678515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.205.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815416/; classtype:trojan-activity;sid:83678516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.121.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815414/; classtype:trojan-activity;sid:83678514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.52.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815413/; classtype:trojan-activity;sid:83678513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.63.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815412/; classtype:trojan-activity;sid:83678512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.137.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815411/; classtype:trojan-activity;sid:83678511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.152.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815410/; classtype:trojan-activity;sid:83678510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.168.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815409/; classtype:trojan-activity;sid:83678509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"47.222.117.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815408/; classtype:trojan-activity;sid:83678508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.144.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815407/; classtype:trojan-activity;sid:83678507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.83.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815406/; classtype:trojan-activity;sid:83678506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.170.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815405/; classtype:trojan-activity;sid:83678505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.84.232.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815404/; classtype:trojan-activity;sid:83678504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.175.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815403/; classtype:trojan-activity;sid:83678503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.42.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815402/; classtype:trojan-activity;sid:83678502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.86.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815401/; classtype:trojan-activity;sid:83678501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.3.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815400/; classtype:trojan-activity;sid:83678500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815397/; classtype:trojan-activity;sid:83678497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815398/; classtype:trojan-activity;sid:83678498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815399/; classtype:trojan-activity;sid:83678499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815390/; classtype:trojan-activity;sid:83678490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.57.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815391/; classtype:trojan-activity;sid:83678491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815392/; classtype:trojan-activity;sid:83678492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815393/; classtype:trojan-activity;sid:83678493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815394/; classtype:trojan-activity;sid:83678494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815395/; classtype:trojan-activity;sid:83678495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815396/; classtype:trojan-activity;sid:83678496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815386/; classtype:trojan-activity;sid:83678486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815387/; classtype:trojan-activity;sid:83678487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815388/; classtype:trojan-activity;sid:83678488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815389/; classtype:trojan-activity;sid:83678489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.34.231.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815385/; classtype:trojan-activity;sid:83678485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.64.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815384/; classtype:trojan-activity;sid:83678484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.58.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815383/; classtype:trojan-activity;sid:83678483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815382/; classtype:trojan-activity;sid:83678482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.232.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815381/; classtype:trojan-activity;sid:83678481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.98.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815379/; classtype:trojan-activity;sid:83678479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.144.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815380/; classtype:trojan-activity;sid:83678480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.190.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815378/; classtype:trojan-activity;sid:83678478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.58.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815377/; classtype:trojan-activity;sid:83678477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.182.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815376/; classtype:trojan-activity;sid:83678476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815375/; classtype:trojan-activity;sid:83678475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.199.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815374/; classtype:trojan-activity;sid:83678474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.64.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815373/; classtype:trojan-activity;sid:83678473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.202.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815372/; classtype:trojan-activity;sid:83678472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815371/; classtype:trojan-activity;sid:83678471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815370/; classtype:trojan-activity;sid:83678470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.57.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815369/; classtype:trojan-activity;sid:83678469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.109.73.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815368/; classtype:trojan-activity;sid:83678468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.97.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815367/; classtype:trojan-activity;sid:83678467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.255.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815366/; classtype:trojan-activity;sid:83678466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/arm"; depth:11; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815362/; classtype:trojan-activity;sid:83678462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/x86"; depth:11; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815363/; classtype:trojan-activity;sid:83678463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/mips"; depth:12; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815364/; classtype:trojan-activity;sid:83678464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/arm7"; depth:12; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815365/; classtype:trojan-activity;sid:83678465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/m68k"; depth:12; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815356/; classtype:trojan-activity;sid:83678456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/sh4"; depth:11; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815357/; classtype:trojan-activity;sid:83678457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/mpsl"; depth:12; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815358/; classtype:trojan-activity;sid:83678458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/arm6"; depth:12; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815359/; classtype:trojan-activity;sid:83678459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/spc"; depth:11; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815360/; classtype:trojan-activity;sid:83678460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/ppc"; depth:11; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815361/; classtype:trojan-activity;sid:83678461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwuuwu/arm5"; depth:12; endswith; nocase; http.host; content:"162.250.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815355/; classtype:trojan-activity;sid:83678455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedbash"; depth:9; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815354/; classtype:trojan-activity;sid:83678454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedopenssh"; depth:12; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815351/; classtype:trojan-activity;sid:83678451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedsshd"; depth:9; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815352/; classtype:trojan-activity;sid:83678452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedntpd"; depth:9; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815353/; classtype:trojan-activity;sid:83678453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedftp"; depth:8; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815344/; classtype:trojan-activity;sid:83678444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedwget"; depth:9; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815345/; classtype:trojan-activity;sid:83678445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedshit"; depth:9; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815346/; classtype:trojan-activity;sid:83678446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedcron"; depth:9; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815347/; classtype:trojan-activity;sid:83678447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedtftp"; depth:9; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815348/; classtype:trojan-activity;sid:83678448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedapache2"; depth:12; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815349/; classtype:trojan-activity;sid:83678449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedpftp"; depth:9; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815350/; classtype:trojan-activity;sid:83678450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weedsh"; depth:7; endswith; nocase; http.host; content:"85.239.55.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815343/; classtype:trojan-activity;sid:83678443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815342/; classtype:trojan-activity;sid:83678442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.178.41.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815341/; classtype:trojan-activity;sid:83678441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.99.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815340/; classtype:trojan-activity;sid:83678440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.252.201.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815339/; classtype:trojan-activity;sid:83678439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815338/; classtype:trojan-activity;sid:83678438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815337/; classtype:trojan-activity;sid:83678437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.179.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815336/; classtype:trojan-activity;sid:83678436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815335/; classtype:trojan-activity;sid:83678435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.212.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815334/; classtype:trojan-activity;sid:83678434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.111.220.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815333/; classtype:trojan-activity;sid:83678433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dashboard/1.exe"; depth:16; endswith; nocase; http.host; content:"195.2.70.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815332/; classtype:trojan-activity;sid:83678432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.176.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815331/; classtype:trojan-activity;sid:83678431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815329/; classtype:trojan-activity;sid:83678429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815330/; classtype:trojan-activity;sid:83678430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815326/; classtype:trojan-activity;sid:83678426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh4"; depth:11; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815327/; classtype:trojan-activity;sid:83678427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815328/; classtype:trojan-activity;sid:83678428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815324/; classtype:trojan-activity;sid:83678424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815325/; classtype:trojan-activity;sid:83678425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815319/; classtype:trojan-activity;sid:83678419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815320/; classtype:trojan-activity;sid:83678420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x32"; depth:11; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815321/; classtype:trojan-activity;sid:83678421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815322/; classtype:trojan-activity;sid:83678422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mpsl"; depth:12; endswith; nocase; http.host; content:"79.132.128.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815323/; classtype:trojan-activity;sid:83678423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.33.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815318/; classtype:trojan-activity;sid:83678418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.239.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815317/; classtype:trojan-activity;sid:83678417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.62.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815316/; classtype:trojan-activity;sid:83678416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815315/; classtype:trojan-activity;sid:83678415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.146.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815314/; classtype:trojan-activity;sid:83678414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815313/; classtype:trojan-activity;sid:83678413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.255.88.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815312/; classtype:trojan-activity;sid:83678412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.206.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815311/; classtype:trojan-activity;sid:83678411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.168.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815310/; classtype:trojan-activity;sid:83678410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815309/; classtype:trojan-activity;sid:83678409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.62.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815308/; classtype:trojan-activity;sid:83678408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815307/; classtype:trojan-activity;sid:83678407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.33.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815306/; classtype:trojan-activity;sid:83678406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815305/; classtype:trojan-activity;sid:83678405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.168.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815304/; classtype:trojan-activity;sid:83678404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.58.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815303/; classtype:trojan-activity;sid:83678403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.168.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815302/; classtype:trojan-activity;sid:83678402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815301/; classtype:trojan-activity;sid:83678401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.156.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815300/; classtype:trojan-activity;sid:83678400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815299/; classtype:trojan-activity;sid:83678399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.122.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815298/; classtype:trojan-activity;sid:83678398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.143.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815297/; classtype:trojan-activity;sid:83678397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.55.128.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815296/; classtype:trojan-activity;sid:83678396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.93.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815295/; classtype:trojan-activity;sid:83678395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.12.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815294/; classtype:trojan-activity;sid:83678394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.176.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815292/; classtype:trojan-activity;sid:83678392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.104.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815293/; classtype:trojan-activity;sid:83678393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.240.255.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815291/; classtype:trojan-activity;sid:83678391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815290/; classtype:trojan-activity;sid:83678390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.171.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815289/; classtype:trojan-activity;sid:83678389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.89.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815288/; classtype:trojan-activity;sid:83678388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.111.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815287/; classtype:trojan-activity;sid:83678387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.112.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815286/; classtype:trojan-activity;sid:83678386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815284/; classtype:trojan-activity;sid:83678384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668688169|3f|hash=0ab9bpvtzmb7qqqtbhlhzlde9zilj7gro2ozw2grliz|7c|26|7c|dl=uucinq8yjwuqeaf0zlfc9yqtj0nn529siz6jb2etl3h|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815285/; classtype:trojan-activity;sid:83678385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.206.112.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815283/; classtype:trojan-activity;sid:83678383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.77.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815282/; classtype:trojan-activity;sid:83678382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.184.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815281/; classtype:trojan-activity;sid:83678381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.9.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815280/; classtype:trojan-activity;sid:83678380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.0.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815279/; classtype:trojan-activity;sid:83678379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815278/; classtype:trojan-activity;sid:83678378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.185.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815277/; classtype:trojan-activity;sid:83678377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.51.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815276/; classtype:trojan-activity;sid:83678376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668688203|3f|hash=pkpcsrgfuwugqdtrncmfda3qzchzz1ca59ejeu9ct3s|7c|26|7c|dl=wydah3dvkt3doqmuzql1yhk69rrbtgtzjwzdwydlxel|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815275/; classtype:trojan-activity;sid:83678375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wingo/menta.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815274/; classtype:trojan-activity;sid:83678374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.103.201.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815273/; classtype:trojan-activity;sid:83678373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815268/; classtype:trojan-activity;sid:83678368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815269/; classtype:trojan-activity;sid:83678369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815270/; classtype:trojan-activity;sid:83678370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815271/; classtype:trojan-activity;sid:83678371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815272/; classtype:trojan-activity;sid:83678372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815245/; classtype:trojan-activity;sid:83678345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815246/; classtype:trojan-activity;sid:83678346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815247/; classtype:trojan-activity;sid:83678347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815248/; classtype:trojan-activity;sid:83678348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815249/; classtype:trojan-activity;sid:83678349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815250/; classtype:trojan-activity;sid:83678350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815251/; classtype:trojan-activity;sid:83678351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815252/; classtype:trojan-activity;sid:83678352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815253/; classtype:trojan-activity;sid:83678353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815254/; classtype:trojan-activity;sid:83678354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815255/; classtype:trojan-activity;sid:83678355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815256/; classtype:trojan-activity;sid:83678356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815257/; classtype:trojan-activity;sid:83678357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815258/; classtype:trojan-activity;sid:83678358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815259/; classtype:trojan-activity;sid:83678359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815260/; classtype:trojan-activity;sid:83678360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815261/; classtype:trojan-activity;sid:83678361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815262/; classtype:trojan-activity;sid:83678362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815263/; classtype:trojan-activity;sid:83678363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815264/; classtype:trojan-activity;sid:83678364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815265/; classtype:trojan-activity;sid:83678365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815266/; classtype:trojan-activity;sid:83678366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815267/; classtype:trojan-activity;sid:83678367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815244/; classtype:trojan-activity;sid:83678344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.sh"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815241/; classtype:trojan-activity;sid:83678341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815242/; classtype:trojan-activity;sid:83678342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815243/; classtype:trojan-activity;sid:83678343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.171.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815240/; classtype:trojan-activity;sid:83678340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.143.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815239/; classtype:trojan-activity;sid:83678339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.21.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815238/; classtype:trojan-activity;sid:83678338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815237/; classtype:trojan-activity;sid:83678337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.21.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815236/; classtype:trojan-activity;sid:83678336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.203.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815235/; classtype:trojan-activity;sid:83678335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.80.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815234/; classtype:trojan-activity;sid:83678334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.112.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815233/; classtype:trojan-activity;sid:83678333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.234.97.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815232/; classtype:trojan-activity;sid:83678332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815231/; classtype:trojan-activity;sid:83678331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jrylhum101.bin"; depth:15; endswith; nocase; http.host; content:"192.3.216.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815229/; classtype:trojan-activity;sid:83678329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forringernes.hhk"; depth:17; endswith; nocase; http.host; content:"192.3.216.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815230/; classtype:trojan-activity;sid:83678330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.70.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815228/; classtype:trojan-activity;sid:83678328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.177.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815227/; classtype:trojan-activity;sid:83678327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"47.222.117.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815226/; classtype:trojan-activity;sid:83678326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.67.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815225/; classtype:trojan-activity;sid:83678325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.39.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815224/; classtype:trojan-activity;sid:83678324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.128.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815223/; classtype:trojan-activity;sid:83678323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eivins.lpk"; depth:11; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815222/; classtype:trojan-activity;sid:83678322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.180.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815221/; classtype:trojan-activity;sid:83678321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbfizike234.bin"; depth:16; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815216/; classtype:trojan-activity;sid:83678316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/versalskriftes204.mso"; depth:22; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815217/; classtype:trojan-activity;sid:83678317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kolonialvaren.sea"; depth:18; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815218/; classtype:trojan-activity;sid:83678318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otuqqtmxenmndwnvoaxltat192.bin"; depth:31; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815219/; classtype:trojan-activity;sid:83678319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lvtpvrtpeeeakbcbj78.bin"; depth:24; endswith; nocase; http.host; content:"87.121.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815220/; classtype:trojan-activity;sid:83678320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.189.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815215/; classtype:trojan-activity;sid:83678315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1229040617276047393/1229042573927256137/betaunfrated.exe|3f|ex=662e3e18|7c|26|7c|is=661bc918|7c|26|7c|hm=9b188f35c9e9ba60fe9ce6bd4a19237a112525fb3cf84551b02e331baa73614a|7c|26|7c|"; depth:192; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815214/; classtype:trojan-activity;sid:83678314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815213/; classtype:trojan-activity;sid:83678313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815212/; classtype:trojan-activity;sid:83678312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.61.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815211/; classtype:trojan-activity;sid:83678311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.198.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815209/; classtype:trojan-activity;sid:83678309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.92.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815210/; classtype:trojan-activity;sid:83678310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.111.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815208/; classtype:trojan-activity;sid:83678308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815207/; classtype:trojan-activity;sid:83678307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.249.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815206/; classtype:trojan-activity;sid:83678306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.83.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815205/; classtype:trojan-activity;sid:83678305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.219.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815204/; classtype:trojan-activity;sid:83678304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.160.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815203/; classtype:trojan-activity;sid:83678303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815202/; classtype:trojan-activity;sid:83678302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.2.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815201/; classtype:trojan-activity;sid:83678301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.193.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815200/; classtype:trojan-activity;sid:83678300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.62.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815199/; classtype:trojan-activity;sid:83678299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.92.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815198/; classtype:trojan-activity;sid:83678298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.198.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815197/; classtype:trojan-activity;sid:83678297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.113.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815196/; classtype:trojan-activity;sid:83678296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.248.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815195/; classtype:trojan-activity;sid:83678295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815185/; classtype:trojan-activity;sid:83678285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815186/; classtype:trojan-activity;sid:83678286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815187/; classtype:trojan-activity;sid:83678287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815188/; classtype:trojan-activity;sid:83678288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815189/; classtype:trojan-activity;sid:83678289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815190/; classtype:trojan-activity;sid:83678290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815191/; classtype:trojan-activity;sid:83678291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815192/; classtype:trojan-activity;sid:83678292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815193/; classtype:trojan-activity;sid:83678293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815194/; classtype:trojan-activity;sid:83678294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7.sh"; depth:5; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815184/; classtype:trojan-activity;sid:83678284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol"; depth:4; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815181/; classtype:trojan-activity;sid:83678281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815182/; classtype:trojan-activity;sid:83678282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"204.76.203.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815183/; classtype:trojan-activity;sid:83678283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.203.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815180/; classtype:trojan-activity;sid:83678280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.103.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815178/; classtype:trojan-activity;sid:83678278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.218.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815179/; classtype:trojan-activity;sid:83678279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.170.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815177/; classtype:trojan-activity;sid:83678277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.223.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815176/; classtype:trojan-activity;sid:83678276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.91.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815175/; classtype:trojan-activity;sid:83678275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815174/; classtype:trojan-activity;sid:83678274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.70.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815173/; classtype:trojan-activity;sid:83678273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.156.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815172/; classtype:trojan-activity;sid:83678272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.89.71.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815171/; classtype:trojan-activity;sid:83678271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.19.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815170/; classtype:trojan-activity;sid:83678270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.36.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815169/; classtype:trojan-activity;sid:83678269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.81.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815168/; classtype:trojan-activity;sid:83678268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.207.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815167/; classtype:trojan-activity;sid:83678267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.218.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815166/; classtype:trojan-activity;sid:83678266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.249.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815165/; classtype:trojan-activity;sid:83678265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.156.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815164/; classtype:trojan-activity;sid:83678264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.203.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815163/; classtype:trojan-activity;sid:83678263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documental/uploads/1bd6b3f10327711b5d39b350cd65b299.txt"; depth:56; endswith; nocase; http.host; content:"playerenterprises.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815162/; classtype:trojan-activity;sid:83678262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/men/prefer%20quotation.zip"; depth:27; endswith; nocase; http.host; content:"firstviewautoservice.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815161/; classtype:trojan-activity;sid:83678261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/lib3.txt"; depth:14; endswith; nocase; http.host; content:"playerenterprises.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815160/; classtype:trojan-activity;sid:83678260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.3.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815159/; classtype:trojan-activity;sid:83678259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.211.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815158/; classtype:trojan-activity;sid:83678258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815156/; classtype:trojan-activity;sid:83678256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.107.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815157/; classtype:trojan-activity;sid:83678257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.3.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815155/; classtype:trojan-activity;sid:83678255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.160.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815154/; classtype:trojan-activity;sid:83678254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.120.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815153/; classtype:trojan-activity;sid:83678253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.82.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815151/; classtype:trojan-activity;sid:83678251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.9.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815152/; classtype:trojan-activity;sid:83678252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.4.243.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815150/; classtype:trojan-activity;sid:83678250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.189.207.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815149/; classtype:trojan-activity;sid:83678249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scer.bin"; depth:9; endswith; nocase; http.host; content:"thrivetrail.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815148/; classtype:trojan-activity;sid:83678248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scbex"; depth:6; endswith; nocase; http.host; content:"thrivetrail.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815147/; classtype:trojan-activity;sid:83678247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.33.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815146/; classtype:trojan-activity;sid:83678246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.225.249.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815144/; classtype:trojan-activity;sid:83678244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.104.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815145/; classtype:trojan-activity;sid:83678245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.120.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815143/; classtype:trojan-activity;sid:83678243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.190.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815142/; classtype:trojan-activity;sid:83678242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.223.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815141/; classtype:trojan-activity;sid:83678241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.147.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815140/; classtype:trojan-activity;sid:83678240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.12.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815139/; classtype:trojan-activity;sid:83678239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.0.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815138/; classtype:trojan-activity;sid:83678238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.55.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815137/; classtype:trojan-activity;sid:83678237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mise.a.jour1.exe"; depth:17; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815135/; classtype:trojan-activity;sid:83678235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mise.a.jour.exe"; depth:16; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815136/; classtype:trojan-activity;sid:83678236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup%203.exe"; depth:14; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815134/; classtype:trojan-activity;sid:83678234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mise.a.jour.cps.exe"; depth:20; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815133/; classtype:trojan-activity;sid:83678233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carte.exe"; depth:10; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815130/; classtype:trojan-activity;sid:83678230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup%204.exe"; depth:14; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815131/; classtype:trojan-activity;sid:83678231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.180.243.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815132/; classtype:trojan-activity;sid:83678232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wizclient.exe"; depth:14; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815123/; classtype:trojan-activity;sid:83678223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cps.exe"; depth:8; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815124/; classtype:trojan-activity;sid:83678224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xeno.exe"; depth:9; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815125/; classtype:trojan-activity;sid:83678225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.exe"; depth:11; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815126/; classtype:trojan-activity;sid:83678226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclient.exe"; depth:12; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815127/; classtype:trojan-activity;sid:83678227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815128/; classtype:trojan-activity;sid:83678228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.exe"; depth:10; endswith; nocase; http.host; content:"86.68.222.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815129/; classtype:trojan-activity;sid:83678229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.181.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815122/; classtype:trojan-activity;sid:83678222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.96.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815121/; classtype:trojan-activity;sid:83678221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.190.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815120/; classtype:trojan-activity;sid:83678220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.188.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815119/; classtype:trojan-activity;sid:83678219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815118/; classtype:trojan-activity;sid:83678218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.44.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815117/; classtype:trojan-activity;sid:83678217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.12.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815116/; classtype:trojan-activity;sid:83678216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.0.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815115/; classtype:trojan-activity;sid:83678215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.55.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815114/; classtype:trojan-activity;sid:83678214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.93.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815113/; classtype:trojan-activity;sid:83678213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.125.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815112/; classtype:trojan-activity;sid:83678212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.223.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815111/; classtype:trojan-activity;sid:83678211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.180.152.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815110/; classtype:trojan-activity;sid:83678210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.155.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815109/; classtype:trojan-activity;sid:83678209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.181.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815108/; classtype:trojan-activity;sid:83678208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.188.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815107/; classtype:trojan-activity;sid:83678207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.129.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815106/; classtype:trojan-activity;sid:83678206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.191.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815105/; classtype:trojan-activity;sid:83678205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815103/; classtype:trojan-activity;sid:83678203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cve.txt"; depth:8; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815104/; classtype:trojan-activity;sid:83678204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/password.txt"; depth:13; endswith; nocase; http.host; content:"ss.02maill.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815102/; classtype:trojan-activity;sid:83678202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips_softfloat"; depth:21; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815101/; classtype:trojan-activity;sid:83678201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815099/; classtype:trojan-activity;sid:83678199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815100/; classtype:trojan-activity;sid:83678200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815098/; classtype:trojan-activity;sid:83678198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815090/; classtype:trojan-activity;sid:83678190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815091/; classtype:trojan-activity;sid:83678191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815092/; classtype:trojan-activity;sid:83678192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64_softfloat"; depth:23; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815093/; classtype:trojan-activity;sid:83678193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel_softfloat"; depth:23; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815094/; classtype:trojan-activity;sid:83678194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815095/; classtype:trojan-activity;sid:83678195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el_softfloat"; depth:25; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815096/; classtype:trojan-activity;sid:83678196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815097/; classtype:trojan-activity;sid:83678197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm64"; depth:12; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815089/; classtype:trojan-activity;sid:83678189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64"; depth:12; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815087/; classtype:trojan-activity;sid:83678187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64el"; depth:14; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815088/; classtype:trojan-activity;sid:83678188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815086/; classtype:trojan-activity;sid:83678186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.exe"; depth:8; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815085/; classtype:trojan-activity;sid:83678185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.99.215.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815084/; classtype:trojan-activity;sid:83678184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ccxiao.sh"; depth:10; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815082/; classtype:trojan-activity;sid:83678182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.246.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815083/; classtype:trojan-activity;sid:83678183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"103.42.31.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815081/; classtype:trojan-activity;sid:83678181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815080/; classtype:trojan-activity;sid:83678180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.125.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815079/; classtype:trojan-activity;sid:83678179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.190.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815078/; classtype:trojan-activity;sid:83678178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815076/; classtype:trojan-activity;sid:83678176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.243.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815077/; classtype:trojan-activity;sid:83678177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815075/; classtype:trojan-activity;sid:83678175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.1.227"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815074/; classtype:trojan-activity;sid:83678174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.93.19.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815073/; classtype:trojan-activity;sid:83678173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.225.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815071/; classtype:trojan-activity;sid:83678171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.254.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815072/; classtype:trojan-activity;sid:83678172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815070/; classtype:trojan-activity;sid:83678170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.96.25.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815069/; classtype:trojan-activity;sid:83678169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815068/; classtype:trojan-activity;sid:83678168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.217.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815067/; classtype:trojan-activity;sid:83678167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.129.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815066/; classtype:trojan-activity;sid:83678166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.230.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815065/; classtype:trojan-activity;sid:83678165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.255.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815064/; classtype:trojan-activity;sid:83678164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.223.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815063/; classtype:trojan-activity;sid:83678163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815062/; classtype:trojan-activity;sid:83678162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.27.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815061/; classtype:trojan-activity;sid:83678161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.185.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815060/; classtype:trojan-activity;sid:83678160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.190.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815059/; classtype:trojan-activity;sid:83678159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.132.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815058/; classtype:trojan-activity;sid:83678158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.251.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815057/; classtype:trojan-activity;sid:83678157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.203.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815056/; classtype:trojan-activity;sid:83678156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.181.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815055/; classtype:trojan-activity;sid:83678155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_a7l"; depth:10; endswith; nocase; http.host; content:"193.221.95.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815054/; classtype:trojan-activity;sid:83678154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.62.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815052/; classtype:trojan-activity;sid:83678152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_a5l"; depth:10; endswith; nocase; http.host; content:"193.221.95.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815053/; classtype:trojan-activity;sid:83678153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goov_av"; depth:8; endswith; nocase; http.host; content:"193.221.95.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815051/; classtype:trojan-activity;sid:83678151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.160.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815050/; classtype:trojan-activity;sid:83678150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.56.147.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815049/; classtype:trojan-activity;sid:83678149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.47.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815048/; classtype:trojan-activity;sid:83678148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.151.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815047/; classtype:trojan-activity;sid:83678147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815046/; classtype:trojan-activity;sid:83678146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.84.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815043/; classtype:trojan-activity;sid:83678143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.32.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815044/; classtype:trojan-activity;sid:83678144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.59.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815045/; classtype:trojan-activity;sid:83678145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.237.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815042/; classtype:trojan-activity;sid:83678142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.0.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815041/; classtype:trojan-activity;sid:83678141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815039/; classtype:trojan-activity;sid:83678139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.198.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815040/; classtype:trojan-activity;sid:83678140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.17.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815038/; classtype:trojan-activity;sid:83678138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.224.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815037/; classtype:trojan-activity;sid:83678137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.33.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815036/; classtype:trojan-activity;sid:83678136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.206.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815035/; classtype:trojan-activity;sid:83678135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.251.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815033/; classtype:trojan-activity;sid:83678133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.167.13.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815034/; classtype:trojan-activity;sid:83678134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.190.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815030/; classtype:trojan-activity;sid:83678130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.199.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815031/; classtype:trojan-activity;sid:83678131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.189.207.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815032/; classtype:trojan-activity;sid:83678132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.160.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815029/; classtype:trojan-activity;sid:83678129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.59.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815028/; classtype:trojan-activity;sid:83678128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.198.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815027/; classtype:trojan-activity;sid:83678127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.62.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815026/; classtype:trojan-activity;sid:83678126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.237.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815025/; classtype:trojan-activity;sid:83678125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.107.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815024/; classtype:trojan-activity;sid:83678124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815023/; classtype:trojan-activity;sid:83678123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.175.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815022/; classtype:trojan-activity;sid:83678122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815021/; classtype:trojan-activity;sid:83678121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.0.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815020/; classtype:trojan-activity;sid:83678120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.49.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815019/; classtype:trojan-activity;sid:83678119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815018/; classtype:trojan-activity;sid:83678118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.254.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815017/; classtype:trojan-activity;sid:83678117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.205.253.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815016/; classtype:trojan-activity;sid:83678116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.246.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815015/; classtype:trojan-activity;sid:83678115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.123.216.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815013/; classtype:trojan-activity;sid:83678113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.168.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815014/; classtype:trojan-activity;sid:83678114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.107.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815012/; classtype:trojan-activity;sid:83678112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.212.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815011/; classtype:trojan-activity;sid:83678111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815010/; classtype:trojan-activity;sid:83678110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.96.25.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815009/; classtype:trojan-activity;sid:83678109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.150.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815008/; classtype:trojan-activity;sid:83678108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.206.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815007/; classtype:trojan-activity;sid:83678107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.162.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815005/; classtype:trojan-activity;sid:83678105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815006/; classtype:trojan-activity;sid:83678106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.97.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815004/; classtype:trojan-activity;sid:83678104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sspc"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815000/; classtype:trojan-activity;sid:83678100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sarm6"; depth:8; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815001/; classtype:trojan-activity;sid:83678101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sarm"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815002/; classtype:trojan-activity;sid:83678102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sarm5"; depth:8; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815003/; classtype:trojan-activity;sid:83678103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sm68k"; depth:8; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814992/; classtype:trojan-activity;sid:83678092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.smips"; depth:8; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814993/; classtype:trojan-activity;sid:83678093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sx86"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814994/; classtype:trojan-activity;sid:83678094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sppc"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814995/; classtype:trojan-activity;sid:83678095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sx86_64"; depth:10; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814996/; classtype:trojan-activity;sid:83678096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//ssh4"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814997/; classtype:trojan-activity;sid:83678097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.smpsl"; depth:8; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814998/; classtype:trojan-activity;sid:83678098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.sarm7"; depth:8; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814999/; classtype:trojan-activity;sid:83678099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.87.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814991/; classtype:trojan-activity;sid:83678091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814990/; classtype:trojan-activity;sid:83678090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/responsibilityleadpro.exe"; depth:26; endswith; nocase; http.host; content:"94.156.67.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814989/; classtype:trojan-activity;sid:83678089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814988/; classtype:trojan-activity;sid:83678088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.205.253.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814987/; classtype:trojan-activity;sid:83678087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"14.153.215.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814986/; classtype:trojan-activity;sid:83678086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814985/; classtype:trojan-activity;sid:83678085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.216.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814984/; classtype:trojan-activity;sid:83678084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.123.216.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814983/; classtype:trojan-activity;sid:83678083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814982/; classtype:trojan-activity;sid:83678082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.48.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814981/; classtype:trojan-activity;sid:83678081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814980/; classtype:trojan-activity;sid:83678080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.161.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814978/; classtype:trojan-activity;sid:83678078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.146.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814979/; classtype:trojan-activity;sid:83678079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.96.25.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814977/; classtype:trojan-activity;sid:83678077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.207.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814976/; classtype:trojan-activity;sid:83678076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.txt"; depth:6; endswith; nocase; http.host; content:"35.233.238.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814975/; classtype:trojan-activity;sid:83678075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.jpg"; depth:6; endswith; nocase; http.host; content:"35.233.238.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814974/; classtype:trojan-activity;sid:83678074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twi.jpg"; depth:8; endswith; nocase; http.host; content:"192.159.99.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814967/; classtype:trojan-activity;sid:83678067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old.jpg"; depth:8; endswith; nocase; http.host; content:"207.32.219.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814968/; classtype:trojan-activity;sid:83678068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/to.txt"; depth:7; endswith; nocase; http.host; content:"207.244.249.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814969/; classtype:trojan-activity;sid:83678069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gg.jpg"; depth:7; endswith; nocase; http.host; content:"192.3.109.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814970/; classtype:trojan-activity;sid:83678070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33.txt"; depth:7; endswith; nocase; http.host; content:"207.244.249.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814971/; classtype:trojan-activity;sid:83678071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.txt"; depth:6; endswith; nocase; http.host; content:"35.233.238.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814972/; classtype:trojan-activity;sid:83678072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lir.txt"; depth:8; endswith; nocase; http.host; content:"207.244.249.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814973/; classtype:trojan-activity;sid:83678073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/happy.txt"; depth:10; endswith; nocase; http.host; content:"192.159.99.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814955/; classtype:trojan-activity;sid:83678055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n666.txt"; depth:9; endswith; nocase; http.host; content:"207.244.249.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814956/; classtype:trojan-activity;sid:83678056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qq.txt"; depth:7; endswith; nocase; http.host; content:"207.244.249.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814957/; classtype:trojan-activity;sid:83678057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd.jpg"; depth:7; endswith; nocase; http.host; content:"207.244.249.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814958/; classtype:trojan-activity;sid:83678058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h.jpg"; depth:6; endswith; nocase; http.host; content:"45.94.31.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814959/; classtype:trojan-activity;sid:83678059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/het.jpg"; depth:8; endswith; nocase; http.host; content:"207.244.249.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814960/; classtype:trojan-activity;sid:83678060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shw.jpg"; depth:8; endswith; nocase; http.host; content:"212.23.222.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814961/; classtype:trojan-activity;sid:83678061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/066.txt"; depth:8; endswith; nocase; http.host; content:"207.32.219.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814962/; classtype:trojan-activity;sid:83678062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.jpg"; depth:6; endswith; nocase; http.host; content:"147.124.213.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814963/; classtype:trojan-activity;sid:83678063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sad.jpg"; depth:8; endswith; nocase; http.host; content:"192.159.99.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814964/; classtype:trojan-activity;sid:83678064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll.txt"; depth:8; endswith; nocase; http.host; content:"207.32.219.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814965/; classtype:trojan-activity;sid:83678065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twii.jpg"; depth:9; endswith; nocase; http.host; content:"192.159.99.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814966/; classtype:trojan-activity;sid:83678066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hr7.txt"; depth:8; endswith; nocase; http.host; content:"147.124.213.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814950/; classtype:trojan-activity;sid:83678050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nks.txt"; depth:8; endswith; nocase; http.host; content:"192.159.99.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814951/; classtype:trojan-activity;sid:83678051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blo.txt"; depth:8; endswith; nocase; http.host; content:"192.159.99.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814952/; classtype:trojan-activity;sid:83678052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34543fdgs.txt"; depth:14; endswith; nocase; http.host; content:"192.3.109.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814953/; classtype:trojan-activity;sid:83678053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wfy.txt"; depth:8; endswith; nocase; http.host; content:"212.23.222.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814954/; classtype:trojan-activity;sid:83678054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sg.txt"; depth:7; endswith; nocase; http.host; content:"51.195.94.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814947/; classtype:trojan-activity;sid:83678047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.jpg"; depth:6; endswith; nocase; http.host; content:"51.195.94.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814948/; classtype:trojan-activity;sid:83678048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5h6.txt"; depth:9; endswith; nocase; http.host; content:"45.94.31.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814949/; classtype:trojan-activity;sid:83678049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sg.rar"; depth:7; endswith; nocase; http.host; content:"51.195.94.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814946/; classtype:trojan-activity;sid:83678046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.41.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814945/; classtype:trojan-activity;sid:83678045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814944/; classtype:trojan-activity;sid:83678044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.111.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814942/; classtype:trojan-activity;sid:83678042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814943/; classtype:trojan-activity;sid:83678043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.90.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814940/; classtype:trojan-activity;sid:83678040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.56.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814941/; classtype:trojan-activity;sid:83678041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsrj_v11.exe"; depth:13; endswith; nocase; http.host; content:"47.111.180.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814939/; classtype:trojan-activity;sid:83678039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsrj_v12.exe"; depth:13; endswith; nocase; http.host; content:"47.111.180.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814938/; classtype:trojan-activity;sid:83678038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logindll.dll"; depth:13; endswith; nocase; http.host; content:"47.111.180.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814937/; classtype:trojan-activity;sid:83678037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.97.200.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814936/; classtype:trojan-activity;sid:83678036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.4.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814935/; classtype:trojan-activity;sid:83678035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.206.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814934/; classtype:trojan-activity;sid:83678034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.172.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814933/; classtype:trojan-activity;sid:83678033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.172.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814930/; classtype:trojan-activity;sid:83678030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814931/; classtype:trojan-activity;sid:83678031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.172.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814932/; classtype:trojan-activity;sid:83678032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814927/; classtype:trojan-activity;sid:83678027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814928/; classtype:trojan-activity;sid:83678028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6d9db21fb63946/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.172.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814929/; classtype:trojan-activity;sid:83678029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.202.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814926/; classtype:trojan-activity;sid:83678026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.125.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814925/; classtype:trojan-activity;sid:83678025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.132.71.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814924/; classtype:trojan-activity;sid:83678024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"45.32.108.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814922/; classtype:trojan-activity;sid:83678022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"45.32.108.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814923/; classtype:trojan-activity;sid:83678023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.90.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814921/; classtype:trojan-activity;sid:83678021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.69.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814920/; classtype:trojan-activity;sid:83678020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.28.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814919/; classtype:trojan-activity;sid:83678019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.204.226.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814918/; classtype:trojan-activity;sid:83678018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"91.204.226.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814917/; classtype:trojan-activity;sid:83678017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys"; depth:4; endswith; nocase; http.host; content:"91.204.226.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814916/; classtype:trojan-activity;sid:83678016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.65.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814915/; classtype:trojan-activity;sid:83678015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache"; depth:7; endswith; nocase; http.host; content:"91.204.226.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814914/; classtype:trojan-activity;sid:83678014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys"; depth:4; endswith; nocase; http.host; content:"91.204.226.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814913/; classtype:trojan-activity;sid:83678013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.204.226.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814912/; classtype:trojan-activity;sid:83678012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"91.204.226.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814911/; classtype:trojan-activity;sid:83678011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache"; depth:7; endswith; nocase; http.host; content:"91.204.226.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814910/; classtype:trojan-activity;sid:83678010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"91.204.226.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814906/; classtype:trojan-activity;sid:83678006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"91.204.226.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814907/; classtype:trojan-activity;sid:83678007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache"; depth:7; endswith; nocase; http.host; content:"91.204.226.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814908/; classtype:trojan-activity;sid:83678008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys"; depth:4; endswith; nocase; http.host; content:"91.204.226.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814909/; classtype:trojan-activity;sid:83678009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.204.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814905/; classtype:trojan-activity;sid:83678005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.4.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814903/; classtype:trojan-activity;sid:83678003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.233.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814904/; classtype:trojan-activity;sid:83678004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814902/; classtype:trojan-activity;sid:83678002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.132.71.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814901/; classtype:trojan-activity;sid:83678001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.183.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814900/; classtype:trojan-activity;sid:83678000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.99.18.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814899/; classtype:trojan-activity;sid:83677999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.76.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814898/; classtype:trojan-activity;sid:83677998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.56.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814897/; classtype:trojan-activity;sid:83677997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.49.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814896/; classtype:trojan-activity;sid:83677996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.41.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814895/; classtype:trojan-activity;sid:83677995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.21.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814894/; classtype:trojan-activity;sid:83677994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.78.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814893/; classtype:trojan-activity;sid:83677993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.206.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814892/; classtype:trojan-activity;sid:83677992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814891/; classtype:trojan-activity;sid:83677991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.233.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814890/; classtype:trojan-activity;sid:83677990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.15.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814889/; classtype:trojan-activity;sid:83677989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.32.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814888/; classtype:trojan-activity;sid:83677988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.168.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814887/; classtype:trojan-activity;sid:83677987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.229.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814886/; classtype:trojan-activity;sid:83677986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814885/; classtype:trojan-activity;sid:83677985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.49.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814884/; classtype:trojan-activity;sid:83677984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.208.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814883/; classtype:trojan-activity;sid:83677983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.174.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814882/; classtype:trojan-activity;sid:83677982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.182.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814881/; classtype:trojan-activity;sid:83677981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.69.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814880/; classtype:trojan-activity;sid:83677980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814879/; classtype:trojan-activity;sid:83677979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.66.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814878/; classtype:trojan-activity;sid:83677978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.172.19.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814877/; classtype:trojan-activity;sid:83677977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.106.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814876/; classtype:trojan-activity;sid:83677976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m1504t/wininit.exe"; depth:19; endswith; nocase; http.host; content:"192.3.95.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814875/; classtype:trojan-activity;sid:83677975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.15.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814874/; classtype:trojan-activity;sid:83677974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.210.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814873/; classtype:trojan-activity;sid:83677973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.32.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814872/; classtype:trojan-activity;sid:83677972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.88.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814870/; classtype:trojan-activity;sid:83677970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.170.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814871/; classtype:trojan-activity;sid:83677971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.27.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814868/; classtype:trojan-activity;sid:83677968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.183.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814869/; classtype:trojan-activity;sid:83677969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.192.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814867/; classtype:trojan-activity;sid:83677967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.174.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814866/; classtype:trojan-activity;sid:83677966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.219.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814865/; classtype:trojan-activity;sid:83677965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.122.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814864/; classtype:trojan-activity;sid:83677964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.210.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814863/; classtype:trojan-activity;sid:83677963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.235.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814862/; classtype:trojan-activity;sid:83677962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814861/; classtype:trojan-activity;sid:83677961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814860/; classtype:trojan-activity;sid:83677960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.24.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814858/; classtype:trojan-activity;sid:83677958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.62.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814859/; classtype:trojan-activity;sid:83677959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.1.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814857/; classtype:trojan-activity;sid:83677957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.122.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814855/; classtype:trojan-activity;sid:83677955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.27.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814856/; classtype:trojan-activity;sid:83677956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.85.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814854/; classtype:trojan-activity;sid:83677954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.215.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814853/; classtype:trojan-activity;sid:83677953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.68.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814852/; classtype:trojan-activity;sid:83677952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814851/; classtype:trojan-activity;sid:83677951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.219.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814850/; classtype:trojan-activity;sid:83677950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.86.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814848/; classtype:trojan-activity;sid:83677948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814849/; classtype:trojan-activity;sid:83677949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.232.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814847/; classtype:trojan-activity;sid:83677947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.53.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814846/; classtype:trojan-activity;sid:83677946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.88.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814845/; classtype:trojan-activity;sid:83677945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.213.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814844/; classtype:trojan-activity;sid:83677944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.14.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814843/; classtype:trojan-activity;sid:83677943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.75.45.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814842/; classtype:trojan-activity;sid:83677942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.132.71.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814841/; classtype:trojan-activity;sid:83677941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.121.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814840/; classtype:trojan-activity;sid:83677940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.88.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814839/; classtype:trojan-activity;sid:83677939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.199.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814838/; classtype:trojan-activity;sid:83677938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.7.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814837/; classtype:trojan-activity;sid:83677937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814835/; classtype:trojan-activity;sid:83677935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814836/; classtype:trojan-activity;sid:83677936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.121.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814834/; classtype:trojan-activity;sid:83677934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fykbmgsz"; depth:9; endswith; nocase; http.host; content:"backupssupport.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814833/; classtype:trojan-activity;sid:83677933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ndvdikok"; depth:9; endswith; nocase; http.host; content:"backupssupport.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814831/; classtype:trojan-activity;sid:83677931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install_new.exe"; depth:16; endswith; nocase; http.host; content:"194.116.172.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814832/; classtype:trojan-activity;sid:83677932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/lie1234.exe"; depth:17; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814829/; classtype:trojan-activity;sid:83677929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/startup.exe"; depth:17; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814830/; classtype:trojan-activity;sid:83677930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiru/maktri.zip"; depth:16; endswith; nocase; http.host; content:"94.103.83.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814828/; classtype:trojan-activity;sid:83677928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814826/; classtype:trojan-activity;sid:83677926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.73.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814827/; classtype:trojan-activity;sid:83677927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.14.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814825/; classtype:trojan-activity;sid:83677925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.168.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814824/; classtype:trojan-activity;sid:83677924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xplugmanzx.exe"; depth:15; endswith; nocase; http.host; content:"dukeenergyltd.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814823/; classtype:trojan-activity;sid:83677923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.168.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814822/; classtype:trojan-activity;sid:83677922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.82.164.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814821/; classtype:trojan-activity;sid:83677921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.89.211.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814820/; classtype:trojan-activity;sid:83677920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814819/; classtype:trojan-activity;sid:83677919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.149.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814818/; classtype:trojan-activity;sid:83677918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.7.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814817/; classtype:trojan-activity;sid:83677917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.133.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814816/; classtype:trojan-activity;sid:83677916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.166.85.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814815/; classtype:trojan-activity;sid:83677915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.23.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814813/; classtype:trojan-activity;sid:83677913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.190.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814814/; classtype:trojan-activity;sid:83677914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.76.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814812/; classtype:trojan-activity;sid:83677912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task.exe"; depth:9; endswith; nocase; http.host; content:"topgamecheats.dev"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814811/; classtype:trojan-activity;sid:83677911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814810/; classtype:trojan-activity;sid:83677910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.150.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814807/; classtype:trojan-activity;sid:83677907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.230.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814808/; classtype:trojan-activity;sid:83677908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.4.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814809/; classtype:trojan-activity;sid:83677909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.113.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814806/; classtype:trojan-activity;sid:83677906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.85.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814805/; classtype:trojan-activity;sid:83677905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814804/; classtype:trojan-activity;sid:83677904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"41.86.19.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814803/; classtype:trojan-activity;sid:83677903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.82.164.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814802/; classtype:trojan-activity;sid:83677902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.226.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814801/; classtype:trojan-activity;sid:83677901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814800/; classtype:trojan-activity;sid:83677900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.89.211.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814799/; classtype:trojan-activity;sid:83677899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/videofile.exe"; depth:14; endswith; nocase; http.host; content:"a0938042.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814798/; classtype:trojan-activity;sid:83677898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tddwrt7s.sh"; depth:12; endswith; nocase; http.host; content:"157.230.102.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814797/; classtype:trojan-activity;sid:83677897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.190.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814796/; classtype:trojan-activity;sid:83677896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.4.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814795/; classtype:trojan-activity;sid:83677895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xobizx.doc"; depth:11; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814794/; classtype:trojan-activity;sid:83677894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814793/; classtype:trojan-activity;sid:83677893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.89.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814791/; classtype:trojan-activity;sid:83677891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.86.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814792/; classtype:trojan-activity;sid:83677892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.71.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814790/; classtype:trojan-activity;sid:83677890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.150.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814789/; classtype:trojan-activity;sid:83677889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.113.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814788/; classtype:trojan-activity;sid:83677888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.164.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814787/; classtype:trojan-activity;sid:83677887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.89.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814786/; classtype:trojan-activity;sid:83677886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.28.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814784/; classtype:trojan-activity;sid:83677884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.212.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814785/; classtype:trojan-activity;sid:83677885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.164.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814783/; classtype:trojan-activity;sid:83677883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.84.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814782/; classtype:trojan-activity;sid:83677882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.78.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814781/; classtype:trojan-activity;sid:83677881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.204.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814780/; classtype:trojan-activity;sid:83677880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.84.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814779/; classtype:trojan-activity;sid:83677879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.192.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814778/; classtype:trojan-activity;sid:83677878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.155.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814776/; classtype:trojan-activity;sid:83677876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.60.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814777/; classtype:trojan-activity;sid:83677877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.230.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814775/; classtype:trojan-activity;sid:83677875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814774/; classtype:trojan-activity;sid:83677874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.181.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814773/; classtype:trojan-activity;sid:83677873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.238.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814772/; classtype:trojan-activity;sid:83677872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/buaz"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814771/; classtype:trojan-activity;sid:83677871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.171.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814770/; classtype:trojan-activity;sid:83677870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.51.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814769/; classtype:trojan-activity;sid:83677869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.85.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814768/; classtype:trojan-activity;sid:83677868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.247.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814767/; classtype:trojan-activity;sid:83677867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.162.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814766/; classtype:trojan-activity;sid:83677866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.28.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814765/; classtype:trojan-activity;sid:83677865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.65.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814764/; classtype:trojan-activity;sid:83677864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.155.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814763/; classtype:trojan-activity;sid:83677863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.238.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814762/; classtype:trojan-activity;sid:83677862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.78.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814760/; classtype:trojan-activity;sid:83677860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.84.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814761/; classtype:trojan-activity;sid:83677861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.219.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814758/; classtype:trojan-activity;sid:83677858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.60.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814759/; classtype:trojan-activity;sid:83677859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.180.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814757/; classtype:trojan-activity;sid:83677857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.2.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814756/; classtype:trojan-activity;sid:83677856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.49.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814755/; classtype:trojan-activity;sid:83677855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"216.219.94.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814753/; classtype:trojan-activity;sid:83677853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.57.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814754/; classtype:trojan-activity;sid:83677854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.65.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814752/; classtype:trojan-activity;sid:83677852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.219.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814751/; classtype:trojan-activity;sid:83677851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.37.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814750/; classtype:trojan-activity;sid:83677850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.199.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814749/; classtype:trojan-activity;sid:83677849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.22.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814748/; classtype:trojan-activity;sid:83677848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.148.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814747/; classtype:trojan-activity;sid:83677847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.51.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814746/; classtype:trojan-activity;sid:83677846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.181.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814745/; classtype:trojan-activity;sid:83677845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.182.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814744/; classtype:trojan-activity;sid:83677844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.34.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814743/; classtype:trojan-activity;sid:83677843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.19.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814742/; classtype:trojan-activity;sid:83677842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.15.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814741/; classtype:trojan-activity;sid:83677841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.115.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814740/; classtype:trojan-activity;sid:83677840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.103.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814739/; classtype:trojan-activity;sid:83677839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.161.101.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814738/; classtype:trojan-activity;sid:83677838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.168.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814736/; classtype:trojan-activity;sid:83677836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.57.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814737/; classtype:trojan-activity;sid:83677837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.255.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814735/; classtype:trojan-activity;sid:83677835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.148.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814734/; classtype:trojan-activity;sid:83677834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.242.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814733/; classtype:trojan-activity;sid:83677833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.37.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814732/; classtype:trojan-activity;sid:83677832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814731/; classtype:trojan-activity;sid:83677831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.95.222.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814730/; classtype:trojan-activity;sid:83677830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.27.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814729/; classtype:trojan-activity;sid:83677829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814728/; classtype:trojan-activity;sid:83677828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.245.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814727/; classtype:trojan-activity;sid:83677827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.162.202.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814726/; classtype:trojan-activity;sid:83677826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.145.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814725/; classtype:trojan-activity;sid:83677825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.208.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814724/; classtype:trojan-activity;sid:83677824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814723/; classtype:trojan-activity;sid:83677823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdfyngfsiufgsinunfgiuv/setualmajority.exe"; depth:42; endswith; nocase; http.host; content:"185.196.8.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814722/; classtype:trojan-activity;sid:83677822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.126.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814721/; classtype:trojan-activity;sid:83677821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.168.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814720/; classtype:trojan-activity;sid:83677820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.162.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814719/; classtype:trojan-activity;sid:83677819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.115.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814718/; classtype:trojan-activity;sid:83677818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.161.101.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814717/; classtype:trojan-activity;sid:83677817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.187.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814715/; classtype:trojan-activity;sid:83677815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.140.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814716/; classtype:trojan-activity;sid:83677816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.255.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814713/; classtype:trojan-activity;sid:83677813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.147.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814714/; classtype:trojan-activity;sid:83677814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.103.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814712/; classtype:trojan-activity;sid:83677812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.250.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814711/; classtype:trojan-activity;sid:83677811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.152.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814710/; classtype:trojan-activity;sid:83677810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.182.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814709/; classtype:trojan-activity;sid:83677809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814708/; classtype:trojan-activity;sid:83677808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814707/; classtype:trojan-activity;sid:83677807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.52.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814706/; classtype:trojan-activity;sid:83677806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.173.137.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814705/; classtype:trojan-activity;sid:83677805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.147.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814704/; classtype:trojan-activity;sid:83677804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.208.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814700/; classtype:trojan-activity;sid:83677800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.245.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814701/; classtype:trojan-activity;sid:83677801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.232.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814702/; classtype:trojan-activity;sid:83677802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.162.202.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814703/; classtype:trojan-activity;sid:83677803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.135.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814698/; classtype:trojan-activity;sid:83677798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.146.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814699/; classtype:trojan-activity;sid:83677799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.50.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814697/; classtype:trojan-activity;sid:83677797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.85.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814696/; classtype:trojan-activity;sid:83677796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.147.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814695/; classtype:trojan-activity;sid:83677795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.230.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814694/; classtype:trojan-activity;sid:83677794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.124.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814692/; classtype:trojan-activity;sid:83677792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.186.210.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814693/; classtype:trojan-activity;sid:83677793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.162.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814691/; classtype:trojan-activity;sid:83677791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.21.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814690/; classtype:trojan-activity;sid:83677790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.250.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814689/; classtype:trojan-activity;sid:83677789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.52.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814688/; classtype:trojan-activity;sid:83677788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.18.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814687/; classtype:trojan-activity;sid:83677787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814686/; classtype:trojan-activity;sid:83677786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.7.240"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814684/; classtype:trojan-activity;sid:83677784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.20.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814685/; classtype:trojan-activity;sid:83677785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.118.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814683/; classtype:trojan-activity;sid:83677783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.254.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814682/; classtype:trojan-activity;sid:83677782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.160.228.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814681/; classtype:trojan-activity;sid:83677781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.118.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814680/; classtype:trojan-activity;sid:83677780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.236.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814679/; classtype:trojan-activity;sid:83677779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.180.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814678/; classtype:trojan-activity;sid:83677778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.101.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814677/; classtype:trojan-activity;sid:83677777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.233.171.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814676/; classtype:trojan-activity;sid:83677776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814675/; classtype:trojan-activity;sid:83677775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.181.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814673/; classtype:trojan-activity;sid:83677773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.56.127.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814674/; classtype:trojan-activity;sid:83677774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.236.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814672/; classtype:trojan-activity;sid:83677772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.18.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814670/; classtype:trojan-activity;sid:83677770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.21.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814671/; classtype:trojan-activity;sid:83677771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.64.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814669/; classtype:trojan-activity;sid:83677769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.181.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814668/; classtype:trojan-activity;sid:83677768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.118.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814667/; classtype:trojan-activity;sid:83677767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.236.185.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814666/; classtype:trojan-activity;sid:83677766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.252.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814665/; classtype:trojan-activity;sid:83677765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.57.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814663/; classtype:trojan-activity;sid:83677763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.153.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814664/; classtype:trojan-activity;sid:83677764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.49.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814662/; classtype:trojan-activity;sid:83677762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814661/; classtype:trojan-activity;sid:83677761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.193.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814660/; classtype:trojan-activity;sid:83677760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.233.171.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814659/; classtype:trojan-activity;sid:83677759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814658/; classtype:trojan-activity;sid:83677758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.127.70.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814657/; classtype:trojan-activity;sid:83677757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.205.253.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814656/; classtype:trojan-activity;sid:83677756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.219.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814655/; classtype:trojan-activity;sid:83677755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.64.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814654/; classtype:trojan-activity;sid:83677754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.236.185.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814653/; classtype:trojan-activity;sid:83677753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.58.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814652/; classtype:trojan-activity;sid:83677752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.38.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814651/; classtype:trojan-activity;sid:83677751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.254.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814650/; classtype:trojan-activity;sid:83677750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.71.236.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814649/; classtype:trojan-activity;sid:83677749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.57.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814648/; classtype:trojan-activity;sid:83677748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814647/; classtype:trojan-activity;sid:83677747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814646/; classtype:trojan-activity;sid:83677746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.181.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814645/; classtype:trojan-activity;sid:83677745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814644/; classtype:trojan-activity;sid:83677744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.91.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814643/; classtype:trojan-activity;sid:83677743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.19.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814641/; classtype:trojan-activity;sid:83677741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.168.199.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814642/; classtype:trojan-activity;sid:83677742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.236.187.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814640/; classtype:trojan-activity;sid:83677740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814639/; classtype:trojan-activity;sid:83677739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.233.171.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814638/; classtype:trojan-activity;sid:83677738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814637/; classtype:trojan-activity;sid:83677737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.111.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814636/; classtype:trojan-activity;sid:83677736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.149.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814635/; classtype:trojan-activity;sid:83677735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.219.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814634/; classtype:trojan-activity;sid:83677734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.186.186.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814633/; classtype:trojan-activity;sid:83677733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.71.236.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814632/; classtype:trojan-activity;sid:83677732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814631/; classtype:trojan-activity;sid:83677731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814630/; classtype:trojan-activity;sid:83677730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.68.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814629/; classtype:trojan-activity;sid:83677729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.207.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814628/; classtype:trojan-activity;sid:83677728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.137.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814627/; classtype:trojan-activity;sid:83677727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.182.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814626/; classtype:trojan-activity;sid:83677726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.35.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814625/; classtype:trojan-activity;sid:83677725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.255.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814624/; classtype:trojan-activity;sid:83677724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.245.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814622/; classtype:trojan-activity;sid:83677722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.247.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814623/; classtype:trojan-activity;sid:83677723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.190.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814621/; classtype:trojan-activity;sid:83677721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.137.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814620/; classtype:trojan-activity;sid:83677720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.78.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814619/; classtype:trojan-activity;sid:83677719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.147.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814618/; classtype:trojan-activity;sid:83677718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.86.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814616/; classtype:trojan-activity;sid:83677716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.4.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814617/; classtype:trojan-activity;sid:83677717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.140.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814615/; classtype:trojan-activity;sid:83677715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.252.255.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814614/; classtype:trojan-activity;sid:83677714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.0.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814613/; classtype:trojan-activity;sid:83677713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.182.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814612/; classtype:trojan-activity;sid:83677712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.89.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814611/; classtype:trojan-activity;sid:83677711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.93.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814610/; classtype:trojan-activity;sid:83677710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814609/; classtype:trojan-activity;sid:83677709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.190.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814608/; classtype:trojan-activity;sid:83677708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.86.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814607/; classtype:trojan-activity;sid:83677707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.3.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814606/; classtype:trojan-activity;sid:83677706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xm6280mqqpyf"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814605/; classtype:trojan-activity;sid:83677705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.80.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814604/; classtype:trojan-activity;sid:83677704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.30.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814603/; classtype:trojan-activity;sid:83677703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814602/; classtype:trojan-activity;sid:83677702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.53.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814601/; classtype:trojan-activity;sid:83677701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.21.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814600/; classtype:trojan-activity;sid:83677700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814599/; classtype:trojan-activity;sid:83677699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.10.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814597/; classtype:trojan-activity;sid:83677697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.0.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814598/; classtype:trojan-activity;sid:83677698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.42.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814596/; classtype:trojan-activity;sid:83677696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"kij.register.arpsychotherapy.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814595/; classtype:trojan-activity;sid:83677695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.224.122.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814594/; classtype:trojan-activity;sid:83677694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.252.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814593/; classtype:trojan-activity;sid:83677693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.85.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814592/; classtype:trojan-activity;sid:83677692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.177.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814591/; classtype:trojan-activity;sid:83677691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.3.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814590/; classtype:trojan-activity;sid:83677690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.202.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814589/; classtype:trojan-activity;sid:83677689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.55.128.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814588/; classtype:trojan-activity;sid:83677688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.12.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814587/; classtype:trojan-activity;sid:83677687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.173.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814586/; classtype:trojan-activity;sid:83677686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.183.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814585/; classtype:trojan-activity;sid:83677685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668615869|3f|hash=wrphb5txglszmsczolcqt0bibnjbyga4ojr0gh5o0bc|7c|26|7c|dl=4s6tl7jkwxbtjuc7qxpkt99iptateisnrkkbdmvrqt4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814584/; classtype:trojan-activity;sid:83677684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.193.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814583/; classtype:trojan-activity;sid:83677683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814582/; classtype:trojan-activity;sid:83677682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.41.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814581/; classtype:trojan-activity;sid:83677681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.42.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814580/; classtype:trojan-activity;sid:83677680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.208.180.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814579/; classtype:trojan-activity;sid:83677679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814578/; classtype:trojan-activity;sid:83677678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.252.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814577/; classtype:trojan-activity;sid:83677677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.81.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814576/; classtype:trojan-activity;sid:83677676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.81.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814575/; classtype:trojan-activity;sid:83677675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.224.122.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814574/; classtype:trojan-activity;sid:83677674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.140.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814573/; classtype:trojan-activity;sid:83677673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.177.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814572/; classtype:trojan-activity;sid:83677672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.83.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814571/; classtype:trojan-activity;sid:83677671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.248.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814570/; classtype:trojan-activity;sid:83677670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.160.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814569/; classtype:trojan-activity;sid:83677669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814568/; classtype:trojan-activity;sid:83677668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.37.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814567/; classtype:trojan-activity;sid:83677667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.183.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814565/; classtype:trojan-activity;sid:83677665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.253.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814566/; classtype:trojan-activity;sid:83677666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.93.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814564/; classtype:trojan-activity;sid:83677664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.1.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814563/; classtype:trojan-activity;sid:83677663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.25.142.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814562/; classtype:trojan-activity;sid:83677662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.156.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814561/; classtype:trojan-activity;sid:83677661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814560/; classtype:trojan-activity;sid:83677660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.205.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814559/; classtype:trojan-activity;sid:83677659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.225.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814556/; classtype:trojan-activity;sid:83677656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.203.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814557/; classtype:trojan-activity;sid:83677657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.79.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814558/; classtype:trojan-activity;sid:83677658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.80.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814555/; classtype:trojan-activity;sid:83677655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.248.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814554/; classtype:trojan-activity;sid:83677654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.160.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814553/; classtype:trojan-activity;sid:83677653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.78.205.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814551/; classtype:trojan-activity;sid:83677651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814552/; classtype:trojan-activity;sid:83677652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.215.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814549/; classtype:trojan-activity;sid:83677649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.1.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814550/; classtype:trojan-activity;sid:83677650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.51.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814548/; classtype:trojan-activity;sid:83677648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.80.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814547/; classtype:trojan-activity;sid:83677647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.25.142.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814546/; classtype:trojan-activity;sid:83677646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.203.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814545/; classtype:trojan-activity;sid:83677645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814544/; classtype:trojan-activity;sid:83677644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.26.113.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814543/; classtype:trojan-activity;sid:83677643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.221.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814542/; classtype:trojan-activity;sid:83677642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.190.127.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814541/; classtype:trojan-activity;sid:83677641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.40.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814540/; classtype:trojan-activity;sid:83677640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.121.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814539/; classtype:trojan-activity;sid:83677639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.72.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814538/; classtype:trojan-activity;sid:83677638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814537/; classtype:trojan-activity;sid:83677637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.21.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814536/; classtype:trojan-activity;sid:83677636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.7.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814535/; classtype:trojan-activity;sid:83677635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.15.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814534/; classtype:trojan-activity;sid:83677634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.223.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814533/; classtype:trojan-activity;sid:83677633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.247.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814532/; classtype:trojan-activity;sid:83677632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.146.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814531/; classtype:trojan-activity;sid:83677631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.215.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814530/; classtype:trojan-activity;sid:83677630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.14.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814529/; classtype:trojan-activity;sid:83677629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.72.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814528/; classtype:trojan-activity;sid:83677628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814527/; classtype:trojan-activity;sid:83677627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info"; depth:5; endswith; nocase; http.host; content:"plesiosauroid.sbs"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814526/; classtype:trojan-activity;sid:83677626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.205.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814525/; classtype:trojan-activity;sid:83677625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.17.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814524/; classtype:trojan-activity;sid:83677624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.118.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814523/; classtype:trojan-activity;sid:83677623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814522/; classtype:trojan-activity;sid:83677622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.148.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814521/; classtype:trojan-activity;sid:83677621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.30.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814520/; classtype:trojan-activity;sid:83677620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.121.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814519/; classtype:trojan-activity;sid:83677619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.101.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814518/; classtype:trojan-activity;sid:83677618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.211.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814517/; classtype:trojan-activity;sid:83677617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.83.97.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814516/; classtype:trojan-activity;sid:83677616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.30.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814515/; classtype:trojan-activity;sid:83677615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.233.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814514/; classtype:trojan-activity;sid:83677614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814513/; classtype:trojan-activity;sid:83677613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.247.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814512/; classtype:trojan-activity;sid:83677612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.146.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814511/; classtype:trojan-activity;sid:83677611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/aqua.x86"; depth:16; endswith; nocase; http.host; content:"94.156.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814510/; classtype:trojan-activity;sid:83677610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.14.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814508/; classtype:trojan-activity;sid:83677608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.94.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814509/; classtype:trojan-activity;sid:83677609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.146.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814506/; classtype:trojan-activity;sid:83677606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.89.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814507/; classtype:trojan-activity;sid:83677607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.223.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814504/; classtype:trojan-activity;sid:83677604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.118.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814505/; classtype:trojan-activity;sid:83677605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.17.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814503/; classtype:trojan-activity;sid:83677603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.27.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814502/; classtype:trojan-activity;sid:83677602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.101.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814501/; classtype:trojan-activity;sid:83677601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.31.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814499/; classtype:trojan-activity;sid:83677599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.175.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814500/; classtype:trojan-activity;sid:83677600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.172.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814498/; classtype:trojan-activity;sid:83677598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.219.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814497/; classtype:trojan-activity;sid:83677597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.202.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814496/; classtype:trojan-activity;sid:83677596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.9.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814495/; classtype:trojan-activity;sid:83677595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814494/; classtype:trojan-activity;sid:83677594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frame.html"; depth:11; endswith; nocase; http.host; content:"novelblack.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814493/; classtype:trojan-activity;sid:83677593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex.exe"; depth:7; endswith; nocase; http.host; content:"93.123.39.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814492/; classtype:trojan-activity;sid:83677592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.175.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814491/; classtype:trojan-activity;sid:83677591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.182.185.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814490/; classtype:trojan-activity;sid:83677590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814489/; classtype:trojan-activity;sid:83677589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.27.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814488/; classtype:trojan-activity;sid:83677588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.146.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814487/; classtype:trojan-activity;sid:83677587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.71.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814486/; classtype:trojan-activity;sid:83677586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.78.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814485/; classtype:trojan-activity;sid:83677585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.240.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814483/; classtype:trojan-activity;sid:83677583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.99.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814484/; classtype:trojan-activity;sid:83677584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.74.59.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814482/; classtype:trojan-activity;sid:83677582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.165.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814481/; classtype:trojan-activity;sid:83677581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.31.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814479/; classtype:trojan-activity;sid:83677579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.99.203.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814480/; classtype:trojan-activity;sid:83677580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"zdj.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814478/; classtype:trojan-activity;sid:83677578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.44.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814477/; classtype:trojan-activity;sid:83677577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.168.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814476/; classtype:trojan-activity;sid:83677576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.78.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814474/; classtype:trojan-activity;sid:83677574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.36.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814475/; classtype:trojan-activity;sid:83677575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.219.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814473/; classtype:trojan-activity;sid:83677573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.243.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814472/; classtype:trojan-activity;sid:83677572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.240.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814471/; classtype:trojan-activity;sid:83677571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.207.179.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814470/; classtype:trojan-activity;sid:83677570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.62.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814469/; classtype:trojan-activity;sid:83677569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.205.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814468/; classtype:trojan-activity;sid:83677568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.74.59.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814467/; classtype:trojan-activity;sid:83677567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.18.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814466/; classtype:trojan-activity;sid:83677566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.134.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814465/; classtype:trojan-activity;sid:83677565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.47.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814464/; classtype:trojan-activity;sid:83677564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.132.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814463/; classtype:trojan-activity;sid:83677563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.217.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814460/; classtype:trojan-activity;sid:83677560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.215.123.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814461/; classtype:trojan-activity;sid:83677561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.221.58.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814462/; classtype:trojan-activity;sid:83677562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.163.161.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814459/; classtype:trojan-activity;sid:83677559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.149.142.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814458/; classtype:trojan-activity;sid:83677558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.99.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814457/; classtype:trojan-activity;sid:83677557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.61.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814454/; classtype:trojan-activity;sid:83677554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.162.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814455/; classtype:trojan-activity;sid:83677555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.234.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814456/; classtype:trojan-activity;sid:83677556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.99.201.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814453/; classtype:trojan-activity;sid:83677553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.119.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814452/; classtype:trojan-activity;sid:83677552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.18.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814451/; classtype:trojan-activity;sid:83677551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.62.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814450/; classtype:trojan-activity;sid:83677550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814449/; classtype:trojan-activity;sid:83677549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.37.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814448/; classtype:trojan-activity;sid:83677548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.171.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814446/; classtype:trojan-activity;sid:83677546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.134.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814447/; classtype:trojan-activity;sid:83677547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.6.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814445/; classtype:trojan-activity;sid:83677545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.113.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814444/; classtype:trojan-activity;sid:83677544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814443/; classtype:trojan-activity;sid:83677543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814441/; classtype:trojan-activity;sid:83677541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.78.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814442/; classtype:trojan-activity;sid:83677542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.255.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814440/; classtype:trojan-activity;sid:83677540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.45.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814439/; classtype:trojan-activity;sid:83677539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/the-z-labs/linux-exploit-suggester/blob/master/linux-exploit-suggester.sh"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814438/; classtype:trojan-activity;sid:83677538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814437/; classtype:trojan-activity;sid:83677537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.163.161.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814436/; classtype:trojan-activity;sid:83677536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.187.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814435/; classtype:trojan-activity;sid:83677535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.149.142.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814434/; classtype:trojan-activity;sid:83677534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.104.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814433/; classtype:trojan-activity;sid:83677533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.51.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814432/; classtype:trojan-activity;sid:83677532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814431/; classtype:trojan-activity;sid:83677531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.77.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814430/; classtype:trojan-activity;sid:83677530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.37.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814429/; classtype:trojan-activity;sid:83677529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814428/; classtype:trojan-activity;sid:83677528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.179.120.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814426/; classtype:trojan-activity;sid:83677526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.79.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814427/; classtype:trojan-activity;sid:83677527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814425/; classtype:trojan-activity;sid:83677525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.171.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814423/; classtype:trojan-activity;sid:83677523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.187.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814424/; classtype:trojan-activity;sid:83677524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.251.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814422/; classtype:trojan-activity;sid:83677522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814421/; classtype:trojan-activity;sid:83677521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/buab"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814420/; classtype:trojan-activity;sid:83677520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.54.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814419/; classtype:trojan-activity;sid:83677519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.149.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814417/; classtype:trojan-activity;sid:83677517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.0.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814418/; classtype:trojan-activity;sid:83677518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.43.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814416/; classtype:trojan-activity;sid:83677516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.55.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814415/; classtype:trojan-activity;sid:83677515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faith.mips"; depth:11; endswith; nocase; http.host; content:"91.92.254.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814414/; classtype:trojan-activity;sid:83677514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.223.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814412/; classtype:trojan-activity;sid:83677512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.64.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814413/; classtype:trojan-activity;sid:83677513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.224.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814411/; classtype:trojan-activity;sid:83677511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.77.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814410/; classtype:trojan-activity;sid:83677510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.104.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814409/; classtype:trojan-activity;sid:83677509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.179.120.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814408/; classtype:trojan-activity;sid:83677508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.45.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814407/; classtype:trojan-activity;sid:83677507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.164.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814406/; classtype:trojan-activity;sid:83677506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814405/; classtype:trojan-activity;sid:83677505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xutnf2gkgtty"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814404/; classtype:trojan-activity;sid:83677504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.79.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814403/; classtype:trojan-activity;sid:83677503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.149.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814402/; classtype:trojan-activity;sid:83677502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.251.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814400/; classtype:trojan-activity;sid:83677500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814401/; classtype:trojan-activity;sid:83677501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.169.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814399/; classtype:trojan-activity;sid:83677499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814398/; classtype:trojan-activity;sid:83677498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.93.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814397/; classtype:trojan-activity;sid:83677497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814396/; classtype:trojan-activity;sid:83677496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.195"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814395/; classtype:trojan-activity;sid:83677495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.111.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814394/; classtype:trojan-activity;sid:83677494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.204.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814393/; classtype:trojan-activity;sid:83677493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.172.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814392/; classtype:trojan-activity;sid:83677492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814391/; classtype:trojan-activity;sid:83677491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gogis.bat"; depth:10; endswith; nocase; http.host; content:"194.48.251.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814390/; classtype:trojan-activity;sid:83677490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.hta"; depth:5; endswith; nocase; http.host; content:"194.48.251.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814388/; classtype:trojan-activity;sid:83677488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814389/; classtype:trojan-activity;sid:83677489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.hta"; depth:6; endswith; nocase; http.host; content:"194.48.251.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814386/; classtype:trojan-activity;sid:83677486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.hta"; depth:6; endswith; nocase; http.host; content:"194.48.251.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814387/; classtype:trojan-activity;sid:83677487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814385/; classtype:trojan-activity;sid:83677485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rlshmfrzf.exe"; depth:14; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814384/; classtype:trojan-activity;sid:83677484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.24.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814382/; classtype:trojan-activity;sid:83677482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.68.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814383/; classtype:trojan-activity;sid:83677483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.205.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814381/; classtype:trojan-activity;sid:83677481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.195.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814380/; classtype:trojan-activity;sid:83677480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.7.240"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814379/; classtype:trojan-activity;sid:83677479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v2tf0g.ttf"; depth:11; endswith; nocase; http.host; content:"litter.catbox.moe"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814377/; classtype:trojan-activity;sid:83677477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z9rop3.chm"; depth:11; endswith; nocase; http.host; content:"litter.catbox.moe"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814378/; classtype:trojan-activity;sid:83677478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.1.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814376/; classtype:trojan-activity;sid:83677476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.215.191.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814375/; classtype:trojan-activity;sid:83677475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814374/; classtype:trojan-activity;sid:83677474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.147.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814373/; classtype:trojan-activity;sid:83677473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.77.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814372/; classtype:trojan-activity;sid:83677472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.93.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814371/; classtype:trojan-activity;sid:83677471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.189.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814370/; classtype:trojan-activity;sid:83677470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.111.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814369/; classtype:trojan-activity;sid:83677469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.exe"; depth:7; endswith; nocase; http.host; content:"a0946179.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814368/; classtype:trojan-activity;sid:83677468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/game.exe"; depth:9; endswith; nocase; http.host; content:"quiz2420.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814366/; classtype:trojan-activity;sid:83677466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyttuyty.exe"; depth:13; endswith; nocase; http.host; content:"185.196.10.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814367/; classtype:trojan-activity;sid:83677467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.84.33.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814365/; classtype:trojan-activity;sid:83677465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814364/; classtype:trojan-activity;sid:83677464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.189.207.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814363/; classtype:trojan-activity;sid:83677463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.248.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814362/; classtype:trojan-activity;sid:83677462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x8bhh6zqch6v"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814361/; classtype:trojan-activity;sid:83677461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.247.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814360/; classtype:trojan-activity;sid:83677460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.1.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814359/; classtype:trojan-activity;sid:83677459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.120.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814358/; classtype:trojan-activity;sid:83677458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.138.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814357/; classtype:trojan-activity;sid:83677457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.144.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814355/; classtype:trojan-activity;sid:83677455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.183.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814356/; classtype:trojan-activity;sid:83677456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.28.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814354/; classtype:trojan-activity;sid:83677454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814353/; classtype:trojan-activity;sid:83677453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"nqld.register.arpsychotherapy.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814352/; classtype:trojan-activity;sid:83677452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help/per.php"; depth:13; endswith; nocase; http.host; content:"jhansgansowen.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814351/; classtype:trojan-activity;sid:83677451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.194.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814350/; classtype:trojan-activity;sid:83677450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814349/; classtype:trojan-activity;sid:83677449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.28.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814348/; classtype:trojan-activity;sid:83677448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.120.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814347/; classtype:trojan-activity;sid:83677447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.210.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814346/; classtype:trojan-activity;sid:83677446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.200.235.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814344/; classtype:trojan-activity;sid:83677444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.213.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814345/; classtype:trojan-activity;sid:83677445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.248.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814343/; classtype:trojan-activity;sid:83677443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.155.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814342/; classtype:trojan-activity;sid:83677442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.252.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814341/; classtype:trojan-activity;sid:83677441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.155.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814340/; classtype:trojan-activity;sid:83677440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.138.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814339/; classtype:trojan-activity;sid:83677439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.36.173.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814338/; classtype:trojan-activity;sid:83677438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814337/; classtype:trojan-activity;sid:83677437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.84.33.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814336/; classtype:trojan-activity;sid:83677436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.84.61.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814335/; classtype:trojan-activity;sid:83677435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ygjsrxkk1uj7tmlrymh415sz461emtx4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814333/; classtype:trojan-activity;sid:83677433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ipm2ohznmxtku89cujmd-iewbrhig2ta"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814334/; classtype:trojan-activity;sid:83677434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m4v7uvgzxdhblwp.scr"; depth:20; endswith; nocase; http.host; content:"dukeenergyltd.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814332/; classtype:trojan-activity;sid:83677432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1pabhqwf8jz3bn9wlsoup65mf4cj2hfjr"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814331/; classtype:trojan-activity;sid:83677431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.255.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814330/; classtype:trojan-activity;sid:83677430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kp-ncqohm0npwr4xlikfvr7le45lilmp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814329/; classtype:trojan-activity;sid:83677429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2090/jhn/iamwithyoubecauseiloveyoualotwhichneverbeenforesxyoumysweetheartialwaysloveryoutrulybeaucse___ineverwanttokissyou.doc"; depth:127; endswith; nocase; http.host; content:"45.133.174.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814328/; classtype:trojan-activity;sid:83677428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2090/imagepixelsample.jpeg"; depth:27; endswith; nocase; http.host; content:"45.133.174.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814326/; classtype:trojan-activity;sid:83677426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2090/wed.txt"; depth:13; endswith; nocase; http.host; content:"45.133.174.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814327/; classtype:trojan-activity;sid:83677427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/pvzu1"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814324/; classtype:trojan-activity;sid:83677424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/0q4c2"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814325/; classtype:trojan-activity;sid:83677425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/950/mnk/wegendideaofloverstogetbackinthelinetounderstandhowmuchilikeyoumorethanallseeher____youmygirlialwayslove.doc"; depth:117; endswith; nocase; http.host; content:"107.173.4.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814323/; classtype:trojan-activity;sid:83677423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.190.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814322/; classtype:trojan-activity;sid:83677422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/950/juli.txt"; depth:13; endswith; nocase; http.host; content:"107.173.4.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814321/; classtype:trojan-activity;sid:83677421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/950/imaginepixelsample.jpeg"; depth:28; endswith; nocase; http.host; content:"107.173.4.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814320/; classtype:trojan-activity;sid:83677420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.42.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814319/; classtype:trojan-activity;sid:83677419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5455/gmn.txt"; depth:13; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814318/; classtype:trojan-activity;sid:83677418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/oshhe"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814316/; classtype:trojan-activity;sid:83677416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5455/examplofpixelimage.jpeg"; depth:29; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814317/; classtype:trojan-activity;sid:83677417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5455/gmn/needfreshlovequotestotakeyouininterestedkisserloverwhohavesuchamemorytoloveherkisshertrulyfor__sheisbeautifulgirl.doc"; depth:127; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814315/; classtype:trojan-activity;sid:83677415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsa/txt/otp/web_page/admin/indexphp.txt"; depth:40; endswith; nocase; http.host; content:"107.175.69.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814314/; classtype:trojan-activity;sid:83677414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/dnkmp"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814313/; classtype:trojan-activity;sid:83677413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssaniusx/ofile4162024.exe"; depth:26; endswith; nocase; http.host; content:"dsaq.shop"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814312/; classtype:trojan-activity;sid:83677412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v631hp.csv"; depth:11; endswith; nocase; http.host; content:"litter.catbox.moe"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814311/; classtype:trojan-activity;sid:83677411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.10.12.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814310/; classtype:trojan-activity;sid:83677410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.91.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814309/; classtype:trojan-activity;sid:83677409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.255.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814308/; classtype:trojan-activity;sid:83677408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.185.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814307/; classtype:trojan-activity;sid:83677407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814306/; classtype:trojan-activity;sid:83677406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.126.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814305/; classtype:trojan-activity;sid:83677405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.213.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814304/; classtype:trojan-activity;sid:83677404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/testing-eaf28.appspot.com/o/revenger.jpg|3f|alt=media|7c|26|7c|token=b85b4b34-4fb9-4840-a1d7-327adebe0c44"; depth:111; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814303/; classtype:trojan-activity;sid:83677403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=bd9480d014fe52e5%21728|7c|26|7c|authkey=!alxuaatmnpqtjnq"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814302/; classtype:trojan-activity;sid:83677402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/gojkx"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814301/; classtype:trojan-activity;sid:83677401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814300/; classtype:trojan-activity;sid:83677400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.155.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814299/; classtype:trojan-activity;sid:83677399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.195.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814298/; classtype:trojan-activity;sid:83677398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.121.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814296/; classtype:trojan-activity;sid:83677396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/knuxgvbl/file4152024.exe"; depth:25; endswith; nocase; http.host; content:"dsaq.shop"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814297/; classtype:trojan-activity;sid:83677397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.211.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814295/; classtype:trojan-activity;sid:83677395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wtqimclobbyla46.bin"; depth:20; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814291/; classtype:trojan-activity;sid:83677391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ckkrlctuxw193.bin"; depth:18; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814292/; classtype:trojan-activity;sid:83677392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aryvuimgacp184.bin"; depth:19; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814293/; classtype:trojan-activity;sid:83677393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redlvxuewsh193.bin"; depth:19; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814294/; classtype:trojan-activity;sid:83677394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thicmg208.bin"; depth:14; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814290/; classtype:trojan-activity;sid:83677390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.57.250.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814289/; classtype:trojan-activity;sid:83677389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.42.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814288/; classtype:trojan-activity;sid:83677388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.186.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814287/; classtype:trojan-activity;sid:83677387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.142.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814286/; classtype:trojan-activity;sid:83677386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.22.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814285/; classtype:trojan-activity;sid:83677385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814284/; classtype:trojan-activity;sid:83677384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.206.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814283/; classtype:trojan-activity;sid:83677383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.144.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814282/; classtype:trojan-activity;sid:83677382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.85.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814281/; classtype:trojan-activity;sid:83677381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.38.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814280/; classtype:trojan-activity;sid:83677380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.151.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814279/; classtype:trojan-activity;sid:83677379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.10.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814278/; classtype:trojan-activity;sid:83677378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.214.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814277/; classtype:trojan-activity;sid:83677377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.57.250.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814276/; classtype:trojan-activity;sid:83677376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.220.148.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814275/; classtype:trojan-activity;sid:83677375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.198.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814274/; classtype:trojan-activity;sid:83677374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.66.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814273/; classtype:trojan-activity;sid:83677373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814272/; classtype:trojan-activity;sid:83677372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.12.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814271/; classtype:trojan-activity;sid:83677371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.79.217.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814270/; classtype:trojan-activity;sid:83677370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814269/; classtype:trojan-activity;sid:83677369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.38.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814268/; classtype:trojan-activity;sid:83677368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.206.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814267/; classtype:trojan-activity;sid:83677367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.181.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814266/; classtype:trojan-activity;sid:83677366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.106.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814265/; classtype:trojan-activity;sid:83677365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.65.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814264/; classtype:trojan-activity;sid:83677364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814263/; classtype:trojan-activity;sid:83677363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.10.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814262/; classtype:trojan-activity;sid:83677362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.12.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814261/; classtype:trojan-activity;sid:83677361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.115.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814260/; classtype:trojan-activity;sid:83677360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension__installer.exe"; depth:25; endswith; nocase; http.host; content:"starsmm.org"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814259/; classtype:trojan-activity;sid:83677359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.255.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814258/; classtype:trojan-activity;sid:83677358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.16.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814257/; classtype:trojan-activity;sid:83677357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.151.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814256/; classtype:trojan-activity;sid:83677356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.190.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814255/; classtype:trojan-activity;sid:83677355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.5.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814253/; classtype:trojan-activity;sid:83677353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.183.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814254/; classtype:trojan-activity;sid:83677354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668662384|3f|hash=vri7avveh09lra1onoykfibzpr54oez2iuzzsqnikpw|7c|26|7c|dl=rbbeonatkqzwfozhesto2uwowt1mygfmpq6dwsuizwz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814252/; classtype:trojan-activity;sid:83677352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814251/; classtype:trojan-activity;sid:83677351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814250/; classtype:trojan-activity;sid:83677350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.13.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814249/; classtype:trojan-activity;sid:83677349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.16.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814248/; classtype:trojan-activity;sid:83677348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668615845|3f|hash=sgzzsghoswx51gmihly3vc8bh4eqx7ftvl8fahimfz4|7c|26|7c|dl=t1nzbv6j7k2lyvsyjgpk0roi2hluqzn9pxqlzkgp03t|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814247/; classtype:trojan-activity;sid:83677347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.140.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814246/; classtype:trojan-activity;sid:83677346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814245/; classtype:trojan-activity;sid:83677345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.30.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814244/; classtype:trojan-activity;sid:83677344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814243/; classtype:trojan-activity;sid:83677343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.121.87.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814242/; classtype:trojan-activity;sid:83677342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.235.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814240/; classtype:trojan-activity;sid:83677340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.54.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814241/; classtype:trojan-activity;sid:83677341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.25.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814239/; classtype:trojan-activity;sid:83677339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.183.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814238/; classtype:trojan-activity;sid:83677338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.24.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814237/; classtype:trojan-activity;sid:83677337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.9.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814236/; classtype:trojan-activity;sid:83677336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.102.122.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814235/; classtype:trojan-activity;sid:83677335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.255.240.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814234/; classtype:trojan-activity;sid:83677334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.js"; depth:9; endswith; nocase; http.host; content:"91.92.243.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814233/; classtype:trojan-activity;sid:83677333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.54.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814232/; classtype:trojan-activity;sid:83677332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/vxttheubu.mp4"; depth:19; endswith; nocase; http.host; content:"supportninja.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814227/; classtype:trojan-activity;sid:83677327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/zdthsqoc.wav"; depth:18; endswith; nocase; http.host; content:"funtechco.top"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814228/; classtype:trojan-activity;sid:83677328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/forest.jpeg"; depth:17; endswith; nocase; http.host; content:"vertextech.buzz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814229/; classtype:trojan-activity;sid:83677329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/forest.jpeg"; depth:17; endswith; nocase; http.host; content:"supportninja.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814230/; classtype:trojan-activity;sid:83677330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/forest.jpeg"; depth:17; endswith; nocase; http.host; content:"funtechco.top"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814231/; classtype:trojan-activity;sid:83677331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/vxttheubu.mp4"; depth:19; endswith; nocase; http.host; content:"funtechco.top"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814225/; classtype:trojan-activity;sid:83677325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/vxttheubu.mp4"; depth:19; endswith; nocase; http.host; content:"vertextech.buzz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814226/; classtype:trojan-activity;sid:83677326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/zdthsqoc.wav"; depth:18; endswith; nocase; http.host; content:"vertextech.buzz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814223/; classtype:trojan-activity;sid:83677323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/zdthsqoc.wav"; depth:18; endswith; nocase; http.host; content:"supportninja.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814224/; classtype:trojan-activity;sid:83677324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/responsibilityleadpro.zip"; depth:31; endswith; nocase; http.host; content:"funtechco.top"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814222/; classtype:trojan-activity;sid:83677322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/responsibilityleadpro.zip"; depth:31; endswith; nocase; http.host; content:"vertextech.buzz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814221/; classtype:trojan-activity;sid:83677321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/responsibilityleadpro.zip"; depth:31; endswith; nocase; http.host; content:"supportninja.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814220/; classtype:trojan-activity;sid:83677320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.210.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814219/; classtype:trojan-activity;sid:83677319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beer/responsibilityleadpro.zip"; depth:31; endswith; nocase; http.host; content:"159.253.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814218/; classtype:trojan-activity;sid:83677318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.49.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814217/; classtype:trojan-activity;sid:83677317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.91.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814216/; classtype:trojan-activity;sid:83677316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.25.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814215/; classtype:trojan-activity;sid:83677315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.181.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814214/; classtype:trojan-activity;sid:83677314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.235.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814213/; classtype:trojan-activity;sid:83677313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient.exe"; depth:12; endswith; nocase; http.host; content:"94.156.67.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814212/; classtype:trojan-activity;sid:83677312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient.exe"; depth:12; endswith; nocase; http.host; content:"81.19.141.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814211/; classtype:trojan-activity;sid:83677311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient.exe"; depth:12; endswith; nocase; http.host; content:"147.45.178.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814210/; classtype:trojan-activity;sid:83677310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.51.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814209/; classtype:trojan-activity;sid:83677309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.33.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814208/; classtype:trojan-activity;sid:83677308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.33.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814207/; classtype:trojan-activity;sid:83677307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tutorial.mp4"; depth:13; endswith; nocase; http.host; content:"91.92.249.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814206/; classtype:trojan-activity;sid:83677306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.exe"; depth:12; endswith; nocase; http.host; content:"dsahgduoi.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814205/; classtype:trojan-activity;sid:83677305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.exe"; depth:12; endswith; nocase; http.host; content:"45.88.90.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814204/; classtype:trojan-activity;sid:83677304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814203/; classtype:trojan-activity;sid:83677303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.238.11.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814202/; classtype:trojan-activity;sid:83677302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.204.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814201/; classtype:trojan-activity;sid:83677301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.113.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814200/; classtype:trojan-activity;sid:83677300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.213.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814199/; classtype:trojan-activity;sid:83677299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%2477system.vbs"; depth:16; endswith; nocase; http.host; content:"dsahgduoi.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814197/; classtype:trojan-activity;sid:83677297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%2477system.vbs"; depth:16; endswith; nocase; http.host; content:"45.88.90.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814198/; classtype:trojan-activity;sid:83677298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.91.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814196/; classtype:trojan-activity;sid:83677296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.255.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814195/; classtype:trojan-activity;sid:83677295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.232.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814193/; classtype:trojan-activity;sid:83677293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.210.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814194/; classtype:trojan-activity;sid:83677294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814192/; classtype:trojan-activity;sid:83677292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.123.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814191/; classtype:trojan-activity;sid:83677291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.195.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814190/; classtype:trojan-activity;sid:83677290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.251.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814189/; classtype:trojan-activity;sid:83677289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.91.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814188/; classtype:trojan-activity;sid:83677288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"47.222.117.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814187/; classtype:trojan-activity;sid:83677287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.108.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814186/; classtype:trojan-activity;sid:83677286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.154.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814184/; classtype:trojan-activity;sid:83677284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668652542|3f|hash=klaqz4zxtzzv5elsz1kaxkdcopfswxofh5gyv92xrpl|7c|26|7c|dl=yphjzrub8w5mqtqqhjc0lonyizvrnkfroykkv5pujzk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814185/; classtype:trojan-activity;sid:83677285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668661395|3f|hash=uqqoavy7lwmuchlykcfbk0p2svazuaiimzhih07asrs|7c|26|7c|dl=wo5ezhu0jdqj1tghzxmytph8ectbzk7msori8kumg0g|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814183/; classtype:trojan-activity;sid:83677283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668661360|3f|hash=tkmmirv1dmjmwqyvliycktylf7qvdityhdygirmsshh|7c|26|7c|dl=cgccvsrv5hr4ec23rzehhmvbn3edq1d1stugvkas5dt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814182/; classtype:trojan-activity;sid:83677282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.181.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814181/; classtype:trojan-activity;sid:83677281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.189.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814180/; classtype:trojan-activity;sid:83677280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.16.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814179/; classtype:trojan-activity;sid:83677279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.78.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814178/; classtype:trojan-activity;sid:83677278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.56.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814177/; classtype:trojan-activity;sid:83677277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.91.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814176/; classtype:trojan-activity;sid:83677276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.232.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814175/; classtype:trojan-activity;sid:83677275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20111103042904/http://tarantula.by.ru/localroot/2.6.x/kmod2"; depth:64; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814171/; classtype:trojan-activity;sid:83677271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.184.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814172/; classtype:trojan-activity;sid:83677272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20101020044048/http://www.vsecurity.com/download/tools/linux-rds-exploit.c"; depth:79; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814173/; classtype:trojan-activity;sid:83677273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192641/https://www.kernel-exploits.com/media/can_bcm"; depth:65; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814174/; classtype:trojan-activity;sid:83677274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192641/https://www.kernel-exploits.com/media/rds64"; depth:63; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814170/; classtype:trojan-activity;sid:83677270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192641/https://www.kernel-exploits.com/media/ptrace_kmod2-64"; depth:73; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814166/; classtype:trojan-activity;sid:83677266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20111103042904/http://tarantula.by.ru/localroot/2.6.x/ptrace-kmod"; depth:70; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814167/; classtype:trojan-activity;sid:83677267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192641/https://www.kernel-exploits.com/media/rds"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814168/; classtype:trojan-activity;sid:83677268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192631/https://www.kernel-exploits.com/media/half-nelson3"; depth:70; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814169/; classtype:trojan-activity;sid:83677269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814165/; classtype:trojan-activity;sid:83677265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.213.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814164/; classtype:trojan-activity;sid:83677264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20111103042904/http://tarantula.by.ru/localroot/2.6.x/elflbl"; depth:65; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814163/; classtype:trojan-activity;sid:83677263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20111103042904/http://tarantula.by.ru/localroot/2.6.x/h00lyshit"; depth:68; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814162/; classtype:trojan-activity;sid:83677262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192631/https://www.kernel-exploits.com/media/perf_swevent64"; depth:72; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814159/; classtype:trojan-activity;sid:83677259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192631/https://www.kernel-exploits.com/media/perf_swevent"; depth:70; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814160/; classtype:trojan-activity;sid:83677260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192631/https://www.kernel-exploits.com/media/timeoutpwn64"; depth:70; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814161/; classtype:trojan-activity;sid:83677261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exploits/full-nelson.c"; depth:23; endswith; nocase; http.host; content:"vulnfactory.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814157/; classtype:trojan-activity;sid:83677257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192631/https://www.kernel-exploits.com/media/full-nelson"; depth:69; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814155/; classtype:trojan-activity;sid:83677255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192631/https://www.kernel-exploits.com/media/memodipper64"; depth:70; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814156/; classtype:trojan-activity;sid:83677256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192631/https://www.kernel-exploits.com/media/memodipper"; depth:68; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814154/; classtype:trojan-activity;sid:83677254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20160602192631/https://www.kernel-exploits.com/media/full-nelson64"; depth:71; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814153/; classtype:trojan-activity;sid:83677253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.183.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814152/; classtype:trojan-activity;sid:83677252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.105.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814151/; classtype:trojan-activity;sid:83677251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.121.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814150/; classtype:trojan-activity;sid:83677250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814148/; classtype:trojan-activity;sid:83677248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.56.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814149/; classtype:trojan-activity;sid:83677249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.83.173.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814146/; classtype:trojan-activity;sid:83677246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.18.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814147/; classtype:trojan-activity;sid:83677247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.233.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814145/; classtype:trojan-activity;sid:83677245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.154.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814144/; classtype:trojan-activity;sid:83677244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php|3f|7086"; depth:17; endswith; nocase; http.host; content:"gitkonus.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814142/; classtype:trojan-activity;sid:83677242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php|3f|8082"; depth:17; endswith; nocase; http.host; content:"gitkonus.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814143/; classtype:trojan-activity;sid:83677243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.php|3f|5568"; depth:17; endswith; nocase; http.host; content:"gitkonus.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814141/; classtype:trojan-activity;sid:83677241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814140/; classtype:trojan-activity;sid:83677240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814139/; classtype:trojan-activity;sid:83677239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814138/; classtype:trojan-activity;sid:83677238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/wed/iwanttosxwithudeeolybecauseitrulylovesxwithoumygirlireallymissingu__nowiwantsxwithou.doc"; depth:99; endswith; nocase; http.host; content:"192.3.95.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814137/; classtype:trojan-activity;sid:83677237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.236.187.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814136/; classtype:trojan-activity;sid:83677236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.129.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814135/; classtype:trojan-activity;sid:83677235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.39.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814134/; classtype:trojan-activity;sid:83677234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.251.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814133/; classtype:trojan-activity;sid:83677233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.207.179.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814132/; classtype:trojan-activity;sid:83677232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.222.45.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814131/; classtype:trojan-activity;sid:83677231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.52.48.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814130/; classtype:trojan-activity;sid:83677230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.162.141.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.129.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814126/; classtype:trojan-activity;sid:83677226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.21.223.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.250.160.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.193.88.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814125/; classtype:trojan-activity;sid:83677225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.235.133.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814124/; classtype:trojan-activity;sid:83677224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.228.134.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814116/; classtype:trojan-activity;sid:83677216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.71.46.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814117/; classtype:trojan-activity;sid:83677217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.2.213.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814118/; classtype:trojan-activity;sid:83677218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.168.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814119/; classtype:trojan-activity;sid:83677219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.11.94.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814120/; classtype:trojan-activity;sid:83677220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.101.246.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814121/; classtype:trojan-activity;sid:83677221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.113.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"73.88.104.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814123/; classtype:trojan-activity;sid:83677223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.0.236.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814113/; classtype:trojan-activity;sid:83677213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.53.164.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814114/; classtype:trojan-activity;sid:83677214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"167.250.68.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814115/; classtype:trojan-activity;sid:83677215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.79.103.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814111/; classtype:trojan-activity;sid:83677211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.249.179.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814112/; classtype:trojan-activity;sid:83677212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.6.101.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814106/; classtype:trojan-activity;sid:83677206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.212.204.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814107/; classtype:trojan-activity;sid:83677207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.12.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.133.214.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.158.68.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814110/; classtype:trojan-activity;sid:83677210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.199.42.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814098/; classtype:trojan-activity;sid:83677198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.126.230.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814099/; classtype:trojan-activity;sid:83677199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.123.142.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814100/; classtype:trojan-activity;sid:83677200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.73.75.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814101/; classtype:trojan-activity;sid:83677201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.38.18.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814102/; classtype:trojan-activity;sid:83677202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.76.195.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814103/; classtype:trojan-activity;sid:83677203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.175.205.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814104/; classtype:trojan-activity;sid:83677204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.126.186.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.184.86.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814090/; classtype:trojan-activity;sid:83677190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.138.142.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814091/; classtype:trojan-activity;sid:83677191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814092/; classtype:trojan-activity;sid:83677192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.231.226.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.196.180.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814094/; classtype:trojan-activity;sid:83677194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.128.195.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"131.108.39.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814096/; classtype:trojan-activity;sid:83677196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.127.1.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814097/; classtype:trojan-activity;sid:83677197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.185.47.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814084/; classtype:trojan-activity;sid:83677184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.30.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814085/; classtype:trojan-activity;sid:83677185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.93.41.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814086/; classtype:trojan-activity;sid:83677186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.254.173.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814087/; classtype:trojan-activity;sid:83677187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.76.80.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814088/; classtype:trojan-activity;sid:83677188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.223.44.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814089/; classtype:trojan-activity;sid:83677189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.22.48.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.235.186.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814081/; classtype:trojan-activity;sid:83677181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.34.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.189.218.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814083/; classtype:trojan-activity;sid:83677183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.147.32.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814079/; classtype:trojan-activity;sid:83677179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.255.163.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814078/; classtype:trojan-activity;sid:83677178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.233.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814077/; classtype:trojan-activity;sid:83677177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.117.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814076/; classtype:trojan-activity;sid:83677176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.203.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814075/; classtype:trojan-activity;sid:83677175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.245.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814074/; classtype:trojan-activity;sid:83677174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.201.133.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814073/; classtype:trojan-activity;sid:83677173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.234.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814072/; classtype:trojan-activity;sid:83677172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814071/; classtype:trojan-activity;sid:83677171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.74.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814070/; classtype:trojan-activity;sid:83677170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.2.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814069/; classtype:trojan-activity;sid:83677169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814068/; classtype:trojan-activity;sid:83677168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.190.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814067/; classtype:trojan-activity;sid:83677167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.181.251.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814065/; classtype:trojan-activity;sid:83677165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.150.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814066/; classtype:trojan-activity;sid:83677166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.66.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814064/; classtype:trojan-activity;sid:83677164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.197.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814063/; classtype:trojan-activity;sid:83677163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.197.50.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814062/; classtype:trojan-activity;sid:83677162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.187.83.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814061/; classtype:trojan-activity;sid:83677161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.134.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814060/; classtype:trojan-activity;sid:83677160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.249.58.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814058/; classtype:trojan-activity;sid:83677158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.155.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814059/; classtype:trojan-activity;sid:83677159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.129.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814057/; classtype:trojan-activity;sid:83677157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.1.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814056/; classtype:trojan-activity;sid:83677156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.16.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814055/; classtype:trojan-activity;sid:83677155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.76.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814054/; classtype:trojan-activity;sid:83677154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.151.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814053/; classtype:trojan-activity;sid:83677153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ermak__apk.apk"; depth:15; endswith; nocase; http.host; content:"94.156.10.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814051/; classtype:trojan-activity;sid:83677151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ermak_apk.apk"; depth:14; endswith; nocase; http.host; content:"94.156.10.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814052/; classtype:trojan-activity;sid:83677152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.92.95.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814050/; classtype:trojan-activity;sid:83677150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%2477xmrig.exe"; depth:15; endswith; nocase; http.host; content:"45.88.90.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814049/; classtype:trojan-activity;sid:83677149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.31.198.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814048/; classtype:trojan-activity;sid:83677148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.1.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814047/; classtype:trojan-activity;sid:83677147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slasl.txt"; depth:10; endswith; nocase; http.host; content:"45.128.96.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814045/; classtype:trojan-activity;sid:83677145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bar.jpg"; depth:8; endswith; nocase; http.host; content:"45.128.96.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814046/; classtype:trojan-activity;sid:83677146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g.jpg"; depth:6; endswith; nocase; http.host; content:"87.120.84.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814044/; classtype:trojan-activity;sid:83677144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814043/; classtype:trojan-activity;sid:83677143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ch5.txt"; depth:8; endswith; nocase; http.host; content:"87.120.84.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814042/; classtype:trojan-activity;sid:83677142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.194.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814041/; classtype:trojan-activity;sid:83677141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814040/; classtype:trojan-activity;sid:83677140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.213.180.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814039/; classtype:trojan-activity;sid:83677139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.248.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814038/; classtype:trojan-activity;sid:83677138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.13.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814037/; classtype:trojan-activity;sid:83677137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.64.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814036/; classtype:trojan-activity;sid:83677136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arc"; depth:19; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814035/; classtype:trojan-activity;sid:83677135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.x86"; depth:19; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814024/; classtype:trojan-activity;sid:83677124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.i686"; depth:20; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814025/; classtype:trojan-activity;sid:83677125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.sh4"; depth:19; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814026/; classtype:trojan-activity;sid:83677126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.spc"; depth:19; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814027/; classtype:trojan-activity;sid:83677127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arm"; depth:19; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814028/; classtype:trojan-activity;sid:83677128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.mpsl"; depth:20; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814029/; classtype:trojan-activity;sid:83677129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arm7"; depth:20; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814030/; classtype:trojan-activity;sid:83677130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arm6"; depth:20; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814031/; classtype:trojan-activity;sid:83677131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.m68k"; depth:20; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814032/; classtype:trojan-activity;sid:83677132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.mips"; depth:20; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814033/; classtype:trojan-activity;sid:83677133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arm5"; depth:20; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814034/; classtype:trojan-activity;sid:83677134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.ppc"; depth:19; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814021/; classtype:trojan-activity;sid:83677121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arc"; depth:19; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814022/; classtype:trojan-activity;sid:83677122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.ppc"; depth:19; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814023/; classtype:trojan-activity;sid:83677123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.mpsl"; depth:20; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814015/; classtype:trojan-activity;sid:83677115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arm7"; depth:20; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814016/; classtype:trojan-activity;sid:83677116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.mips"; depth:20; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814017/; classtype:trojan-activity;sid:83677117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters.sh"; depth:11; endswith; nocase; http.host; content:"b.doxbin.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814018/; classtype:trojan-activity;sid:83677118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.i686"; depth:20; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814019/; classtype:trojan-activity;sid:83677119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arm6"; depth:20; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814020/; classtype:trojan-activity;sid:83677120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters.sh"; depth:11; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814013/; classtype:trojan-activity;sid:83677113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.123.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814014/; classtype:trojan-activity;sid:83677114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.x86"; depth:19; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814007/; classtype:trojan-activity;sid:83677107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.m68k"; depth:20; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814008/; classtype:trojan-activity;sid:83677108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arm"; depth:19; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814009/; classtype:trojan-activity;sid:83677109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.arm5"; depth:20; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814010/; classtype:trojan-activity;sid:83677110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.sh4"; depth:19; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814011/; classtype:trojan-activity;sid:83677111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booters/booter.spc"; depth:19; endswith; nocase; http.host; content:"141.98.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814012/; classtype:trojan-activity;sid:83677112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.151.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814006/; classtype:trojan-activity;sid:83677106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.76.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814005/; classtype:trojan-activity;sid:83677105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.187.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814004/; classtype:trojan-activity;sid:83677104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.92.95.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814003/; classtype:trojan-activity;sid:83677103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.166.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814002/; classtype:trojan-activity;sid:83677102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.115.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814000/; classtype:trojan-activity;sid:83677100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.233.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814001/; classtype:trojan-activity;sid:83677101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.187.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813999/; classtype:trojan-activity;sid:83677099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.123.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813998/; classtype:trojan-activity;sid:83677098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.x86"; depth:14; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813994/; classtype:trojan-activity;sid:83677094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.mpsl"; depth:15; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813995/; classtype:trojan-activity;sid:83677095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.arm5"; depth:15; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813996/; classtype:trojan-activity;sid:83677096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.m68k"; depth:15; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813997/; classtype:trojan-activity;sid:83677097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.arm"; depth:14; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813987/; classtype:trojan-activity;sid:83677087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.sh4"; depth:14; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813988/; classtype:trojan-activity;sid:83677088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.spc"; depth:14; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813989/; classtype:trojan-activity;sid:83677089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.ppc"; depth:14; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813990/; classtype:trojan-activity;sid:83677090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.arm6"; depth:15; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813991/; classtype:trojan-activity;sid:83677091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.arm7"; depth:15; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813992/; classtype:trojan-activity;sid:83677092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g4za.mips"; depth:15; endswith; nocase; http.host; content:"93.123.85.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813993/; classtype:trojan-activity;sid:83677093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.92.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813986/; classtype:trojan-activity;sid:83677086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ztoostifbxtbvorcutfplvl84.bin"; depth:30; endswith; nocase; http.host; content:"94.156.79.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813985/; classtype:trojan-activity;sid:83677085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813984/; classtype:trojan-activity;sid:83677084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813983/; classtype:trojan-activity;sid:83677083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813982/; classtype:trojan-activity;sid:83677082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813975/; classtype:trojan-activity;sid:83677075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813976/; classtype:trojan-activity;sid:83677076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.x86"; depth:8; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813977/; classtype:trojan-activity;sid:83677077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/strygetjs.thn"; depth:14; endswith; nocase; http.host; content:"94.156.79.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813978/; classtype:trojan-activity;sid:83677078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813979/; classtype:trojan-activity;sid:83677079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n.mips"; depth:7; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813980/; classtype:trojan-activity;sid:83677080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813981/; classtype:trojan-activity;sid:83677081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813974/; classtype:trojan-activity;sid:83677074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.ppc"; depth:8; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813966/; classtype:trojan-activity;sid:83677066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813967/; classtype:trojan-activity;sid:83677067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813968/; classtype:trojan-activity;sid:83677068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813969/; classtype:trojan-activity;sid:83677069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813970/; classtype:trojan-activity;sid:83677070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813971/; classtype:trojan-activity;sid:83677071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.arm6"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813972/; classtype:trojan-activity;sid:83677072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813973/; classtype:trojan-activity;sid:83677073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813962/; classtype:trojan-activity;sid:83677062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813963/; classtype:trojan-activity;sid:83677063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813964/; classtype:trojan-activity;sid:83677064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.mips"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813965/; classtype:trojan-activity;sid:83677065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.spc"; depth:8; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813956/; classtype:trojan-activity;sid:83677056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.arc"; depth:8; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813957/; classtype:trojan-activity;sid:83677057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813958/; classtype:trojan-activity;sid:83677058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813959/; classtype:trojan-activity;sid:83677059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813960/; classtype:trojan-activity;sid:83677060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.214.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813961/; classtype:trojan-activity;sid:83677061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.sh4"; depth:8; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813953/; classtype:trojan-activity;sid:83677053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.m68k"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813954/; classtype:trojan-activity;sid:83677054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813955/; classtype:trojan-activity;sid:83677055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.arm5"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813949/; classtype:trojan-activity;sid:83677049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arc"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813950/; classtype:trojan-activity;sid:83677050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.mpsl"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813951/; classtype:trojan-activity;sid:83677051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813952/; classtype:trojan-activity;sid:83677052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy12221g4zhhgkj.m68"; depth:26; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813948/; classtype:trojan-activity;sid:83677048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.229.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813947/; classtype:trojan-activity;sid:83677047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.13.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813946/; classtype:trojan-activity;sid:83677046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.166.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813945/; classtype:trojan-activity;sid:83677045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.196.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813944/; classtype:trojan-activity;sid:83677044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.221.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813943/; classtype:trojan-activity;sid:83677043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.0.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813942/; classtype:trojan-activity;sid:83677042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.88.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813940/; classtype:trojan-activity;sid:83677040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.144.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813941/; classtype:trojan-activity;sid:83677041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.222.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813939/; classtype:trojan-activity;sid:83677039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.166.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813938/; classtype:trojan-activity;sid:83677038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.236.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813937/; classtype:trojan-activity;sid:83677037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icmp.ps1"; depth:9; endswith; nocase; http.host; content:"64.23.173.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813935/; classtype:trojan-activity;sid:83677035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.88.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813936/; classtype:trojan-activity;sid:83677036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813934/; classtype:trojan-activity;sid:83677034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.236.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813933/; classtype:trojan-activity;sid:83677033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.231.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813932/; classtype:trojan-activity;sid:83677032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon.bin"; depth:11; endswith; nocase; http.host; content:"47.116.25.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813931/; classtype:trojan-activity;sid:83677031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.92.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813930/; classtype:trojan-activity;sid:83677030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.112.39.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813929/; classtype:trojan-activity;sid:83677029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"139.180.190.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813927/; classtype:trojan-activity;sid:83677027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"139.180.190.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813928/; classtype:trojan-activity;sid:83677028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.27.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813926/; classtype:trojan-activity;sid:83677026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"blue.o7lab.me"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813925/; classtype:trojan-activity;sid:83677025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.179.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813924/; classtype:trojan-activity;sid:83677024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.47.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813923/; classtype:trojan-activity;sid:83677023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.10.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813922/; classtype:trojan-activity;sid:83677022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.218.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813921/; classtype:trojan-activity;sid:83677021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813920/; classtype:trojan-activity;sid:83677020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.222.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813919/; classtype:trojan-activity;sid:83677019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813918/; classtype:trojan-activity;sid:83677018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.213.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813917/; classtype:trojan-activity;sid:83677017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.222.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813916/; classtype:trojan-activity;sid:83677016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.253.33.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813915/; classtype:trojan-activity;sid:83677015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813914/; classtype:trojan-activity;sid:83677014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.144.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813913/; classtype:trojan-activity;sid:83677013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.13.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813912/; classtype:trojan-activity;sid:83677012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.244.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813911/; classtype:trojan-activity;sid:83677011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.194.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813910/; classtype:trojan-activity;sid:83677010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.51.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813909/; classtype:trojan-activity;sid:83677009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.29.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813908/; classtype:trojan-activity;sid:83677008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.179.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813907/; classtype:trojan-activity;sid:83677007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.16.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813906/; classtype:trojan-activity;sid:83677006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.51.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813905/; classtype:trojan-activity;sid:83677005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.10.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813904/; classtype:trojan-activity;sid:83677004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newpinf.exe"; depth:12; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813903/; classtype:trojan-activity;sid:83677003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.188.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813902/; classtype:trojan-activity;sid:83677002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.7.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813901/; classtype:trojan-activity;sid:83677001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.117.189.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813900/; classtype:trojan-activity;sid:83677000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.208.233.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813899/; classtype:trojan-activity;sid:83676999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.158.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813898/; classtype:trojan-activity;sid:83676998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.13.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813897/; classtype:trojan-activity;sid:83676997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.215.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813896/; classtype:trojan-activity;sid:83676996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.178.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813895/; classtype:trojan-activity;sid:83676995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813894/; classtype:trojan-activity;sid:83676994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.216.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813893/; classtype:trojan-activity;sid:83676993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.218.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813892/; classtype:trojan-activity;sid:83676992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.121.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813891/; classtype:trojan-activity;sid:83676991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.188.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813890/; classtype:trojan-activity;sid:83676990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.202.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813889/; classtype:trojan-activity;sid:83676989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.193.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813888/; classtype:trojan-activity;sid:83676988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.12.61.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813886/; classtype:trojan-activity;sid:83676986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.205.253.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813887/; classtype:trojan-activity;sid:83676987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.232.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813884/; classtype:trojan-activity;sid:83676984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.10.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813885/; classtype:trojan-activity;sid:83676985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813883/; classtype:trojan-activity;sid:83676983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.29.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813882/; classtype:trojan-activity;sid:83676982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/small.exe"; depth:10; endswith; nocase; http.host; content:"ergeyo.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813881/; classtype:trojan-activity;sid:83676981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.243.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813880/; classtype:trojan-activity;sid:83676980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.189.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813879/; classtype:trojan-activity;sid:83676979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.42.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813878/; classtype:trojan-activity;sid:83676978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.18.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813877/; classtype:trojan-activity;sid:83676977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.65.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813876/; classtype:trojan-activity;sid:83676976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy122156huk.i686"; depth:23; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813872/; classtype:trojan-activity;sid:83676972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy1221hu54k.arm5"; depth:23; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813873/; classtype:trojan-activity;sid:83676973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy1221gzf74j.spc"; depth:23; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813874/; classtype:trojan-activity;sid:83676974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy122187g4jzh.mips"; depth:25; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813875/; classtype:trojan-activity;sid:83676975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy12215j6kil.arm4"; depth:24; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813868/; classtype:trojan-activity;sid:83676968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy1221541uhlki.arm4t"; depth:27; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813869/; classtype:trojan-activity;sid:83676969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy1221u54kh.arm6"; depth:23; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813870/; classtype:trojan-activity;sid:83676970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy1221gzj487.arm7"; depth:24; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813871/; classtype:trojan-activity;sid:83676971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy122154gzhj.sh4"; depth:23; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813865/; classtype:trojan-activity;sid:83676965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy12214g8jfzt.x86"; depth:24; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813866/; classtype:trojan-activity;sid:83676966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy1221ghz49j8.mpsl"; depth:25; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813867/; classtype:trojan-activity;sid:83676967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy1221g4zhhgkj.m68"; depth:25; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813864/; classtype:trojan-activity;sid:83676964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.30.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813863/; classtype:trojan-activity;sid:83676963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithy122145vhgj.ppc"; depth:23; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813862/; classtype:trojan-activity;sid:83676962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.153.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813861/; classtype:trojan-activity;sid:83676961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.176.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813860/; classtype:trojan-activity;sid:83676960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.18.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813859/; classtype:trojan-activity;sid:83676959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.19.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813858/; classtype:trojan-activity;sid:83676958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.162.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813857/; classtype:trojan-activity;sid:83676957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.9.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813855/; classtype:trojan-activity;sid:83676955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.217.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813856/; classtype:trojan-activity;sid:83676956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.9.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813854/; classtype:trojan-activity;sid:83676954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.42.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813853/; classtype:trojan-activity;sid:83676953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.31.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813852/; classtype:trojan-activity;sid:83676952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.21.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813851/; classtype:trojan-activity;sid:83676951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.154.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813850/; classtype:trojan-activity;sid:83676950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.153.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813849/; classtype:trojan-activity;sid:83676949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.30.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813848/; classtype:trojan-activity;sid:83676948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668627802|3f|hash=kxg93djz43gkuzx4aknedqkzsv2y5weznkcffrnvxuh|7c|26|7c|dl=gp1ipbk4yj80ycibxjgxm3yvlhnnm7olzzvsdl4a4dd|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813847/; classtype:trojan-activity;sid:83676947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isetup7.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813846/; classtype:trojan-activity;sid:83676946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xobizx.scr"; depth:11; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813845/; classtype:trojan-activity;sid:83676945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.19.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813844/; classtype:trojan-activity;sid:83676944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.162.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813843/; classtype:trojan-activity;sid:83676943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.212.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813841/; classtype:trojan-activity;sid:83676941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.171.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813842/; classtype:trojan-activity;sid:83676942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithys-bins.sh"; depth:18; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813839/; classtype:trojan-activity;sid:83676939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.66.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813840/; classtype:trojan-activity;sid:83676940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813837/; classtype:trojan-activity;sid:83676937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813838/; classtype:trojan-activity;sid:83676938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813836/; classtype:trojan-activity;sid:83676936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sex.sh"; depth:7; endswith; nocase; http.host; content:"85.239.34.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813835/; classtype:trojan-activity;sid:83676935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.21.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813834/; classtype:trojan-activity;sid:83676934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813833/; classtype:trojan-activity;sid:83676933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813832/; classtype:trojan-activity;sid:83676932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.194.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813831/; classtype:trojan-activity;sid:83676931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.107.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813830/; classtype:trojan-activity;sid:83676930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.168.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813829/; classtype:trojan-activity;sid:83676929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813828/; classtype:trojan-activity;sid:83676928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jrwutlyvlmzngxxxhwcgqwmq76.bin"; depth:31; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813823/; classtype:trojan-activity;sid:83676923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvrwrzfwguqmhmo198.bin"; depth:23; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813824/; classtype:trojan-activity;sid:83676924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bwcilrktlfvblybs167.bin"; depth:24; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813825/; classtype:trojan-activity;sid:83676925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/betanzb191.bin"; depth:15; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813826/; classtype:trojan-activity;sid:83676926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grcjsms32.bin"; depth:14; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813827/; classtype:trojan-activity;sid:83676927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kfhyg187.bin"; depth:13; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813817/; classtype:trojan-activity;sid:83676917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bvqab57.bin"; depth:12; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813818/; classtype:trojan-activity;sid:83676918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/htlkcti210.bin"; depth:15; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813819/; classtype:trojan-activity;sid:83676919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ltgvvwnlz183.bin"; depth:17; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813820/; classtype:trojan-activity;sid:83676920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yfqtqbemz77.bin"; depth:16; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813821/; classtype:trojan-activity;sid:83676921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajiujecwtysrvswj26.bin"; depth:23; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813822/; classtype:trojan-activity;sid:83676922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.212.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813816/; classtype:trojan-activity;sid:83676916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.sh"; depth:5; endswith; nocase; http.host; content:"15.235.153.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813815/; classtype:trojan-activity;sid:83676915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/100/rvc.txt"; depth:12; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813813/; classtype:trojan-activity;sid:83676913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/dirus"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813814/; classtype:trojan-activity;sid:83676914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/100/sampleimagepixel.jpeg"; depth:26; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813812/; classtype:trojan-activity;sid:83676912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/eccci.txt"; depth:19; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813811/; classtype:trojan-activity;sid:83676911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.217.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813810/; classtype:trojan-activity;sid:83676910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813809/; classtype:trojan-activity;sid:83676909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.66.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813808/; classtype:trojan-activity;sid:83676908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813807/; classtype:trojan-activity;sid:83676907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813806/; classtype:trojan-activity;sid:83676906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813805/; classtype:trojan-activity;sid:83676905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.130.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813804/; classtype:trojan-activity;sid:83676904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.135.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813803/; classtype:trojan-activity;sid:83676903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.183.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813802/; classtype:trojan-activity;sid:83676902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.20.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813801/; classtype:trojan-activity;sid:83676901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.107.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813799/; classtype:trojan-activity;sid:83676899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.168.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813800/; classtype:trojan-activity;sid:83676900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.110.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813798/; classtype:trojan-activity;sid:83676898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ssh4"; depth:6; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813797/; classtype:trojan-activity;sid:83676897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.15.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813796/; classtype:trojan-activity;sid:83676896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.155.93.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813795/; classtype:trojan-activity;sid:83676895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.217.148.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813794/; classtype:trojan-activity;sid:83676894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.67.115.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813793/; classtype:trojan-activity;sid:83676893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.72.199.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813791/; classtype:trojan-activity;sid:83676891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.153.161.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813792/; classtype:trojan-activity;sid:83676892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orla/nutrex.zip"; depth:16; endswith; nocase; http.host; content:"94.103.83.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813790/; classtype:trojan-activity;sid:83676890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.67.227.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813787/; classtype:trojan-activity;sid:83676887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.77.147.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813788/; classtype:trojan-activity;sid:83676888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1mqpiicoawkzfriwtzj7d_ts7cdhz8wrz"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813789/; classtype:trojan-activity;sid:83676889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxx.bat"; depth:8; endswith; nocase; http.host; content:"193.222.96.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813785/; classtype:trojan-activity;sid:83676885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.hta"; depth:5; endswith; nocase; http.host; content:"193.222.96.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813786/; classtype:trojan-activity;sid:83676886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asfffffffffffa"; depth:15; endswith; nocase; http.host; content:"02ip.ru"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813784/; classtype:trojan-activity;sid:83676884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.116.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813783/; classtype:trojan-activity;sid:83676883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.8.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813782/; classtype:trojan-activity;sid:83676882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.217.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813781/; classtype:trojan-activity;sid:83676881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813779/; classtype:trojan-activity;sid:83676879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/100/gmmp/wetrytosexwithhertrulyfromtheheartbecausesheisverybeautigfulgirlwholikesxwthmefromtheheart___toundersadhowmuchiwantherforexsheisvey.doc"; depth:145; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813780/; classtype:trojan-activity;sid:83676880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.166.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813778/; classtype:trojan-activity;sid:83676878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.200.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813777/; classtype:trojan-activity;sid:83676877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nigger.sh"; depth:10; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813776/; classtype:trojan-activity;sid:83676876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.95.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813775/; classtype:trojan-activity;sid:83676875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.30.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813774/; classtype:trojan-activity;sid:83676874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.248.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813773/; classtype:trojan-activity;sid:83676873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813772/; classtype:trojan-activity;sid:83676872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813771/; classtype:trojan-activity;sid:83676871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.195.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813770/; classtype:trojan-activity;sid:83676870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.100.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813769/; classtype:trojan-activity;sid:83676869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.51.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813768/; classtype:trojan-activity;sid:83676868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.204.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813767/; classtype:trojan-activity;sid:83676867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.91.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813766/; classtype:trojan-activity;sid:83676866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813765/; classtype:trojan-activity;sid:83676865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.220.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813764/; classtype:trojan-activity;sid:83676864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.103.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813763/; classtype:trojan-activity;sid:83676863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.208.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813762/; classtype:trojan-activity;sid:83676862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.107.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813761/; classtype:trojan-activity;sid:83676861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.73.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813760/; classtype:trojan-activity;sid:83676860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.166.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813759/; classtype:trojan-activity;sid:83676859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"95.179.178.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813757/; classtype:trojan-activity;sid:83676857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"95.179.178.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813758/; classtype:trojan-activity;sid:83676858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.160.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813756/; classtype:trojan-activity;sid:83676856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.10.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813755/; classtype:trojan-activity;sid:83676855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813754/; classtype:trojan-activity;sid:83676854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.170.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813753/; classtype:trojan-activity;sid:83676853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm4"; depth:6; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813752/; classtype:trojan-activity;sid:83676852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/wget.sh"; depth:10; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813751/; classtype:trojan-activity;sid:83676851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.195.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813750/; classtype:trojan-activity;sid:83676850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813749/; classtype:trojan-activity;sid:83676849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.71.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813748/; classtype:trojan-activity;sid:83676848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.200.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813747/; classtype:trojan-activity;sid:83676847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.184.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813746/; classtype:trojan-activity;sid:83676846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813745/; classtype:trojan-activity;sid:83676845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.204.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813744/; classtype:trojan-activity;sid:83676844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.220.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813743/; classtype:trojan-activity;sid:83676843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.107.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813742/; classtype:trojan-activity;sid:83676842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.167.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813741/; classtype:trojan-activity;sid:83676841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813740/; classtype:trojan-activity;sid:83676840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813735/; classtype:trojan-activity;sid:83676835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813736/; classtype:trojan-activity;sid:83676836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813737/; classtype:trojan-activity;sid:83676837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813738/; classtype:trojan-activity;sid:83676838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813739/; classtype:trojan-activity;sid:83676839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813731/; classtype:trojan-activity;sid:83676831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813732/; classtype:trojan-activity;sid:83676832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813733/; classtype:trojan-activity;sid:83676833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813734/; classtype:trojan-activity;sid:83676834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813729/; classtype:trojan-activity;sid:83676829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"91.92.243.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813730/; classtype:trojan-activity;sid:83676830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.13.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813728/; classtype:trojan-activity;sid:83676828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.70.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813727/; classtype:trojan-activity;sid:83676827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.160.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813725/; classtype:trojan-activity;sid:83676825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.116.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813726/; classtype:trojan-activity;sid:83676826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//armv6l"; depth:8; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813724/; classtype:trojan-activity;sid:83676824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.10.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813723/; classtype:trojan-activity;sid:83676823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.65.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813722/; classtype:trojan-activity;sid:83676822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813720/; classtype:trojan-activity;sid:83676820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.155.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813721/; classtype:trojan-activity;sid:83676821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813718/; classtype:trojan-activity;sid:83676818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"hi.vani.ovh"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813719/; classtype:trojan-activity;sid:83676819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.47.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813717/; classtype:trojan-activity;sid:83676817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.84.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813714/; classtype:trojan-activity;sid:83676814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.15.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813715/; classtype:trojan-activity;sid:83676815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813716/; classtype:trojan-activity;sid:83676816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.123.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813712/; classtype:trojan-activity;sid:83676812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.144.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813713/; classtype:trojan-activity;sid:83676813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.49.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813711/; classtype:trojan-activity;sid:83676811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.18.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813709/; classtype:trojan-activity;sid:83676809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.135.64.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813710/; classtype:trojan-activity;sid:83676810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.22.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813708/; classtype:trojan-activity;sid:83676808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.33.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813707/; classtype:trojan-activity;sid:83676807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.125.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813706/; classtype:trojan-activity;sid:83676806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.65.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813705/; classtype:trojan-activity;sid:83676805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.156.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813703/; classtype:trojan-activity;sid:83676803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.118.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813704/; classtype:trojan-activity;sid:83676804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813702/; classtype:trojan-activity;sid:83676802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.188.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813701/; classtype:trojan-activity;sid:83676801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.215.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813700/; classtype:trojan-activity;sid:83676800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.196.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813699/; classtype:trojan-activity;sid:83676799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.33.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813698/; classtype:trojan-activity;sid:83676798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.154.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813697/; classtype:trojan-activity;sid:83676797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.176.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813696/; classtype:trojan-activity;sid:83676796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.36.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813695/; classtype:trojan-activity;sid:83676795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813693/; classtype:trojan-activity;sid:83676793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.177.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813694/; classtype:trojan-activity;sid:83676794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.123.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813692/; classtype:trojan-activity;sid:83676792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.22.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813691/; classtype:trojan-activity;sid:83676791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.194.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813690/; classtype:trojan-activity;sid:83676790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.207.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813689/; classtype:trojan-activity;sid:83676789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.135.64.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813688/; classtype:trojan-activity;sid:83676788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.220.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813687/; classtype:trojan-activity;sid:83676787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.125.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813686/; classtype:trojan-activity;sid:83676786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.157.90.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813685/; classtype:trojan-activity;sid:83676785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.167.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813684/; classtype:trojan-activity;sid:83676784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813683/; classtype:trojan-activity;sid:83676783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.115.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813682/; classtype:trojan-activity;sid:83676782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.36.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813681/; classtype:trojan-activity;sid:83676781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.250.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813680/; classtype:trojan-activity;sid:83676780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.154.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813679/; classtype:trojan-activity;sid:83676779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813678/; classtype:trojan-activity;sid:83676778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.102.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813677/; classtype:trojan-activity;sid:83676777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simon/gumer.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813676/; classtype:trojan-activity;sid:83676776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.239.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813675/; classtype:trojan-activity;sid:83676775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.17.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813674/; classtype:trojan-activity;sid:83676774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.235.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813673/; classtype:trojan-activity;sid:83676773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.242.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813672/; classtype:trojan-activity;sid:83676772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.242.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813671/; classtype:trojan-activity;sid:83676771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.9.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813669/; classtype:trojan-activity;sid:83676769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.102.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813670/; classtype:trojan-activity;sid:83676770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.225.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813668/; classtype:trojan-activity;sid:83676768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.252.255.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813667/; classtype:trojan-activity;sid:83676767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.9.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813666/; classtype:trojan-activity;sid:83676766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.204.224.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813665/; classtype:trojan-activity;sid:83676765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.61.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813664/; classtype:trojan-activity;sid:83676764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.16.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813663/; classtype:trojan-activity;sid:83676763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.175.137.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813662/; classtype:trojan-activity;sid:83676762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.235.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813661/; classtype:trojan-activity;sid:83676761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813660/; classtype:trojan-activity;sid:83676760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.182.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813659/; classtype:trojan-activity;sid:83676759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.121.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813658/; classtype:trojan-activity;sid:83676758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.191.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813657/; classtype:trojan-activity;sid:83676757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.131.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813656/; classtype:trojan-activity;sid:83676756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.51.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813655/; classtype:trojan-activity;sid:83676755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.225.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813653/; classtype:trojan-activity;sid:83676753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668632219|3f|hash=1skjlxfjnunkk7bhyf3vdlj3dilo6tuc025mreoc24o|7c|26|7c|dl=fvg5bh934joizwhy6nm3yp9w9yppkgrdgjnhrm89db4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813654/; classtype:trojan-activity;sid:83676754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.181.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813652/; classtype:trojan-activity;sid:83676752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.9.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813651/; classtype:trojan-activity;sid:83676751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.195.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813650/; classtype:trojan-activity;sid:83676750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.9.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813649/; classtype:trojan-activity;sid:83676749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.121.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813648/; classtype:trojan-activity;sid:83676748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.126.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813647/; classtype:trojan-activity;sid:83676747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.87.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813646/; classtype:trojan-activity;sid:83676746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.16.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813645/; classtype:trojan-activity;sid:83676745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.40.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813644/; classtype:trojan-activity;sid:83676744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.117.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813642/; classtype:trojan-activity;sid:83676742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.80.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813643/; classtype:trojan-activity;sid:83676743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813641/; classtype:trojan-activity;sid:83676741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.182.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813640/; classtype:trojan-activity;sid:83676740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.236.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813638/; classtype:trojan-activity;sid:83676738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.233.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813639/; classtype:trojan-activity;sid:83676739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.118.102.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813637/; classtype:trojan-activity;sid:83676737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.35.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813636/; classtype:trojan-activity;sid:83676736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.181.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813635/; classtype:trojan-activity;sid:83676735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813634/; classtype:trojan-activity;sid:83676734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.97.147.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813633/; classtype:trojan-activity;sid:83676733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.191.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813632/; classtype:trojan-activity;sid:83676732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.255.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813631/; classtype:trojan-activity;sid:83676731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.126.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813630/; classtype:trojan-activity;sid:83676730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.195.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813629/; classtype:trojan-activity;sid:83676729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.87.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813628/; classtype:trojan-activity;sid:83676728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813627/; classtype:trojan-activity;sid:83676727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.90.148.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813625/; classtype:trojan-activity;sid:83676725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.172.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813626/; classtype:trojan-activity;sid:83676726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.237.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813624/; classtype:trojan-activity;sid:83676724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.197.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813623/; classtype:trojan-activity;sid:83676723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.92.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813622/; classtype:trojan-activity;sid:83676722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.101.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813621/; classtype:trojan-activity;sid:83676721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.175.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813620/; classtype:trojan-activity;sid:83676720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813619/; classtype:trojan-activity;sid:83676719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.156.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813618/; classtype:trojan-activity;sid:83676718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.232.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813617/; classtype:trojan-activity;sid:83676717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.105.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813616/; classtype:trojan-activity;sid:83676716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.55.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813615/; classtype:trojan-activity;sid:83676715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.255.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813614/; classtype:trojan-activity;sid:83676714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.188.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813613/; classtype:trojan-activity;sid:83676713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.8.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813612/; classtype:trojan-activity;sid:83676712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.206.137.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813610/; classtype:trojan-activity;sid:83676710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.232.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813611/; classtype:trojan-activity;sid:83676711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.198.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813609/; classtype:trojan-activity;sid:83676709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.76.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813607/; classtype:trojan-activity;sid:83676707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.41.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813608/; classtype:trojan-activity;sid:83676708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.84.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813606/; classtype:trojan-activity;sid:83676706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.151.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813605/; classtype:trojan-activity;sid:83676705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"207.148.70.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813602/; classtype:trojan-activity;sid:83676702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"207.148.70.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813603/; classtype:trojan-activity;sid:83676703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.60.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813604/; classtype:trojan-activity;sid:83676704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.251.209.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813601/; classtype:trojan-activity;sid:83676701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.105.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813599/; classtype:trojan-activity;sid:83676699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.232.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813600/; classtype:trojan-activity;sid:83676700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.55.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813598/; classtype:trojan-activity;sid:83676698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.156.210.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813596/; classtype:trojan-activity;sid:83676696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.41.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813597/; classtype:trojan-activity;sid:83676697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.7.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813594/; classtype:trojan-activity;sid:83676694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.201.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813595/; classtype:trojan-activity;sid:83676695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.209.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813593/; classtype:trojan-activity;sid:83676693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813592/; classtype:trojan-activity;sid:83676692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.29.146.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813591/; classtype:trojan-activity;sid:83676691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.203.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813590/; classtype:trojan-activity;sid:83676690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.197.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813589/; classtype:trojan-activity;sid:83676689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.225.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813588/; classtype:trojan-activity;sid:83676688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.76.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813587/; classtype:trojan-activity;sid:83676687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.232.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813585/; classtype:trojan-activity;sid:83676685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.151.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813586/; classtype:trojan-activity;sid:83676686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.32.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813584/; classtype:trojan-activity;sid:83676684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.39.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813583/; classtype:trojan-activity;sid:83676683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.150.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813582/; classtype:trojan-activity;sid:83676682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813581/; classtype:trojan-activity;sid:83676681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.31.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813580/; classtype:trojan-activity;sid:83676680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.201.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813579/; classtype:trojan-activity;sid:83676679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.209.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813578/; classtype:trojan-activity;sid:83676678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.73.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813577/; classtype:trojan-activity;sid:83676677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.7.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813576/; classtype:trojan-activity;sid:83676676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.57.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813575/; classtype:trojan-activity;sid:83676675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/mpsl"; depth:9; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813570/; classtype:trojan-activity;sid:83676670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/sh4"; depth:8; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813571/; classtype:trojan-activity;sid:83676671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/ppc"; depth:8; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813572/; classtype:trojan-activity;sid:83676672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/m68k"; depth:9; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813573/; classtype:trojan-activity;sid:83676673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/spc"; depth:8; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813574/; classtype:trojan-activity;sid:83676674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/arm6"; depth:9; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813564/; classtype:trojan-activity;sid:83676664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/arm"; depth:8; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813565/; classtype:trojan-activity;sid:83676665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.56.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813566/; classtype:trojan-activity;sid:83676666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/arm7"; depth:9; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813567/; classtype:trojan-activity;sid:83676667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/mips"; depth:9; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813568/; classtype:trojan-activity;sid:83676668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/x86"; depth:8; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813569/; classtype:trojan-activity;sid:83676669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu/arm5"; depth:9; endswith; nocase; http.host; content:"67.217.48.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813563/; classtype:trojan-activity;sid:83676663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.133.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813562/; classtype:trojan-activity;sid:83676662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.29.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813561/; classtype:trojan-activity;sid:83676661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.138.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813560/; classtype:trojan-activity;sid:83676660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.32.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813559/; classtype:trojan-activity;sid:83676659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.167.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813558/; classtype:trojan-activity;sid:83676658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.i486"; depth:9; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813552/; classtype:trojan-activity;sid:83676652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86"; depth:8; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813553/; classtype:trojan-activity;sid:83676653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86_64"; depth:11; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813554/; classtype:trojan-activity;sid:83676654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mips"; depth:9; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813555/; classtype:trojan-activity;sid:83676655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.i686"; depth:9; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813556/; classtype:trojan-activity;sid:83676656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"193.177.182.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813557/; classtype:trojan-activity;sid:83676657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/var"; depth:4; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813548/; classtype:trojan-activity;sid:83676648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813549/; classtype:trojan-activity;sid:83676649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftpd"; depth:6; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813550/; classtype:trojan-activity;sid:83676650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813551/; classtype:trojan-activity;sid:83676651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nano"; depth:5; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813545/; classtype:trojan-activity;sid:83676645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pc"; depth:3; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813546/; classtype:trojan-activity;sid:83676646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813547/; classtype:trojan-activity;sid:83676647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813543/; classtype:trojan-activity;sid:83676643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813544/; classtype:trojan-activity;sid:83676644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.ppc"; depth:8; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813536/; classtype:trojan-activity;sid:83676636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mips64"; depth:11; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813537/; classtype:trojan-activity;sid:83676637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.m68k"; depth:9; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813538/; classtype:trojan-activity;sid:83676638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813539/; classtype:trojan-activity;sid:83676639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm"; depth:8; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813540/; classtype:trojan-activity;sid:83676640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mpsl"; depth:9; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813541/; classtype:trojan-activity;sid:83676641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm5"; depth:9; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813542/; classtype:trojan-activity;sid:83676642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813533/; classtype:trojan-activity;sid:83676633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.sh4"; depth:8; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813534/; classtype:trojan-activity;sid:83676634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm6"; depth:9; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813535/; classtype:trojan-activity;sid:83676635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813528/; classtype:trojan-activity;sid:83676628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813529/; classtype:trojan-activity;sid:83676629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813530/; classtype:trojan-activity;sid:83676630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813531/; classtype:trojan-activity;sid:83676631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm7"; depth:9; endswith; nocase; http.host; content:"37.44.238.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813532/; classtype:trojan-activity;sid:83676632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813524/; classtype:trojan-activity;sid:83676624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813525/; classtype:trojan-activity;sid:83676625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813526/; classtype:trojan-activity;sid:83676626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.196.8.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813527/; classtype:trojan-activity;sid:83676627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813521/; classtype:trojan-activity;sid:83676621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813522/; classtype:trojan-activity;sid:83676622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813523/; classtype:trojan-activity;sid:83676623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813517/; classtype:trojan-activity;sid:83676617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"45.128.232.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813518/; classtype:trojan-activity;sid:83676618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813519/; classtype:trojan-activity;sid:83676619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813520/; classtype:trojan-activity;sid:83676620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813515/; classtype:trojan-activity;sid:83676615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813516/; classtype:trojan-activity;sid:83676616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813513/; classtype:trojan-activity;sid:83676613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"89.190.156.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813514/; classtype:trojan-activity;sid:83676614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"65.172.242.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813512/; classtype:trojan-activity;sid:83676612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.156.210.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813511/; classtype:trojan-activity;sid:83676611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813510/; classtype:trojan-activity;sid:83676610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.73.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813509/; classtype:trojan-activity;sid:83676609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813508/; classtype:trojan-activity;sid:83676608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.239.103.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813506/; classtype:trojan-activity;sid:83676606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.60.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813507/; classtype:trojan-activity;sid:83676607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.49.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813505/; classtype:trojan-activity;sid:83676605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.99.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813504/; classtype:trojan-activity;sid:83676604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.232.48.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813503/; classtype:trojan-activity;sid:83676603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813502/; classtype:trojan-activity;sid:83676602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"65.172.242.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813501/; classtype:trojan-activity;sid:83676601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813500/; classtype:trojan-activity;sid:83676600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.22.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813499/; classtype:trojan-activity;sid:83676599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.59.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813497/; classtype:trojan-activity;sid:83676597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.20.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813498/; classtype:trojan-activity;sid:83676598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.78.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813496/; classtype:trojan-activity;sid:83676596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.254.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813495/; classtype:trojan-activity;sid:83676595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.124.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813494/; classtype:trojan-activity;sid:83676594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813492/; classtype:trojan-activity;sid:83676592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.180.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813493/; classtype:trojan-activity;sid:83676593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.216.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813491/; classtype:trojan-activity;sid:83676591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813490/; classtype:trojan-activity;sid:83676590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.29.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813489/; classtype:trojan-activity;sid:83676589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.232.48.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813488/; classtype:trojan-activity;sid:83676588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.59.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813487/; classtype:trojan-activity;sid:83676587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.49.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813486/; classtype:trojan-activity;sid:83676586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813485/; classtype:trojan-activity;sid:83676585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.25.183.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813484/; classtype:trojan-activity;sid:83676584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.204.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813483/; classtype:trojan-activity;sid:83676583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.124.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813482/; classtype:trojan-activity;sid:83676582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.216.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813481/; classtype:trojan-activity;sid:83676581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.201.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813480/; classtype:trojan-activity;sid:83676580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813479/; classtype:trojan-activity;sid:83676579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.254.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813478/; classtype:trojan-activity;sid:83676578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.78.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813477/; classtype:trojan-activity;sid:83676577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.196.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813476/; classtype:trojan-activity;sid:83676576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.148.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813475/; classtype:trojan-activity;sid:83676575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.180.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813472/; classtype:trojan-activity;sid:83676572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.146.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813473/; classtype:trojan-activity;sid:83676573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.221.58.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813474/; classtype:trojan-activity;sid:83676574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.222.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813471/; classtype:trojan-activity;sid:83676571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.20.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813470/; classtype:trojan-activity;sid:83676570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.252.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813469/; classtype:trojan-activity;sid:83676569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813468/; classtype:trojan-activity;sid:83676568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.246.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813467/; classtype:trojan-activity;sid:83676567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.147.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813466/; classtype:trojan-activity;sid:83676566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.120.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813465/; classtype:trojan-activity;sid:83676565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.74.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813464/; classtype:trojan-activity;sid:83676564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.152.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813463/; classtype:trojan-activity;sid:83676563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.49.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813462/; classtype:trojan-activity;sid:83676562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.223.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813461/; classtype:trojan-activity;sid:83676561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.146.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813460/; classtype:trojan-activity;sid:83676560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.201.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813459/; classtype:trojan-activity;sid:83676559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.252.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813458/; classtype:trojan-activity;sid:83676558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.54.98.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813457/; classtype:trojan-activity;sid:83676557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.157.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813456/; classtype:trojan-activity;sid:83676556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.252.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813455/; classtype:trojan-activity;sid:83676555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.234.75.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813454/; classtype:trojan-activity;sid:83676554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.77.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813452/; classtype:trojan-activity;sid:83676552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.41.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813453/; classtype:trojan-activity;sid:83676553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.179.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813451/; classtype:trojan-activity;sid:83676551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813450/; classtype:trojan-activity;sid:83676550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.246.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813449/; classtype:trojan-activity;sid:83676549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.223.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813448/; classtype:trojan-activity;sid:83676548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.222.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813447/; classtype:trojan-activity;sid:83676547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.74.20.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813445/; classtype:trojan-activity;sid:83676545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.120.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813446/; classtype:trojan-activity;sid:83676546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.41.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813444/; classtype:trojan-activity;sid:83676544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.204.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813443/; classtype:trojan-activity;sid:83676543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.27.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813442/; classtype:trojan-activity;sid:83676542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813441/; classtype:trojan-activity;sid:83676541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.39.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813440/; classtype:trojan-activity;sid:83676540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.206.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813439/; classtype:trojan-activity;sid:83676539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.43.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813438/; classtype:trojan-activity;sid:83676538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.214.34.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813437/; classtype:trojan-activity;sid:83676537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.182.182.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813436/; classtype:trojan-activity;sid:83676536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.236.184.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813435/; classtype:trojan-activity;sid:83676535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.239.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813434/; classtype:trojan-activity;sid:83676534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.6.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813433/; classtype:trojan-activity;sid:83676533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.191.207.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813432/; classtype:trojan-activity;sid:83676532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.77.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813431/; classtype:trojan-activity;sid:83676531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.253.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813430/; classtype:trojan-activity;sid:83676530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.221.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813429/; classtype:trojan-activity;sid:83676529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.27.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813428/; classtype:trojan-activity;sid:83676528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.33.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813427/; classtype:trojan-activity;sid:83676527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.15.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813426/; classtype:trojan-activity;sid:83676526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.143.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813425/; classtype:trojan-activity;sid:83676525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813424/; classtype:trojan-activity;sid:83676524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.182.182.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813423/; classtype:trojan-activity;sid:83676523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.87.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813422/; classtype:trojan-activity;sid:83676522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813421/; classtype:trojan-activity;sid:83676521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.6.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813419/; classtype:trojan-activity;sid:83676519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.28.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813420/; classtype:trojan-activity;sid:83676520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.25.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813418/; classtype:trojan-activity;sid:83676518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.146.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813417/; classtype:trojan-activity;sid:83676517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.15.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813416/; classtype:trojan-activity;sid:83676516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.191.207.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813415/; classtype:trojan-activity;sid:83676515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.215.191.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813414/; classtype:trojan-activity;sid:83676514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.68.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813413/; classtype:trojan-activity;sid:83676513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.25.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813412/; classtype:trojan-activity;sid:83676512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.157.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813411/; classtype:trojan-activity;sid:83676511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.143.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813410/; classtype:trojan-activity;sid:83676510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.5.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813409/; classtype:trojan-activity;sid:83676509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.110.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813408/; classtype:trojan-activity;sid:83676508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.245.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813407/; classtype:trojan-activity;sid:83676507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.239.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813406/; classtype:trojan-activity;sid:83676506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.68.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813405/; classtype:trojan-activity;sid:83676505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.146.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813404/; classtype:trojan-activity;sid:83676504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.20.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813402/; classtype:trojan-activity;sid:83676502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813403/; classtype:trojan-activity;sid:83676503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.195.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813401/; classtype:trojan-activity;sid:83676501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.105.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813400/; classtype:trojan-activity;sid:83676500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.49.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813399/; classtype:trojan-activity;sid:83676499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.86.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813398/; classtype:trojan-activity;sid:83676498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.41.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813397/; classtype:trojan-activity;sid:83676497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.151.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813396/; classtype:trojan-activity;sid:83676496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.110.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813395/; classtype:trojan-activity;sid:83676495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.194.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813394/; classtype:trojan-activity;sid:83676494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.27.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813393/; classtype:trojan-activity;sid:83676493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.83.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813392/; classtype:trojan-activity;sid:83676492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.50.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813391/; classtype:trojan-activity;sid:83676491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.134.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813390/; classtype:trojan-activity;sid:83676490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.37.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813389/; classtype:trojan-activity;sid:83676489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.138.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813388/; classtype:trojan-activity;sid:83676488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.20.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813387/; classtype:trojan-activity;sid:83676487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xlowiss95s8g"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813386/; classtype:trojan-activity;sid:83676486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.84.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813385/; classtype:trojan-activity;sid:83676485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.129.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813384/; classtype:trojan-activity;sid:83676484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.26.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813382/; classtype:trojan-activity;sid:83676482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"94.154.33.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813383/; classtype:trojan-activity;sid:83676483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.85.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813381/; classtype:trojan-activity;sid:83676481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.223.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813380/; classtype:trojan-activity;sid:83676480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.134.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813379/; classtype:trojan-activity;sid:83676479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.105.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813378/; classtype:trojan-activity;sid:83676478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668640900|3f|hash=yv6kj28ovoipmjmxx42btzmvjr0ozsivrm7u1jlfcmx|7c|26|7c|dl=dpxvscrmopn7ds6eapqhfvx9ltx0vyhb7ipa6nz4mzt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813377/; classtype:trojan-activity;sid:83676477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.221.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813376/; classtype:trojan-activity;sid:83676476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.129.152.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813375/; classtype:trojan-activity;sid:83676475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.64.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813373/; classtype:trojan-activity;sid:83676473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.53.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813374/; classtype:trojan-activity;sid:83676474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.125.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813372/; classtype:trojan-activity;sid:83676472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.70.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813371/; classtype:trojan-activity;sid:83676471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.138.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813370/; classtype:trojan-activity;sid:83676470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.83.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813369/; classtype:trojan-activity;sid:83676469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.85.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813368/; classtype:trojan-activity;sid:83676468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.46.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813367/; classtype:trojan-activity;sid:83676467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.37.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813366/; classtype:trojan-activity;sid:83676466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.232.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813365/; classtype:trojan-activity;sid:83676465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/661d9eb70e16ec15c9165e54"; depth:34; endswith; nocase; http.host; content:"api.discreetshare.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813363/; classtype:trojan-activity;sid:83676463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.26.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813364/; classtype:trojan-activity;sid:83676464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.21.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813362/; classtype:trojan-activity;sid:83676462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.9.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813361/; classtype:trojan-activity;sid:83676461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.46.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813360/; classtype:trojan-activity;sid:83676460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.214.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813358/; classtype:trojan-activity;sid:83676458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.221.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813359/; classtype:trojan-activity;sid:83676459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.86.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813357/; classtype:trojan-activity;sid:83676457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.8.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813356/; classtype:trojan-activity;sid:83676456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.196.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813355/; classtype:trojan-activity;sid:83676455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.185.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813354/; classtype:trojan-activity;sid:83676454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.175.137.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813353/; classtype:trojan-activity;sid:83676453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.232.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813352/; classtype:trojan-activity;sid:83676452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.79.188.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813351/; classtype:trojan-activity;sid:83676451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.35.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813349/; classtype:trojan-activity;sid:83676449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.232.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813350/; classtype:trojan-activity;sid:83676450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.9.53"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813348/; classtype:trojan-activity;sid:83676448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.27.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813347/; classtype:trojan-activity;sid:83676447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.200.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813345/; classtype:trojan-activity;sid:83676445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.80.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813346/; classtype:trojan-activity;sid:83676446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.12.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813344/; classtype:trojan-activity;sid:83676444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.212.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813343/; classtype:trojan-activity;sid:83676443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.172.49.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813341/; classtype:trojan-activity;sid:83676441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.214.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813342/; classtype:trojan-activity;sid:83676442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.86.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813339/; classtype:trojan-activity;sid:83676439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.79.188.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813340/; classtype:trojan-activity;sid:83676440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.8.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813338/; classtype:trojan-activity;sid:83676438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.123.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813337/; classtype:trojan-activity;sid:83676437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.202.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813336/; classtype:trojan-activity;sid:83676436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.228.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813333/; classtype:trojan-activity;sid:83676433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.58.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813334/; classtype:trojan-activity;sid:83676434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.172.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813335/; classtype:trojan-activity;sid:83676435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.78.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813332/; classtype:trojan-activity;sid:83676432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.232.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813331/; classtype:trojan-activity;sid:83676431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.145.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813330/; classtype:trojan-activity;sid:83676430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.57.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813329/; classtype:trojan-activity;sid:83676429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.35.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813328/; classtype:trojan-activity;sid:83676428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.12.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813327/; classtype:trojan-activity;sid:83676427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.171.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813326/; classtype:trojan-activity;sid:83676426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.89.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813325/; classtype:trojan-activity;sid:83676425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.179.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813324/; classtype:trojan-activity;sid:83676424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.198.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813323/; classtype:trojan-activity;sid:83676423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.238.110.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813322/; classtype:trojan-activity;sid:83676422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.243.98.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813321/; classtype:trojan-activity;sid:83676421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/ibrrb/423423af.exe"; depth:23; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813320/; classtype:trojan-activity;sid:83676420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.55.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813319/; classtype:trojan-activity;sid:83676419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.151.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813318/; classtype:trojan-activity;sid:83676418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"196.119.147.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813317/; classtype:trojan-activity;sid:83676417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.55.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813316/; classtype:trojan-activity;sid:83676416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.93.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813315/; classtype:trojan-activity;sid:83676415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.47.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813314/; classtype:trojan-activity;sid:83676414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.179.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813313/; classtype:trojan-activity;sid:83676413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813312/; classtype:trojan-activity;sid:83676412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.106.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813311/; classtype:trojan-activity;sid:83676411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.78.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813310/; classtype:trojan-activity;sid:83676410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spamhausproject"; depth:16; endswith; nocase; http.host; content:"176.97.210.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813309/; classtype:trojan-activity;sid:83676409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.60.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813308/; classtype:trojan-activity;sid:83676408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.13.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813307/; classtype:trojan-activity;sid:83676407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.171.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813306/; classtype:trojan-activity;sid:83676406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.224.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813305/; classtype:trojan-activity;sid:83676405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.152.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813304/; classtype:trojan-activity;sid:83676404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.225.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813303/; classtype:trojan-activity;sid:83676403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.38.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813302/; classtype:trojan-activity;sid:83676402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.44.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813301/; classtype:trojan-activity;sid:83676401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.139.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813300/; classtype:trojan-activity;sid:83676400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.203.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813299/; classtype:trojan-activity;sid:83676399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.139.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813296/; classtype:trojan-activity;sid:83676396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.236.200.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813297/; classtype:trojan-activity;sid:83676397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.244.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813298/; classtype:trojan-activity;sid:83676398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.194.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813295/; classtype:trojan-activity;sid:83676395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.199.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813294/; classtype:trojan-activity;sid:83676394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813293/; classtype:trojan-activity;sid:83676393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.137.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813292/; classtype:trojan-activity;sid:83676392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.137.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813291/; classtype:trojan-activity;sid:83676391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.152.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813290/; classtype:trojan-activity;sid:83676390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.113.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813289/; classtype:trojan-activity;sid:83676389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.81.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813288/; classtype:trojan-activity;sid:83676388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/fqsbw/build.exe"; depth:20; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813287/; classtype:trojan-activity;sid:83676387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.153.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813286/; classtype:trojan-activity;sid:83676386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.203.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813285/; classtype:trojan-activity;sid:83676385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.137.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813284/; classtype:trojan-activity;sid:83676384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.106.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813283/; classtype:trojan-activity;sid:83676383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.252.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813282/; classtype:trojan-activity;sid:83676382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.axis"; depth:13; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813272/; classtype:trojan-activity;sid:83676372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.axis"; depth:12; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813273/; classtype:trojan-activity;sid:83676373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.axis"; depth:12; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813274/; classtype:trojan-activity;sid:83676374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.axis"; depth:12; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813275/; classtype:trojan-activity;sid:83676375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.axis"; depth:13; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813276/; classtype:trojan-activity;sid:83676376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.axis"; depth:12; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813277/; classtype:trojan-activity;sid:83676377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.axis"; depth:13; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813278/; classtype:trojan-activity;sid:83676378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.axis"; depth:13; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813279/; classtype:trojan-activity;sid:83676379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.axis"; depth:13; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813280/; classtype:trojan-activity;sid:83676380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.axis"; depth:13; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813281/; classtype:trojan-activity;sid:83676381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.153.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813271/; classtype:trojan-activity;sid:83676371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.axis"; depth:13; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813270/; classtype:trojan-activity;sid:83676370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.axis"; depth:13; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813266/; classtype:trojan-activity;sid:83676366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813267/; classtype:trojan-activity;sid:83676367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813268/; classtype:trojan-activity;sid:83676368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.sh"; depth:8; endswith; nocase; http.host; content:"37.140.247.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813269/; classtype:trojan-activity;sid:83676369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.137.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813265/; classtype:trojan-activity;sid:83676365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.smips"; depth:9; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813264/; classtype:trojan-activity;sid:83676364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.150.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813263/; classtype:trojan-activity;sid:83676363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sm68k"; depth:9; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813258/; classtype:trojan-activity;sid:83676358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sspc"; depth:8; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813259/; classtype:trojan-activity;sid:83676359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sarm6"; depth:9; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813260/; classtype:trojan-activity;sid:83676360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sarm5"; depth:9; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813261/; classtype:trojan-activity;sid:83676361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.debug.dbg"; depth:13; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813262/; classtype:trojan-activity;sid:83676362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sssh4"; depth:9; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813257/; classtype:trojan-activity;sid:83676357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.223.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813256/; classtype:trojan-activity;sid:83676356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.124.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813255/; classtype:trojan-activity;sid:83676355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.113.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813254/; classtype:trojan-activity;sid:83676354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.81.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813253/; classtype:trojan-activity;sid:83676353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.49.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813252/; classtype:trojan-activity;sid:83676352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.224.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813251/; classtype:trojan-activity;sid:83676351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.200.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813250/; classtype:trojan-activity;sid:83676350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.133.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813249/; classtype:trojan-activity;sid:83676349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.55.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813247/; classtype:trojan-activity;sid:83676347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.54.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813248/; classtype:trojan-activity;sid:83676348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.76.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813246/; classtype:trojan-activity;sid:83676346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.198.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813245/; classtype:trojan-activity;sid:83676345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813240/; classtype:trojan-activity;sid:83676340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813241/; classtype:trojan-activity;sid:83676341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813242/; classtype:trojan-activity;sid:83676342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813243/; classtype:trojan-activity;sid:83676343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813244/; classtype:trojan-activity;sid:83676344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813239/; classtype:trojan-activity;sid:83676339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.153.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813238/; classtype:trojan-activity;sid:83676338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smips"; depth:7; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813236/; classtype:trojan-activity;sid:83676336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86"; depth:6; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813237/; classtype:trojan-activity;sid:83676337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm6"; depth:7; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813229/; classtype:trojan-activity;sid:83676329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sppc"; depth:6; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813230/; classtype:trojan-activity;sid:83676330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813231/; classtype:trojan-activity;sid:83676331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86_64"; depth:9; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813232/; classtype:trojan-activity;sid:83676332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sm68k"; depth:7; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813233/; classtype:trojan-activity;sid:83676333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm5"; depth:7; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813234/; classtype:trojan-activity;sid:83676334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813235/; classtype:trojan-activity;sid:83676335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smpsl"; depth:7; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813227/; classtype:trojan-activity;sid:83676327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sspc"; depth:6; endswith; nocase; http.host; content:"45.128.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813228/; classtype:trojan-activity;sid:83676328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813225/; classtype:trojan-activity;sid:83676325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813226/; classtype:trojan-activity;sid:83676326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nut"; depth:4; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813224/; classtype:trojan-activity;sid:83676324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813214/; classtype:trojan-activity;sid:83676314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813215/; classtype:trojan-activity;sid:83676315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813216/; classtype:trojan-activity;sid:83676316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813217/; classtype:trojan-activity;sid:83676317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813218/; classtype:trojan-activity;sid:83676318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813219/; classtype:trojan-activity;sid:83676319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813220/; classtype:trojan-activity;sid:83676320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813221/; classtype:trojan-activity;sid:83676321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813222/; classtype:trojan-activity;sid:83676322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813223/; classtype:trojan-activity;sid:83676323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"64.227.166.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813213/; classtype:trojan-activity;sid:83676313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.74.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813212/; classtype:trojan-activity;sid:83676312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.247.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813209/; classtype:trojan-activity;sid:83676309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.223.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813210/; classtype:trojan-activity;sid:83676310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.16.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813211/; classtype:trojan-activity;sid:83676311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.124.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813208/; classtype:trojan-activity;sid:83676308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813207/; classtype:trojan-activity;sid:83676307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.139.104.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813204/; classtype:trojan-activity;sid:83676304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.139.104.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813205/; classtype:trojan-activity;sid:83676305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.139.104.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813206/; classtype:trojan-activity;sid:83676306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.149.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813203/; classtype:trojan-activity;sid:83676303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.55.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813202/; classtype:trojan-activity;sid:83676302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.49.203.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813201/; classtype:trojan-activity;sid:83676301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.83.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813200/; classtype:trojan-activity;sid:83676300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.149.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813199/; classtype:trojan-activity;sid:83676299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.248.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813198/; classtype:trojan-activity;sid:83676298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.165.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813197/; classtype:trojan-activity;sid:83676297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.180.80.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813196/; classtype:trojan-activity;sid:83676296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.41.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813195/; classtype:trojan-activity;sid:83676295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.167.253.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813194/; classtype:trojan-activity;sid:83676294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.161.31.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813193/; classtype:trojan-activity;sid:83676293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.238"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813192/; classtype:trojan-activity;sid:83676292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.160.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813191/; classtype:trojan-activity;sid:83676291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.58.181.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813190/; classtype:trojan-activity;sid:83676290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.74.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813189/; classtype:trojan-activity;sid:83676289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.12.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813188/; classtype:trojan-activity;sid:83676288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.180.80.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813187/; classtype:trojan-activity;sid:83676287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.177.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813186/; classtype:trojan-activity;sid:83676286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"220.113.237.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813185/; classtype:trojan-activity;sid:83676285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.167.253.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813184/; classtype:trojan-activity;sid:83676284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.26.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813183/; classtype:trojan-activity;sid:83676283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.151.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813182/; classtype:trojan-activity;sid:83676282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.12.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813181/; classtype:trojan-activity;sid:83676281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.121.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813180/; classtype:trojan-activity;sid:83676280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.32.200.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813179/; classtype:trojan-activity;sid:83676279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.78.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813178/; classtype:trojan-activity;sid:83676278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.252.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813177/; classtype:trojan-activity;sid:83676277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.65.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813176/; classtype:trojan-activity;sid:83676276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.74.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813175/; classtype:trojan-activity;sid:83676275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.177.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813174/; classtype:trojan-activity;sid:83676274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.104.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813173/; classtype:trojan-activity;sid:83676273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.250.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813172/; classtype:trojan-activity;sid:83676272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.239.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813171/; classtype:trojan-activity;sid:83676271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.179.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813170/; classtype:trojan-activity;sid:83676270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.146.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813169/; classtype:trojan-activity;sid:83676269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.2.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813168/; classtype:trojan-activity;sid:83676268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.151.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813167/; classtype:trojan-activity;sid:83676267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.89.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813166/; classtype:trojan-activity;sid:83676266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.25.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813165/; classtype:trojan-activity;sid:83676265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.32.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813164/; classtype:trojan-activity;sid:83676264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.224.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813163/; classtype:trojan-activity;sid:83676263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.97.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813162/; classtype:trojan-activity;sid:83676262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.25.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813161/; classtype:trojan-activity;sid:83676261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.165.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813160/; classtype:trojan-activity;sid:83676260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.50.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813159/; classtype:trojan-activity;sid:83676259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ujk.caching.oysterfloats.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813157/; classtype:trojan-activity;sid:83676257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"62.72.185.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813158/; classtype:trojan-activity;sid:83676258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.225.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813156/; classtype:trojan-activity;sid:83676256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.22.238.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813155/; classtype:trojan-activity;sid:83676255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.239.103.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813154/; classtype:trojan-activity;sid:83676254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.167.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813153/; classtype:trojan-activity;sid:83676253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.174.99.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813152/; classtype:trojan-activity;sid:83676252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.247.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.153.22.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813148/; classtype:trojan-activity;sid:83676248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.255.28.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813149/; classtype:trojan-activity;sid:83676249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.28.123.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.36.229.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813138/; classtype:trojan-activity;sid:83676238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.195.134.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813139/; classtype:trojan-activity;sid:83676239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.218.249.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813140/; classtype:trojan-activity;sid:83676240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.15.81.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813141/; classtype:trojan-activity;sid:83676241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"73.157.192.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813142/; classtype:trojan-activity;sid:83676242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.30.85.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.16.45.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813144/; classtype:trojan-activity;sid:83676244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.227.116.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813145/; classtype:trojan-activity;sid:83676245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.210.217.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813146/; classtype:trojan-activity;sid:83676246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.253.154.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813147/; classtype:trojan-activity;sid:83676247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.58.145.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813136/; classtype:trojan-activity;sid:83676236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.89.245.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.182.141.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813135/; classtype:trojan-activity;sid:83676235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.144.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.43.59.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813134/; classtype:trojan-activity;sid:83676234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.100.50.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813128/; classtype:trojan-activity;sid:83676228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.198.242.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.157.219.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813130/; classtype:trojan-activity;sid:83676230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.231.164.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813131/; classtype:trojan-activity;sid:83676231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.249.140.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.172.144.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813120/; classtype:trojan-activity;sid:83676220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.130.187.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813121/; classtype:trojan-activity;sid:83676221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.81.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813122/; classtype:trojan-activity;sid:83676222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.115.150.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813123/; classtype:trojan-activity;sid:83676223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.163.132.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813124/; classtype:trojan-activity;sid:83676224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.216.100.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813125/; classtype:trojan-activity;sid:83676225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.91.182.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813126/; classtype:trojan-activity;sid:83676226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.44.24.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813127/; classtype:trojan-activity;sid:83676227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"75.88.251.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813117/; classtype:trojan-activity;sid:83676217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.188.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813118/; classtype:trojan-activity;sid:83676218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.122.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813119/; classtype:trojan-activity;sid:83676219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.152.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813116/; classtype:trojan-activity;sid:83676216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.162.59.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813115/; classtype:trojan-activity;sid:83676215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"23.236.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813109/; classtype:trojan-activity;sid:83676209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.219.187.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813110/; classtype:trojan-activity;sid:83676210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.29.14.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.101.130.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813112/; classtype:trojan-activity;sid:83676212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.54.249.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813113/; classtype:trojan-activity;sid:83676213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.180.21.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813114/; classtype:trojan-activity;sid:83676214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.154.2.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813104/; classtype:trojan-activity;sid:83676204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.152.168.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813105/; classtype:trojan-activity;sid:83676205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.100.5.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813106/; classtype:trojan-activity;sid:83676206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.151.56.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.165.209.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.118.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813089/; classtype:trojan-activity;sid:83676189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.4.117.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813090/; classtype:trojan-activity;sid:83676190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.120.179.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813091/; classtype:trojan-activity;sid:83676191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.255.67.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813092/; classtype:trojan-activity;sid:83676192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.30.234.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813093/; classtype:trojan-activity;sid:83676193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.153.126.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813094/; classtype:trojan-activity;sid:83676194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.224.5.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813095/; classtype:trojan-activity;sid:83676195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.203.92.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813096/; classtype:trojan-activity;sid:83676196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.95.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813097/; classtype:trojan-activity;sid:83676197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.141.135.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.16.195.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813099/; classtype:trojan-activity;sid:83676199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813101/; classtype:trojan-activity;sid:83676201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"141.136.92.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813102/; classtype:trojan-activity;sid:83676202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.142.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813103/; classtype:trojan-activity;sid:83676203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.210.18.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813082/; classtype:trojan-activity;sid:83676182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.230.159.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813083/; classtype:trojan-activity;sid:83676183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.29.249.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.211.44.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813085/; classtype:trojan-activity;sid:83676185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.80.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813086/; classtype:trojan-activity;sid:83676186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.37.144.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813087/; classtype:trojan-activity;sid:83676187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.102.92.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813088/; classtype:trojan-activity;sid:83676188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.50.185.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813079/; classtype:trojan-activity;sid:83676179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.60.215.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813080/; classtype:trojan-activity;sid:83676180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.39.242.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.238.228.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813077/; classtype:trojan-activity;sid:83676177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.163.57.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.31.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813075/; classtype:trojan-activity;sid:83676175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.203.151.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813076/; classtype:trojan-activity;sid:83676176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.238.132.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813074/; classtype:trojan-activity;sid:83676174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.180.54.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813065/; classtype:trojan-activity;sid:83676165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.53.91.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813066/; classtype:trojan-activity;sid:83676166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.111.213.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813067/; classtype:trojan-activity;sid:83676167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.22.136.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813068/; classtype:trojan-activity;sid:83676168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.204.154.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813069/; classtype:trojan-activity;sid:83676169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.249.52.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.156.19.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813071/; classtype:trojan-activity;sid:83676171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.187.151.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.15.62.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813073/; classtype:trojan-activity;sid:83676173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.221.136.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813055/; classtype:trojan-activity;sid:83676155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.142.73.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813056/; classtype:trojan-activity;sid:83676156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.228.64.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"129.122.98.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813058/; classtype:trojan-activity;sid:83676158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"96.77.209.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813059/; classtype:trojan-activity;sid:83676159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.77.74.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.254.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813061/; classtype:trojan-activity;sid:83676161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"76.10.159.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813062/; classtype:trojan-activity;sid:83676162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.153.148.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813063/; classtype:trojan-activity;sid:83676163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.189.125.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813064/; classtype:trojan-activity;sid:83676164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.141.29.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813043/; classtype:trojan-activity;sid:83676143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.102.18.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813044/; classtype:trojan-activity;sid:83676144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.128.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813045/; classtype:trojan-activity;sid:83676145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.171.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813046/; classtype:trojan-activity;sid:83676146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.120.179.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813047/; classtype:trojan-activity;sid:83676147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.108.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.172.142.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813050/; classtype:trojan-activity;sid:83676150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"144.48.169.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813051/; classtype:trojan-activity;sid:83676151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.244.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.42.122.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813053/; classtype:trojan-activity;sid:83676153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.160.70.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813054/; classtype:trojan-activity;sid:83676154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.140.229.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813036/; classtype:trojan-activity;sid:83676136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.230.153.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.250.206.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813038/; classtype:trojan-activity;sid:83676138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.68.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.70.204.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813040/; classtype:trojan-activity;sid:83676140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.21.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813041/; classtype:trojan-activity;sid:83676141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.108.154.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813042/; classtype:trojan-activity;sid:83676142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.216.125.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813032/; classtype:trojan-activity;sid:83676132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.188.144.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813033/; classtype:trojan-activity;sid:83676133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.232.112.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813034/; classtype:trojan-activity;sid:83676134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.170.118.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813035/; classtype:trojan-activity;sid:83676135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.72.77.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813027/; classtype:trojan-activity;sid:83676127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.19.251.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813028/; classtype:trojan-activity;sid:83676128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.29.137.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813029/; classtype:trojan-activity;sid:83676129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.54.15.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813030/; classtype:trojan-activity;sid:83676130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.171.120.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813031/; classtype:trojan-activity;sid:83676131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.54.171.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813025/; classtype:trojan-activity;sid:83676125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"141.101.226.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813026/; classtype:trojan-activity;sid:83676126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.85.152.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813023/; classtype:trojan-activity;sid:83676123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.169.235.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813024/; classtype:trojan-activity;sid:83676124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.86.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813022/; classtype:trojan-activity;sid:83676122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.132.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813021/; classtype:trojan-activity;sid:83676121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.146.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813020/; classtype:trojan-activity;sid:83676120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.60.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813019/; classtype:trojan-activity;sid:83676119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.178.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813018/; classtype:trojan-activity;sid:83676118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813012/; classtype:trojan-activity;sid:83676112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813013/; classtype:trojan-activity;sid:83676113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813014/; classtype:trojan-activity;sid:83676114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813015/; classtype:trojan-activity;sid:83676115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813016/; classtype:trojan-activity;sid:83676116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813017/; classtype:trojan-activity;sid:83676117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.2.171.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813011/; classtype:trojan-activity;sid:83676111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813010/; classtype:trojan-activity;sid:83676110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.227.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813009/; classtype:trojan-activity;sid:83676109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.178.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813008/; classtype:trojan-activity;sid:83676108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.132.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813007/; classtype:trojan-activity;sid:83676107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.152.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813006/; classtype:trojan-activity;sid:83676106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.60.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813005/; classtype:trojan-activity;sid:83676105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.240.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813004/; classtype:trojan-activity;sid:83676104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.227.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813003/; classtype:trojan-activity;sid:83676103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.84.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813002/; classtype:trojan-activity;sid:83676102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.174.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813001/; classtype:trojan-activity;sid:83676101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.179.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813000/; classtype:trojan-activity;sid:83676100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.60.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812999/; classtype:trojan-activity;sid:83676099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.153.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812997/; classtype:trojan-activity;sid:83676097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.170.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812998/; classtype:trojan-activity;sid:83676098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.227.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812996/; classtype:trojan-activity;sid:83676096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812995/; classtype:trojan-activity;sid:83676095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.217.39.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812994/; classtype:trojan-activity;sid:83676094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.84.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812993/; classtype:trojan-activity;sid:83676093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.0.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812992/; classtype:trojan-activity;sid:83676092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812991/; classtype:trojan-activity;sid:83676091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.5.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812989/; classtype:trojan-activity;sid:83676089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.133.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812990/; classtype:trojan-activity;sid:83676090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.240.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812988/; classtype:trojan-activity;sid:83676088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812987/; classtype:trojan-activity;sid:83676087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.209.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812986/; classtype:trojan-activity;sid:83676086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.40.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812984/; classtype:trojan-activity;sid:83676084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.224.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812985/; classtype:trojan-activity;sid:83676085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.0.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812983/; classtype:trojan-activity;sid:83676083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.128.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812982/; classtype:trojan-activity;sid:83676082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812981/; classtype:trojan-activity;sid:83676081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812980/; classtype:trojan-activity;sid:83676080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.227.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812979/; classtype:trojan-activity;sid:83676079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.38.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812978/; classtype:trojan-activity;sid:83676078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.202.88.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812977/; classtype:trojan-activity;sid:83676077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.23.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812976/; classtype:trojan-activity;sid:83676076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.5.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812975/; classtype:trojan-activity;sid:83676075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812973/; classtype:trojan-activity;sid:83676073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.79.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812974/; classtype:trojan-activity;sid:83676074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.1.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812972/; classtype:trojan-activity;sid:83676072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.101.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812971/; classtype:trojan-activity;sid:83676071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.209.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812970/; classtype:trojan-activity;sid:83676070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.201.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812969/; classtype:trojan-activity;sid:83676069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812968/; classtype:trojan-activity;sid:83676068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.153.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812967/; classtype:trojan-activity;sid:83676067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.183.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812966/; classtype:trojan-activity;sid:83676066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.127.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812965/; classtype:trojan-activity;sid:83676065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.254.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812964/; classtype:trojan-activity;sid:83676064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.23.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812963/; classtype:trojan-activity;sid:83676063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.83.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812962/; classtype:trojan-activity;sid:83676062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.191.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812961/; classtype:trojan-activity;sid:83676061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.snoopy"; depth:15; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812954/; classtype:trojan-activity;sid:83676054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.snoopy"; depth:14; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812955/; classtype:trojan-activity;sid:83676055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.snoopy"; depth:15; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812956/; classtype:trojan-activity;sid:83676056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.snoopy"; depth:15; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812957/; classtype:trojan-activity;sid:83676057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812958/; classtype:trojan-activity;sid:83676058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812959/; classtype:trojan-activity;sid:83676059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812960/; classtype:trojan-activity;sid:83676060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.snoopy"; depth:15; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812949/; classtype:trojan-activity;sid:83676049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812950/; classtype:trojan-activity;sid:83676050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.snoopy"; depth:14; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812951/; classtype:trojan-activity;sid:83676051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.snoopy"; depth:14; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812952/; classtype:trojan-activity;sid:83676052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.snoopy"; depth:15; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812953/; classtype:trojan-activity;sid:83676053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.101.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812945/; classtype:trojan-activity;sid:83676045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812946/; classtype:trojan-activity;sid:83676046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812947/; classtype:trojan-activity;sid:83676047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.snoopy"; depth:15; endswith; nocase; http.host; content:"89.190.156.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812948/; classtype:trojan-activity;sid:83676048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812943/; classtype:trojan-activity;sid:83676043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812944/; classtype:trojan-activity;sid:83676044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812942/; classtype:trojan-activity;sid:83676042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812940/; classtype:trojan-activity;sid:83676040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812941/; classtype:trojan-activity;sid:83676041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.1.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812939/; classtype:trojan-activity;sid:83676039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.191.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812938/; classtype:trojan-activity;sid:83676038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.13.4.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812937/; classtype:trojan-activity;sid:83676037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.38.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812936/; classtype:trojan-activity;sid:83676036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.57.170.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812935/; classtype:trojan-activity;sid:83676035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.32.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812934/; classtype:trojan-activity;sid:83676034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.183.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812933/; classtype:trojan-activity;sid:83676033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.154.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812932/; classtype:trojan-activity;sid:83676032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"93.123.85.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812931/; classtype:trojan-activity;sid:83676031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"cnc.buthost.pl"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812930/; classtype:trojan-activity;sid:83676030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812929/; classtype:trojan-activity;sid:83676029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.59.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812928/; classtype:trojan-activity;sid:83676028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.168.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812927/; classtype:trojan-activity;sid:83676027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812926/; classtype:trojan-activity;sid:83676026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812925/; classtype:trojan-activity;sid:83676025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.197.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812924/; classtype:trojan-activity;sid:83676024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.62.61.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812923/; classtype:trojan-activity;sid:83676023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.170.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812922/; classtype:trojan-activity;sid:83676022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.240.169.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812921/; classtype:trojan-activity;sid:83676021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.33.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812919/; classtype:trojan-activity;sid:83676019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.112.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812920/; classtype:trojan-activity;sid:83676020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.144.150.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812918/; classtype:trojan-activity;sid:83676018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.44.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812917/; classtype:trojan-activity;sid:83676017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.154.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812916/; classtype:trojan-activity;sid:83676016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.32.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812915/; classtype:trojan-activity;sid:83676015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812914/; classtype:trojan-activity;sid:83676014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.112.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812913/; classtype:trojan-activity;sid:83676013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.208.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812912/; classtype:trojan-activity;sid:83676012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.13.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812911/; classtype:trojan-activity;sid:83676011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.145.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812910/; classtype:trojan-activity;sid:83676010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.87.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812908/; classtype:trojan-activity;sid:83676008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812909/; classtype:trojan-activity;sid:83676009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension_installer.exe"; depth:24; endswith; nocase; http.host; content:"upd4t300top.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812907/; classtype:trojan-activity;sid:83676007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.154.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812906/; classtype:trojan-activity;sid:83676006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.49.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812905/; classtype:trojan-activity;sid:83676005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812904/; classtype:trojan-activity;sid:83676004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.197.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812903/; classtype:trojan-activity;sid:83676003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.85.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812902/; classtype:trojan-activity;sid:83676002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.236.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812901/; classtype:trojan-activity;sid:83676001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.112.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812900/; classtype:trojan-activity;sid:83676000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.exe"; depth:10; endswith; nocase; http.host; content:"109.107.181.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812899/; classtype:trojan-activity;sid:83675999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secretteachingsofallages.pdf.url"; depth:33; endswith; nocase; http.host; content:"109.107.181.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812897/; classtype:trojan-activity;sid:83675997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roland.txt"; depth:11; endswith; nocase; http.host; content:"grupointuitivo.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812898/; classtype:trojan-activity;sid:83675998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secretteachings.pdf.lnk"; depth:24; endswith; nocase; http.host; content:"109.107.181.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812896/; classtype:trojan-activity;sid:83675996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secret"; depth:7; endswith; nocase; http.host; content:"109.107.181.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812895/; classtype:trojan-activity;sid:83675995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.93.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812893/; classtype:trojan-activity;sid:83675993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.63.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812892/; classtype:trojan-activity;sid:83675992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.125.20.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812891/; classtype:trojan-activity;sid:83675991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812890/; classtype:trojan-activity;sid:83675990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.208.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812889/; classtype:trojan-activity;sid:83675989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.127.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812888/; classtype:trojan-activity;sid:83675988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.67.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812887/; classtype:trojan-activity;sid:83675987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.13.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812886/; classtype:trojan-activity;sid:83675986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.127.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812885/; classtype:trojan-activity;sid:83675985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.21.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812884/; classtype:trojan-activity;sid:83675984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.151.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812883/; classtype:trojan-activity;sid:83675983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.74.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812880/; classtype:trojan-activity;sid:83675980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.29.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812881/; classtype:trojan-activity;sid:83675981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.212.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812882/; classtype:trojan-activity;sid:83675982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.176.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812879/; classtype:trojan-activity;sid:83675979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.154.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812878/; classtype:trojan-activity;sid:83675978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812877/; classtype:trojan-activity;sid:83675977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.29.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812876/; classtype:trojan-activity;sid:83675976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.98.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812874/; classtype:trojan-activity;sid:83675974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.145.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812875/; classtype:trojan-activity;sid:83675975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v/mainfile.exe"; depth:15; endswith; nocase; http.host; content:"atdavidcross.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812873/; classtype:trojan-activity;sid:83675973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.10.3.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812872/; classtype:trojan-activity;sid:83675972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812871/; classtype:trojan-activity;sid:83675971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.228.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812869/; classtype:trojan-activity;sid:83675969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812870/; classtype:trojan-activity;sid:83675970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.122.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812868/; classtype:trojan-activity;sid:83675968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.254.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812867/; classtype:trojan-activity;sid:83675967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668594285|3f|hash=3dn94hsdxax4uhozjouqgdyzertfg4dopscmipny3hd|7c|26|7c|dl=zjzjp1wtmzbtgie0dwys5int9ezhyausgmgya3qvbtp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812866/; classtype:trojan-activity;sid:83675966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.98.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812865/; classtype:trojan-activity;sid:83675965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.145.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812864/; classtype:trojan-activity;sid:83675964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.184.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812863/; classtype:trojan-activity;sid:83675963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.154.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812862/; classtype:trojan-activity;sid:83675962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.153.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812861/; classtype:trojan-activity;sid:83675961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"a0945576.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812860/; classtype:trojan-activity;sid:83675960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feswad.exe"; depth:11; endswith; nocase; http.host; content:"185.154.13.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812859/; classtype:trojan-activity;sid:83675959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.8.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812858/; classtype:trojan-activity;sid:83675958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.228.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812857/; classtype:trojan-activity;sid:83675957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.80.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812856/; classtype:trojan-activity;sid:83675956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.72.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812855/; classtype:trojan-activity;sid:83675955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.38.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812854/; classtype:trojan-activity;sid:83675954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.79.111"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812853/; classtype:trojan-activity;sid:83675953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.21.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812852/; classtype:trojan-activity;sid:83675952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812851/; classtype:trojan-activity;sid:83675951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.71.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812850/; classtype:trojan-activity;sid:83675950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl.php"; depth:7; endswith; nocase; http.host; content:"185.172.128.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812849/; classtype:trojan-activity;sid:83675949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.27.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812848/; classtype:trojan-activity;sid:83675948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.122.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812847/; classtype:trojan-activity;sid:83675947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.111.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812846/; classtype:trojan-activity;sid:83675946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.66.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812845/; classtype:trojan-activity;sid:83675945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.154.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812842/; classtype:trojan-activity;sid:83675942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.42.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812843/; classtype:trojan-activity;sid:83675943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.45.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812844/; classtype:trojan-activity;sid:83675944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.64.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812841/; classtype:trojan-activity;sid:83675941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.244.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812840/; classtype:trojan-activity;sid:83675940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.8.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812839/; classtype:trojan-activity;sid:83675939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.86.71.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812838/; classtype:trojan-activity;sid:83675938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.244.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812837/; classtype:trojan-activity;sid:83675937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812836/; classtype:trojan-activity;sid:83675936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.220.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812835/; classtype:trojan-activity;sid:83675935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.126.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812834/; classtype:trojan-activity;sid:83675934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.244.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812833/; classtype:trojan-activity;sid:83675933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.154.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812832/; classtype:trojan-activity;sid:83675932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.204.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812831/; classtype:trojan-activity;sid:83675931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.253.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812830/; classtype:trojan-activity;sid:83675930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.112.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812828/; classtype:trojan-activity;sid:83675928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.250.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812829/; classtype:trojan-activity;sid:83675929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.60.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812827/; classtype:trojan-activity;sid:83675927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.8.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812826/; classtype:trojan-activity;sid:83675926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812825/; classtype:trojan-activity;sid:83675925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/go.exe"; depth:7; endswith; nocase; http.host; content:"a0945576.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812824/; classtype:trojan-activity;sid:83675924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.97.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812822/; classtype:trojan-activity;sid:83675922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.147.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812823/; classtype:trojan-activity;sid:83675923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.16.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812821/; classtype:trojan-activity;sid:83675921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.21.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812820/; classtype:trojan-activity;sid:83675920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.212.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812819/; classtype:trojan-activity;sid:83675919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.74.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812818/; classtype:trojan-activity;sid:83675918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.220.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812817/; classtype:trojan-activity;sid:83675917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.113.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812816/; classtype:trojan-activity;sid:83675916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.12.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812815/; classtype:trojan-activity;sid:83675915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.70.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812814/; classtype:trojan-activity;sid:83675914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.126.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812813/; classtype:trojan-activity;sid:83675913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812812/; classtype:trojan-activity;sid:83675912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.93.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812811/; classtype:trojan-activity;sid:83675911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.238.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812810/; classtype:trojan-activity;sid:83675910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.181.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812809/; classtype:trojan-activity;sid:83675909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.153.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812808/; classtype:trojan-activity;sid:83675908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812806/; classtype:trojan-activity;sid:83675906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.16.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812807/; classtype:trojan-activity;sid:83675907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.70.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812805/; classtype:trojan-activity;sid:83675905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.185.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812804/; classtype:trojan-activity;sid:83675904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.100.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812803/; classtype:trojan-activity;sid:83675903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.75.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812802/; classtype:trojan-activity;sid:83675902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.97.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812801/; classtype:trojan-activity;sid:83675901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.16.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812800/; classtype:trojan-activity;sid:83675900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.12.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812799/; classtype:trojan-activity;sid:83675899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.153.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812798/; classtype:trojan-activity;sid:83675898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.144.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812797/; classtype:trojan-activity;sid:83675897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.81.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812796/; classtype:trojan-activity;sid:83675896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.8.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812795/; classtype:trojan-activity;sid:83675895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.35.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812794/; classtype:trojan-activity;sid:83675894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.129.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812793/; classtype:trojan-activity;sid:83675893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.222.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812792/; classtype:trojan-activity;sid:83675892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812791/; classtype:trojan-activity;sid:83675891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.144.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812790/; classtype:trojan-activity;sid:83675890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.144.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812789/; classtype:trojan-activity;sid:83675889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.95.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812788/; classtype:trojan-activity;sid:83675888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.100.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812787/; classtype:trojan-activity;sid:83675887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.238.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812786/; classtype:trojan-activity;sid:83675886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.101.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812785/; classtype:trojan-activity;sid:83675885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.248.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812784/; classtype:trojan-activity;sid:83675884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.16.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812783/; classtype:trojan-activity;sid:83675883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.129.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812782/; classtype:trojan-activity;sid:83675882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.112.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812781/; classtype:trojan-activity;sid:83675881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.92.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812780/; classtype:trojan-activity;sid:83675880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.81.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812779/; classtype:trojan-activity;sid:83675879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.144.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812778/; classtype:trojan-activity;sid:83675878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812777/; classtype:trojan-activity;sid:83675877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.129.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812776/; classtype:trojan-activity;sid:83675876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.238.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812775/; classtype:trojan-activity;sid:83675875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.74.43.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812774/; classtype:trojan-activity;sid:83675874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.180.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812773/; classtype:trojan-activity;sid:83675873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.15.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812772/; classtype:trojan-activity;sid:83675872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.167.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812771/; classtype:trojan-activity;sid:83675871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64|3f|ddos"; depth:15; endswith; nocase; http.host; content:"94.156.8.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812769/; classtype:trojan-activity;sid:83675869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812770/; classtype:trojan-activity;sid:83675870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.102.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812768/; classtype:trojan-activity;sid:83675868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.210.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812767/; classtype:trojan-activity;sid:83675867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.124.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812765/; classtype:trojan-activity;sid:83675865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.78.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812766/; classtype:trojan-activity;sid:83675866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.93.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812764/; classtype:trojan-activity;sid:83675864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.189.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812762/; classtype:trojan-activity;sid:83675862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.167.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812763/; classtype:trojan-activity;sid:83675863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.184.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812761/; classtype:trojan-activity;sid:83675861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812760/; classtype:trojan-activity;sid:83675860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snusikod/fac/raw/main/pgifswa.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812759/; classtype:trojan-activity;sid:83675859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.108.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812758/; classtype:trojan-activity;sid:83675858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.71.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812757/; classtype:trojan-activity;sid:83675857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.50.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812756/; classtype:trojan-activity;sid:83675856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812755/; classtype:trojan-activity;sid:83675855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812754/; classtype:trojan-activity;sid:83675854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.35.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812753/; classtype:trojan-activity;sid:83675853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812752/; classtype:trojan-activity;sid:83675852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.101.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812750/; classtype:trojan-activity;sid:83675850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.21.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812751/; classtype:trojan-activity;sid:83675851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.12.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812748/; classtype:trojan-activity;sid:83675848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.84.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812749/; classtype:trojan-activity;sid:83675849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.102.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812747/; classtype:trojan-activity;sid:83675847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.176.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812746/; classtype:trojan-activity;sid:83675846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.5.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812745/; classtype:trojan-activity;sid:83675845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.228.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812743/; classtype:trojan-activity;sid:83675843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.212.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812744/; classtype:trojan-activity;sid:83675844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.15.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812742/; classtype:trojan-activity;sid:83675842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.74.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812741/; classtype:trojan-activity;sid:83675841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.84.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812740/; classtype:trojan-activity;sid:83675840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.200.66.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812739/; classtype:trojan-activity;sid:83675839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.171.253.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812738/; classtype:trojan-activity;sid:83675838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.152.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812737/; classtype:trojan-activity;sid:83675837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.71.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812736/; classtype:trojan-activity;sid:83675836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.80.75.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812735/; classtype:trojan-activity;sid:83675835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.51.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812734/; classtype:trojan-activity;sid:83675834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.93.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812733/; classtype:trojan-activity;sid:83675833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.206.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812732/; classtype:trojan-activity;sid:83675832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.3.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812731/; classtype:trojan-activity;sid:83675831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.180.153.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812730/; classtype:trojan-activity;sid:83675830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.5.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812728/; classtype:trojan-activity;sid:83675828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.228.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812729/; classtype:trojan-activity;sid:83675829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812726/; classtype:trojan-activity;sid:83675826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86|3f|ddos"; depth:12; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812727/; classtype:trojan-activity;sid:83675827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.188.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812725/; classtype:trojan-activity;sid:83675825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.80.75.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812724/; classtype:trojan-activity;sid:83675824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.57.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812723/; classtype:trojan-activity;sid:83675823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.3.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812722/; classtype:trojan-activity;sid:83675822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812721/; classtype:trojan-activity;sid:83675821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.120.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812720/; classtype:trojan-activity;sid:83675820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.242.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812719/; classtype:trojan-activity;sid:83675819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.63.107.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812718/; classtype:trojan-activity;sid:83675818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.11.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812717/; classtype:trojan-activity;sid:83675817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.128.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812715/; classtype:trojan-activity;sid:83675815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.255.20.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812716/; classtype:trojan-activity;sid:83675816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.184.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812714/; classtype:trojan-activity;sid:83675814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.206.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812713/; classtype:trojan-activity;sid:83675813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.mpsl"; depth:13; endswith; nocase; http.host; content:"193.233.132.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812712/; classtype:trojan-activity;sid:83675812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812707/; classtype:trojan-activity;sid:83675807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812708/; classtype:trojan-activity;sid:83675808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812709/; classtype:trojan-activity;sid:83675809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812710/; classtype:trojan-activity;sid:83675810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812711/; classtype:trojan-activity;sid:83675811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812703/; classtype:trojan-activity;sid:83675803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812704/; classtype:trojan-activity;sid:83675804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812705/; classtype:trojan-activity;sid:83675805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812706/; classtype:trojan-activity;sid:83675806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.203.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812702/; classtype:trojan-activity;sid:83675802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.130.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812701/; classtype:trojan-activity;sid:83675801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.37.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812700/; classtype:trojan-activity;sid:83675800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.13.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812699/; classtype:trojan-activity;sid:83675799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.200.66.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812698/; classtype:trojan-activity;sid:83675798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.222.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812697/; classtype:trojan-activity;sid:83675797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.111.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812695/; classtype:trojan-activity;sid:83675795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812696/; classtype:trojan-activity;sid:83675796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.184.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812694/; classtype:trojan-activity;sid:83675794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.242.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812693/; classtype:trojan-activity;sid:83675793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.237.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812692/; classtype:trojan-activity;sid:83675792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"45.77.32.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812690/; classtype:trojan-activity;sid:83675790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"45.77.32.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812691/; classtype:trojan-activity;sid:83675791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.206.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812689/; classtype:trojan-activity;sid:83675789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.248.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812688/; classtype:trojan-activity;sid:83675788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.52.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812687/; classtype:trojan-activity;sid:83675787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.113.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812686/; classtype:trojan-activity;sid:83675786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.198.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812685/; classtype:trojan-activity;sid:83675785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.144.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812684/; classtype:trojan-activity;sid:83675784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.66.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812683/; classtype:trojan-activity;sid:83675783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.252.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812682/; classtype:trojan-activity;sid:83675782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.78.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812681/; classtype:trojan-activity;sid:83675781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.200.66.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812680/; classtype:trojan-activity;sid:83675780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.110.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812679/; classtype:trojan-activity;sid:83675779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.37.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812678/; classtype:trojan-activity;sid:83675778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.248.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812677/; classtype:trojan-activity;sid:83675777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.242.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812676/; classtype:trojan-activity;sid:83675776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.arm"; depth:8; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812674/; classtype:trojan-activity;sid:83675774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbr.arm7"; depth:9; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812675/; classtype:trojan-activity;sid:83675775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.237.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812673/; classtype:trojan-activity;sid:83675773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.144.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812672/; classtype:trojan-activity;sid:83675772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812671/; classtype:trojan-activity;sid:83675771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.73.209.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812670/; classtype:trojan-activity;sid:83675770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.186.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812669/; classtype:trojan-activity;sid:83675769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.165.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812668/; classtype:trojan-activity;sid:83675768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svost.exe"; depth:10; endswith; nocase; http.host; content:"gostatts.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812667/; classtype:trojan-activity;sid:83675767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.8.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812666/; classtype:trojan-activity;sid:83675766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.78.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812665/; classtype:trojan-activity;sid:83675765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.168.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812664/; classtype:trojan-activity;sid:83675764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812663/; classtype:trojan-activity;sid:83675763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.110.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812662/; classtype:trojan-activity;sid:83675762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812661/; classtype:trojan-activity;sid:83675761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.69.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812660/; classtype:trojan-activity;sid:83675760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.71.236.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812659/; classtype:trojan-activity;sid:83675759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812658/; classtype:trojan-activity;sid:83675758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.218.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812657/; classtype:trojan-activity;sid:83675757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.11.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812656/; classtype:trojan-activity;sid:83675756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.188.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812655/; classtype:trojan-activity;sid:83675755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.218.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812654/; classtype:trojan-activity;sid:83675754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.92.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812653/; classtype:trojan-activity;sid:83675753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.146.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812652/; classtype:trojan-activity;sid:83675752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.128.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812651/; classtype:trojan-activity;sid:83675751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.168.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812650/; classtype:trojan-activity;sid:83675750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.67.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812649/; classtype:trojan-activity;sid:83675749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90/gamp.txt"; depth:12; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812648/; classtype:trojan-activity;sid:83675748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.10.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812646/; classtype:trojan-activity;sid:83675746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812647/; classtype:trojan-activity;sid:83675747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/dyxme"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812643/; classtype:trojan-activity;sid:83675743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90/gam/wekissedherheadwithlotoflovebecausesheisverybeautifulgirlieverseenveryqtgirl___itrulyloveherwtihlotofloer.doc"; depth:117; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812644/; classtype:trojan-activity;sid:83675744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90/imagepixelsamplepicture.jpeg"; depth:32; endswith; nocase; http.host; content:"192.3.95.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812645/; classtype:trojan-activity;sid:83675745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.8.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812642/; classtype:trojan-activity;sid:83675742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.38.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812641/; classtype:trojan-activity;sid:83675741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812640/; classtype:trojan-activity;sid:83675740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omtukiqhyaz36.bin"; depth:18; endswith; nocase; http.host; content:"212.162.149.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812639/; classtype:trojan-activity;sid:83675739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.11.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812638/; classtype:trojan-activity;sid:83675738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.11.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812637/; classtype:trojan-activity;sid:83675737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.176.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812636/; classtype:trojan-activity;sid:83675736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.92.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812635/; classtype:trojan-activity;sid:83675735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.148.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812633/; classtype:trojan-activity;sid:83675733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.79.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812634/; classtype:trojan-activity;sid:83675734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elseyor44/aimbot3/releases/download/new2/x326.exe"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812632/; classtype:trojan-activity;sid:83675732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812631/; classtype:trojan-activity;sid:83675731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.168.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812630/; classtype:trojan-activity;sid:83675730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.41.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812629/; classtype:trojan-activity;sid:83675729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.17.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812628/; classtype:trojan-activity;sid:83675728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.176.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812627/; classtype:trojan-activity;sid:83675727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.11.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812626/; classtype:trojan-activity;sid:83675726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.183.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812625/; classtype:trojan-activity;sid:83675725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.4.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812624/; classtype:trojan-activity;sid:83675724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.198.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812623/; classtype:trojan-activity;sid:83675723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.182.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812622/; classtype:trojan-activity;sid:83675722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.189.193.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812621/; classtype:trojan-activity;sid:83675721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.113.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812620/; classtype:trojan-activity;sid:83675720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.221.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812619/; classtype:trojan-activity;sid:83675719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.6.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812618/; classtype:trojan-activity;sid:83675718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.56.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812617/; classtype:trojan-activity;sid:83675717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.100.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812616/; classtype:trojan-activity;sid:83675716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.156.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812615/; classtype:trojan-activity;sid:83675715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.168.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812614/; classtype:trojan-activity;sid:83675714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.212.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812613/; classtype:trojan-activity;sid:83675713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.181.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812612/; classtype:trojan-activity;sid:83675712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812611/; classtype:trojan-activity;sid:83675711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.46.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812610/; classtype:trojan-activity;sid:83675710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.191.207.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812609/; classtype:trojan-activity;sid:83675709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.215.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812608/; classtype:trojan-activity;sid:83675708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.45.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812607/; classtype:trojan-activity;sid:83675707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.226.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812606/; classtype:trojan-activity;sid:83675706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.126.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812605/; classtype:trojan-activity;sid:83675705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.217.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812604/; classtype:trojan-activity;sid:83675704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812603/; classtype:trojan-activity;sid:83675703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812602/; classtype:trojan-activity;sid:83675702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.156.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812601/; classtype:trojan-activity;sid:83675701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.56.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812600/; classtype:trojan-activity;sid:83675700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.212.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812599/; classtype:trojan-activity;sid:83675699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.100.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812598/; classtype:trojan-activity;sid:83675698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.107.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812597/; classtype:trojan-activity;sid:83675697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.98.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812596/; classtype:trojan-activity;sid:83675696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.217.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812595/; classtype:trojan-activity;sid:83675695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yttxugp216.bin"; depth:15; endswith; nocase; http.host; content:"103.14.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812594/; classtype:trojan-activity;sid:83675694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.97.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812593/; classtype:trojan-activity;sid:83675693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.215.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812592/; classtype:trojan-activity;sid:83675692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.181.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812591/; classtype:trojan-activity;sid:83675691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/file300un.exe"; depth:20; endswith; nocase; http.host; content:"5.42.64.17"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812589/; classtype:trojan-activity;sid:83675689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/uni400uni.exe"; depth:20; endswith; nocase; http.host; content:"5.42.64.17"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812590/; classtype:trojan-activity;sid:83675690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rnwpd.exe"; depth:10; endswith; nocase; http.host; content:"yip.su"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812588/; classtype:trojan-activity;sid:83675688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/docuworks.exe"; depth:19; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812587/; classtype:trojan-activity;sid:83675687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newb.exe"; depth:9; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812585/; classtype:trojan-activity;sid:83675685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.128.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812586/; classtype:trojan-activity;sid:83675686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/jok.exe"; depth:13; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812583/; classtype:trojan-activity;sid:83675683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/gold.exe"; depth:14; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812584/; classtype:trojan-activity;sid:83675684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.164.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812582/; classtype:trojan-activity;sid:83675682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.74.22.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812581/; classtype:trojan-activity;sid:83675681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1226883052874109024/1229161670463455365/dhfuf.txt|3f|ex=662ead02|7c|26|7c|is=661c3802|7c|26|7c|hm=a0d7897941432a7baf5f8f95232faba93eb9e66b5f14245e9257ae4b553fb1f8|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812580/; classtype:trojan-activity;sid:83675680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feel/moneu.txt"; depth:15; endswith; nocase; http.host; content:"varmos.shop"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812578/; classtype:trojan-activity;sid:83675678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1z6artvwigcgoimhpnc49i0bfoiekch1g"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812579/; classtype:trojan-activity;sid:83675679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/3cwme"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812577/; classtype:trojan-activity;sid:83675677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.65.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812576/; classtype:trojan-activity;sid:83675676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.152.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812575/; classtype:trojan-activity;sid:83675675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.128.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812574/; classtype:trojan-activity;sid:83675674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.152.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812573/; classtype:trojan-activity;sid:83675673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/siscopbaze6444444444maincleanrdppppp.txt"; depth:41; endswith; nocase; http.host; content:"198.12.81.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812571/; classtype:trojan-activity;sid:83675671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.91.82.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812572/; classtype:trojan-activity;sid:83675672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forxla.js"; depth:10; endswith; nocase; http.host; content:"198.12.81.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812569/; classtype:trojan-activity;sid:83675669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xlaisveryeasyprocesstoloveherwithallhappinessandkindofloverwhichwecantell__ireallylovehertrulyfromthe.doc"; depth:106; endswith; nocase; http.host; content:"198.12.81.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812570/; classtype:trojan-activity;sid:83675670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1k3myclwhc0rd9_ew9e72rodwwmrie1f0"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812568/; classtype:trojan-activity;sid:83675668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rvhu6fn-ghiaejrlxzecd_vgty8tzqjb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812565/; classtype:trojan-activity;sid:83675665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hzujasjemb7rp3rmjuftkqshwb5c6tv2"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812566/; classtype:trojan-activity;sid:83675666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1r0m9vfho2rtvbtqrz1jhqc_3dhwasu6l"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812567/; classtype:trojan-activity;sid:83675667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tinamous.vbs"; depth:13; endswith; nocase; http.host; content:"universalmovies.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812564/; classtype:trojan-activity;sid:83675664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.246.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812563/; classtype:trojan-activity;sid:83675663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.78.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812562/; classtype:trojan-activity;sid:83675662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qaysgfxx209.bin"; depth:16; endswith; nocase; http.host; content:"94.156.8.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812560/; classtype:trojan-activity;sid:83675660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editorialise.prm"; depth:17; endswith; nocase; http.host; content:"94.156.8.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812561/; classtype:trojan-activity;sid:83675661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.128.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812559/; classtype:trojan-activity;sid:83675659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.65.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812558/; classtype:trojan-activity;sid:83675658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.25.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812557/; classtype:trojan-activity;sid:83675657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.55.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812556/; classtype:trojan-activity;sid:83675656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.249.230.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812555/; classtype:trojan-activity;sid:83675655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.114.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812554/; classtype:trojan-activity;sid:83675654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.164.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812552/; classtype:trojan-activity;sid:83675652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.71.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812553/; classtype:trojan-activity;sid:83675653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227897667967914034/1228737487413973032/minty.zip|3f|ex=662d21f5|7c|26|7c|is=661aacf5|7c|26|7c|hm=b410d79974028a1359559abc56aaa2bf6c4bcd5eae6aae07c6bbec39069f6aa3|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812551/; classtype:trojan-activity;sid:83675651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1228423351077437531/1228737171637141595/napex.zip|3f|ex=662d21aa|7c|26|7c|is=661aacaa|7c|26|7c|hm=49b455e754059f9bdd533095b436de8d1a83a37f58c98d3b52663872334feeed|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812550/; classtype:trojan-activity;sid:83675650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227844136372015104/1228738266476445696/inzenyr.zip|3f|ex=662d22af|7c|26|7c|is=661aadaf|7c|26|7c|hm=503173af16c8448f0ec8b2d6f787baafa3d85f87f646be77e57e11e915469d68|7c|26|7c|"; depth:187; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812549/; classtype:trojan-activity;sid:83675649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227980802336493609/1227982287056932865/electron.zip|3f|ex=662a62a0|7c|26|7c|is=6617eda0|7c|26|7c|hm=64779b9cf9bfd5745abe7bfe93b02cf903cec3beb301f8ef36321e199084d373|7c|26|7c|"; depth:188; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812544/; classtype:trojan-activity;sid:83675644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227291305491693605/1227314518242365602/fixer.zip|3f|ex=6627f4b7|7c|26|7c|is=66157fb7|7c|26|7c|hm=25fa6d5675b535a149e567abbb17ff6a16fb137b21a5e4da22a0eb7640e2c30c|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812545/; classtype:trojan-activity;sid:83675645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227844170593468512/1228738472395804713/palworld_trainer.zip|3f|ex=662d22e0|7c|26|7c|is=661aade0|7c|26|7c|hm=c5b7064cc6d83bb0878eb9b3818f9833b0dbe0d5bb9cedcbe1d1c0abd96c4e94|7c|26|7c|"; depth:196; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812546/; classtype:trojan-activity;sid:83675646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1228320056715247647/1228739222387822679/bloxfscrpt.zip|3f|ex=662d2393|7c|26|7c|is=661aae93|7c|26|7c|hm=ae3bfc98359e2dc62983ae89237b6f6b6625311aff66cb8cd2df69398f7c01e8|7c|26|7c|"; depth:190; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812547/; classtype:trojan-activity;sid:83675647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227843084948078612/1228737950867787856/vallacuc.zip|3f|ex=662d2264|7c|26|7c|is=661aad64|7c|26|7c|hm=3953315f348dc806a9ce4204fd16900aff144420e0a99e9efc65d88ba6fd462e|7c|26|7c|"; depth:188; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812548/; classtype:trojan-activity;sid:83675648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227291305491693599/1229007217206886470/features.zip|3f|ex=662e1d2a|7c|26|7c|is=661ba82a|7c|26|7c|hm=2d2098ca6f940d1bb024aaf49c2fb24ca0b304dda2d3ca70e465956c255d28e1|7c|26|7c|"; depth:188; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812542/; classtype:trojan-activity;sid:83675642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227844186766835763/1228739012253061151/viper.zip|3f|ex=662d2361|7c|26|7c|is=661aae61|7c|26|7c|hm=8fc279e96b5b8eedcd95f2637845b121d88ba0ad6ef1a437eadf5a89bd02b468|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812543/; classtype:trojan-activity;sid:83675643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/web/70c64fbb-926d-42da-b6f6-5b500e6a7894/vape%20v4%20crack.zip"; depth:72; endswith; nocase; http.host; content:"store14.gofile.io"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812541/; classtype:trojan-activity;sid:83675641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file_premium/hshbcw3y34nz1k8/kom_installer_v_4.41%25282%2529.zip/file"; depth:70; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812540/; classtype:trojan-activity;sid:83675640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dinsherman202/solid-lamp/releases/download/download/github.software.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812539/; classtype:trojan-activity;sid:83675639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.206.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812538/; classtype:trojan-activity;sid:83675638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.19.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812537/; classtype:trojan-activity;sid:83675637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.14.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812536/; classtype:trojan-activity;sid:83675636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.95.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812535/; classtype:trojan-activity;sid:83675635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.249.230.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812534/; classtype:trojan-activity;sid:83675634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.183.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812533/; classtype:trojan-activity;sid:83675633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.71.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812532/; classtype:trojan-activity;sid:83675632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.25.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812531/; classtype:trojan-activity;sid:83675631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.235.126.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812530/; classtype:trojan-activity;sid:83675630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.210.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812529/; classtype:trojan-activity;sid:83675629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.181.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812528/; classtype:trojan-activity;sid:83675628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.204.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812527/; classtype:trojan-activity;sid:83675627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.206.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812526/; classtype:trojan-activity;sid:83675626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.57.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812525/; classtype:trojan-activity;sid:83675625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.19.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812524/; classtype:trojan-activity;sid:83675624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.248.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812523/; classtype:trojan-activity;sid:83675623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.14.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812521/; classtype:trojan-activity;sid:83675621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.25.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812522/; classtype:trojan-activity;sid:83675622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.238.79.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812520/; classtype:trojan-activity;sid:83675620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.183.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812519/; classtype:trojan-activity;sid:83675619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.233.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812518/; classtype:trojan-activity;sid:83675618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.235.126.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812517/; classtype:trojan-activity;sid:83675617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.78.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812516/; classtype:trojan-activity;sid:83675616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.159.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812515/; classtype:trojan-activity;sid:83675615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.204.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812514/; classtype:trojan-activity;sid:83675614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.24.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812513/; classtype:trojan-activity;sid:83675613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.167.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812512/; classtype:trojan-activity;sid:83675612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.45.56.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812511/; classtype:trojan-activity;sid:83675611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.6.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812510/; classtype:trojan-activity;sid:83675610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.54.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812509/; classtype:trojan-activity;sid:83675609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.248.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812508/; classtype:trojan-activity;sid:83675608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.235.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812507/; classtype:trojan-activity;sid:83675607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.152.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812506/; classtype:trojan-activity;sid:83675606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.252.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812505/; classtype:trojan-activity;sid:83675605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.238.79.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812504/; classtype:trojan-activity;sid:83675604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.163.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812503/; classtype:trojan-activity;sid:83675603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.11.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812502/; classtype:trojan-activity;sid:83675602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.251.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812501/; classtype:trojan-activity;sid:83675601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812500/; classtype:trojan-activity;sid:83675600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.39.197.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812499/; classtype:trojan-activity;sid:83675599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.81.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812498/; classtype:trojan-activity;sid:83675598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.255.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812497/; classtype:trojan-activity;sid:83675597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.126.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812496/; classtype:trojan-activity;sid:83675596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.236.199.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812495/; classtype:trojan-activity;sid:83675595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.201.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812492/; classtype:trojan-activity;sid:83675592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.159.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812493/; classtype:trojan-activity;sid:83675593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.219.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812494/; classtype:trojan-activity;sid:83675594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.54.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812490/; classtype:trojan-activity;sid:83675590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.201.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812491/; classtype:trojan-activity;sid:83675591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.252.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812489/; classtype:trojan-activity;sid:83675589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.24.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812488/; classtype:trojan-activity;sid:83675588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.41.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812487/; classtype:trojan-activity;sid:83675587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812484/; classtype:trojan-activity;sid:83675584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.105.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812485/; classtype:trojan-activity;sid:83675585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.235.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812486/; classtype:trojan-activity;sid:83675586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812483/; classtype:trojan-activity;sid:83675583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.177.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812482/; classtype:trojan-activity;sid:83675582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.98.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812481/; classtype:trojan-activity;sid:83675581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.95.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812480/; classtype:trojan-activity;sid:83675580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.126.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812479/; classtype:trojan-activity;sid:83675579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.253.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812478/; classtype:trojan-activity;sid:83675578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.98.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812477/; classtype:trojan-activity;sid:83675577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.50.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812476/; classtype:trojan-activity;sid:83675576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.11.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812475/; classtype:trojan-activity;sid:83675575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.128.249.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812474/; classtype:trojan-activity;sid:83675574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812473/; classtype:trojan-activity;sid:83675573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.24.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812472/; classtype:trojan-activity;sid:83675572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.190.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812471/; classtype:trojan-activity;sid:83675571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.81.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812470/; classtype:trojan-activity;sid:83675570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.229.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812469/; classtype:trojan-activity;sid:83675569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.236.199.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812468/; classtype:trojan-activity;sid:83675568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.11.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812467/; classtype:trojan-activity;sid:83675567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.229.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812466/; classtype:trojan-activity;sid:83675566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.163.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812465/; classtype:trojan-activity;sid:83675565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.10.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812464/; classtype:trojan-activity;sid:83675564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.245.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812463/; classtype:trojan-activity;sid:83675563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.183.15.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812462/; classtype:trojan-activity;sid:83675562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.112.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812461/; classtype:trojan-activity;sid:83675561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.15.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812460/; classtype:trojan-activity;sid:83675560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.130.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812459/; classtype:trojan-activity;sid:83675559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.58.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812458/; classtype:trojan-activity;sid:83675558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.210.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812457/; classtype:trojan-activity;sid:83675557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.124.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812456/; classtype:trojan-activity;sid:83675556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.253.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812455/; classtype:trojan-activity;sid:83675555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812454/; classtype:trojan-activity;sid:83675554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.12.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812453/; classtype:trojan-activity;sid:83675553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.95.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812452/; classtype:trojan-activity;sid:83675552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.71.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812451/; classtype:trojan-activity;sid:83675551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.8.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812450/; classtype:trojan-activity;sid:83675550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.133.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812448/; classtype:trojan-activity;sid:83675548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812449/; classtype:trojan-activity;sid:83675549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.46.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812447/; classtype:trojan-activity;sid:83675547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.10.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812446/; classtype:trojan-activity;sid:83675546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.163.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812444/; classtype:trojan-activity;sid:83675544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.214.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812445/; classtype:trojan-activity;sid:83675545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.14.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812443/; classtype:trojan-activity;sid:83675543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812442/; classtype:trojan-activity;sid:83675542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812441/; classtype:trojan-activity;sid:83675541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.225.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812440/; classtype:trojan-activity;sid:83675540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.214.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812439/; classtype:trojan-activity;sid:83675539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.12.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812438/; classtype:trojan-activity;sid:83675538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.226.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812437/; classtype:trojan-activity;sid:83675537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.111.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812436/; classtype:trojan-activity;sid:83675536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.46.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812435/; classtype:trojan-activity;sid:83675535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.15.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812434/; classtype:trojan-activity;sid:83675534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.188.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812431/; classtype:trojan-activity;sid:83675531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.28.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812432/; classtype:trojan-activity;sid:83675532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.212.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812433/; classtype:trojan-activity;sid:83675533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.54.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812430/; classtype:trojan-activity;sid:83675530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812429/; classtype:trojan-activity;sid:83675529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.95.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812428/; classtype:trojan-activity;sid:83675528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.187.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812427/; classtype:trojan-activity;sid:83675527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812426/; classtype:trojan-activity;sid:83675526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.46.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812425/; classtype:trojan-activity;sid:83675525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.148.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812424/; classtype:trojan-activity;sid:83675524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.115.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812423/; classtype:trojan-activity;sid:83675523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.26.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812422/; classtype:trojan-activity;sid:83675522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.147.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812421/; classtype:trojan-activity;sid:83675521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.14.192.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812419/; classtype:trojan-activity;sid:83675519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.36.173.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812420/; classtype:trojan-activity;sid:83675520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.149.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812418/; classtype:trojan-activity;sid:83675518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.149.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812417/; classtype:trojan-activity;sid:83675517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.111.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812416/; classtype:trojan-activity;sid:83675516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.29.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812415/; classtype:trojan-activity;sid:83675515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.169.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812414/; classtype:trojan-activity;sid:83675514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.181.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812413/; classtype:trojan-activity;sid:83675513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812412/; classtype:trojan-activity;sid:83675512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.128.35.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812411/; classtype:trojan-activity;sid:83675511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.99.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812410/; classtype:trojan-activity;sid:83675510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.150.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812409/; classtype:trojan-activity;sid:83675509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.123.71.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812408/; classtype:trojan-activity;sid:83675508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.110.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812407/; classtype:trojan-activity;sid:83675507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812406/; classtype:trojan-activity;sid:83675506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.26.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812405/; classtype:trojan-activity;sid:83675505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.115.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812403/; classtype:trojan-activity;sid:83675503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.233.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812404/; classtype:trojan-activity;sid:83675504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.99.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812401/; classtype:trojan-activity;sid:83675501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.181.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812402/; classtype:trojan-activity;sid:83675502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.250.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812400/; classtype:trojan-activity;sid:83675500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.245.218.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812399/; classtype:trojan-activity;sid:83675499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.78.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812397/; classtype:trojan-activity;sid:83675497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.250.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812398/; classtype:trojan-activity;sid:83675498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.123.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812396/; classtype:trojan-activity;sid:83675496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.149.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812395/; classtype:trojan-activity;sid:83675495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.179.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812394/; classtype:trojan-activity;sid:83675494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.112.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812392/; classtype:trojan-activity;sid:83675492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.192.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812393/; classtype:trojan-activity;sid:83675493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.177.171.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812391/; classtype:trojan-activity;sid:83675491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.169.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812390/; classtype:trojan-activity;sid:83675490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.148.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812389/; classtype:trojan-activity;sid:83675489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812388/; classtype:trojan-activity;sid:83675488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.226.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812387/; classtype:trojan-activity;sid:83675487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.41.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812386/; classtype:trojan-activity;sid:83675486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812385/; classtype:trojan-activity;sid:83675485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812384/; classtype:trojan-activity;sid:83675484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812383/; classtype:trojan-activity;sid:83675483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.104.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812382/; classtype:trojan-activity;sid:83675482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.179.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812381/; classtype:trojan-activity;sid:83675481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.18.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812379/; classtype:trojan-activity;sid:83675479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.155.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812380/; classtype:trojan-activity;sid:83675480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.87.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812378/; classtype:trojan-activity;sid:83675478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.78.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812377/; classtype:trojan-activity;sid:83675477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812376/; classtype:trojan-activity;sid:83675476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.226.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812374/; classtype:trojan-activity;sid:83675474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812375/; classtype:trojan-activity;sid:83675475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.89.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812373/; classtype:trojan-activity;sid:83675473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.181.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812371/; classtype:trojan-activity;sid:83675471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.28.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812372/; classtype:trojan-activity;sid:83675472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812370/; classtype:trojan-activity;sid:83675470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.105.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812369/; classtype:trojan-activity;sid:83675469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.134.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812368/; classtype:trojan-activity;sid:83675468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.47.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812367/; classtype:trojan-activity;sid:83675467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.113.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812366/; classtype:trojan-activity;sid:83675466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.18.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812364/; classtype:trojan-activity;sid:83675464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.116.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812365/; classtype:trojan-activity;sid:83675465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.87.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812363/; classtype:trojan-activity;sid:83675463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.134.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812361/; classtype:trojan-activity;sid:83675461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.236.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812362/; classtype:trojan-activity;sid:83675462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812360/; classtype:trojan-activity;sid:83675460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.183.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812359/; classtype:trojan-activity;sid:83675459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.144.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812356/; classtype:trojan-activity;sid:83675456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.78.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812357/; classtype:trojan-activity;sid:83675457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812358/; classtype:trojan-activity;sid:83675458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.144.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812355/; classtype:trojan-activity;sid:83675455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.47.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812354/; classtype:trojan-activity;sid:83675454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.236.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812353/; classtype:trojan-activity;sid:83675453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.180.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812352/; classtype:trojan-activity;sid:83675452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.110.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812350/; classtype:trojan-activity;sid:83675450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.246.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812351/; classtype:trojan-activity;sid:83675451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.m68k"; depth:21; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812348/; classtype:trojan-activity;sid:83675448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.spc"; depth:20; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812349/; classtype:trojan-activity;sid:83675449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.193.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812347/; classtype:trojan-activity;sid:83675447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.129.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812346/; classtype:trojan-activity;sid:83675446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.113.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812343/; classtype:trojan-activity;sid:83675443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.103.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812344/; classtype:trojan-activity;sid:83675444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.224.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812345/; classtype:trojan-activity;sid:83675445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812342/; classtype:trojan-activity;sid:83675442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.125.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812340/; classtype:trojan-activity;sid:83675440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812341/; classtype:trojan-activity;sid:83675441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.134.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812338/; classtype:trojan-activity;sid:83675438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.110.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812339/; classtype:trojan-activity;sid:83675439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.129.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812337/; classtype:trojan-activity;sid:83675437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.41.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812336/; classtype:trojan-activity;sid:83675436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.78.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812335/; classtype:trojan-activity;sid:83675435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812333/; classtype:trojan-activity;sid:83675433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812334/; classtype:trojan-activity;sid:83675434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812331/; classtype:trojan-activity;sid:83675431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812332/; classtype:trojan-activity;sid:83675432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812324/; classtype:trojan-activity;sid:83675424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812325/; classtype:trojan-activity;sid:83675425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812326/; classtype:trojan-activity;sid:83675426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812327/; classtype:trojan-activity;sid:83675427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812328/; classtype:trojan-activity;sid:83675428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812329/; classtype:trojan-activity;sid:83675429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812330/; classtype:trojan-activity;sid:83675430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812320/; classtype:trojan-activity;sid:83675420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812321/; classtype:trojan-activity;sid:83675421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812322/; classtype:trojan-activity;sid:83675422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"193.37.59.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812323/; classtype:trojan-activity;sid:83675423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.43.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812319/; classtype:trojan-activity;sid:83675419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.144.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812318/; classtype:trojan-activity;sid:83675418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.179.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812317/; classtype:trojan-activity;sid:83675417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.168.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812316/; classtype:trojan-activity;sid:83675416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.180.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812315/; classtype:trojan-activity;sid:83675415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.13.2.223"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812314/; classtype:trojan-activity;sid:83675414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812313/; classtype:trojan-activity;sid:83675413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.183.1.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812312/; classtype:trojan-activity;sid:83675412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.2.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812311/; classtype:trojan-activity;sid:83675411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.194.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812310/; classtype:trojan-activity;sid:83675410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.191.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812309/; classtype:trojan-activity;sid:83675409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.193.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812307/; classtype:trojan-activity;sid:83675407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.55.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812308/; classtype:trojan-activity;sid:83675408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.96.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812306/; classtype:trojan-activity;sid:83675406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.93.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812305/; classtype:trojan-activity;sid:83675405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.12.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812304/; classtype:trojan-activity;sid:83675404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.253.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812303/; classtype:trojan-activity;sid:83675403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812302/; classtype:trojan-activity;sid:83675402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.205.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812301/; classtype:trojan-activity;sid:83675401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.217.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812300/; classtype:trojan-activity;sid:83675400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.151.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812299/; classtype:trojan-activity;sid:83675399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.93.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812298/; classtype:trojan-activity;sid:83675398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.96.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812297/; classtype:trojan-activity;sid:83675397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.ppc"; depth:20; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812288/; classtype:trojan-activity;sid:83675388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.arm7"; depth:21; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812289/; classtype:trojan-activity;sid:83675389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.arm6"; depth:21; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812290/; classtype:trojan-activity;sid:83675390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.x86"; depth:20; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812291/; classtype:trojan-activity;sid:83675391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.mpsl"; depth:21; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812292/; classtype:trojan-activity;sid:83675392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.arm5"; depth:21; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812293/; classtype:trojan-activity;sid:83675393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.sh4"; depth:20; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812294/; classtype:trojan-activity;sid:83675394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.arm"; depth:20; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812295/; classtype:trojan-activity;sid:83675395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.mips"; depth:21; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812296/; classtype:trojan-activity;sid:83675396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbrbinaries/cbr.arc"; depth:20; endswith; nocase; http.host; content:"5.181.190.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812287/; classtype:trojan-activity;sid:83675387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.250.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812286/; classtype:trojan-activity;sid:83675386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812285/; classtype:trojan-activity;sid:83675385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.29.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812284/; classtype:trojan-activity;sid:83675384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.12.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812283/; classtype:trojan-activity;sid:83675383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.113.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812282/; classtype:trojan-activity;sid:83675382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.185.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812281/; classtype:trojan-activity;sid:83675381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812280/; classtype:trojan-activity;sid:83675380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.217.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812279/; classtype:trojan-activity;sid:83675379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.100.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812278/; classtype:trojan-activity;sid:83675378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.68.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812277/; classtype:trojan-activity;sid:83675377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.70.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812275/; classtype:trojan-activity;sid:83675375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.11.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812276/; classtype:trojan-activity;sid:83675376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.180.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812274/; classtype:trojan-activity;sid:83675374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.109.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812273/; classtype:trojan-activity;sid:83675373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.250.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812272/; classtype:trojan-activity;sid:83675372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.160.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812271/; classtype:trojan-activity;sid:83675371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.216.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812270/; classtype:trojan-activity;sid:83675370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.111.48.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812269/; classtype:trojan-activity;sid:83675369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.29.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812268/; classtype:trojan-activity;sid:83675368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.67.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812267/; classtype:trojan-activity;sid:83675367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.197.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812266/; classtype:trojan-activity;sid:83675366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.70.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812265/; classtype:trojan-activity;sid:83675365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.128.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812264/; classtype:trojan-activity;sid:83675364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.154.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812263/; classtype:trojan-activity;sid:83675363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812262/; classtype:trojan-activity;sid:83675362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812261/; classtype:trojan-activity;sid:83675361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.160.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812260/; classtype:trojan-activity;sid:83675360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.170.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812259/; classtype:trojan-activity;sid:83675359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812258/; classtype:trojan-activity;sid:83675358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.68.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812257/; classtype:trojan-activity;sid:83675357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812256/; classtype:trojan-activity;sid:83675356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.11.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812255/; classtype:trojan-activity;sid:83675355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.190.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812254/; classtype:trojan-activity;sid:83675354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.248.19.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812253/; classtype:trojan-activity;sid:83675353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.31.72.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812252/; classtype:trojan-activity;sid:83675352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.197.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812251/; classtype:trojan-activity;sid:83675351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812249/; classtype:trojan-activity;sid:83675349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812250/; classtype:trojan-activity;sid:83675350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.1.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812248/; classtype:trojan-activity;sid:83675348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.56.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812247/; classtype:trojan-activity;sid:83675347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.170.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812246/; classtype:trojan-activity;sid:83675346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.190.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812245/; classtype:trojan-activity;sid:83675345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.49.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812244/; classtype:trojan-activity;sid:83675344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.56.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812243/; classtype:trojan-activity;sid:83675343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.81.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812242/; classtype:trojan-activity;sid:83675342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.177.251.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812241/; classtype:trojan-activity;sid:83675341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.50.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812240/; classtype:trojan-activity;sid:83675340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.242.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812239/; classtype:trojan-activity;sid:83675339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.1.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812238/; classtype:trojan-activity;sid:83675338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.49.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812237/; classtype:trojan-activity;sid:83675337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.57.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812236/; classtype:trojan-activity;sid:83675336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.137.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812235/; classtype:trojan-activity;sid:83675335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.177.171.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812234/; classtype:trojan-activity;sid:83675334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.230.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812233/; classtype:trojan-activity;sid:83675333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.195.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812232/; classtype:trojan-activity;sid:83675332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.154.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812231/; classtype:trojan-activity;sid:83675331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.25.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812230/; classtype:trojan-activity;sid:83675330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.90.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812229/; classtype:trojan-activity;sid:83675329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.113.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812228/; classtype:trojan-activity;sid:83675328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.236.186.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812227/; classtype:trojan-activity;sid:83675327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.39.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812226/; classtype:trojan-activity;sid:83675326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.179.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812225/; classtype:trojan-activity;sid:83675325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.243.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812224/; classtype:trojan-activity;sid:83675324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.95.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812223/; classtype:trojan-activity;sid:83675323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.95.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812222/; classtype:trojan-activity;sid:83675322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.81.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812221/; classtype:trojan-activity;sid:83675321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.237.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812220/; classtype:trojan-activity;sid:83675320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.101.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812218/; classtype:trojan-activity;sid:83675318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.144.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812219/; classtype:trojan-activity;sid:83675319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812217/; classtype:trojan-activity;sid:83675317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.210.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812216/; classtype:trojan-activity;sid:83675316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.89.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812215/; classtype:trojan-activity;sid:83675315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.43.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812214/; classtype:trojan-activity;sid:83675314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.209.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812213/; classtype:trojan-activity;sid:83675313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.195.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812212/; classtype:trojan-activity;sid:83675312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.154.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812211/; classtype:trojan-activity;sid:83675311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.168.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812209/; classtype:trojan-activity;sid:83675309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.230.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812210/; classtype:trojan-activity;sid:83675310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.208.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812208/; classtype:trojan-activity;sid:83675308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.70.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812207/; classtype:trojan-activity;sid:83675307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.105.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812206/; classtype:trojan-activity;sid:83675306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.178.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812205/; classtype:trojan-activity;sid:83675305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.50.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812204/; classtype:trojan-activity;sid:83675304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812203/; classtype:trojan-activity;sid:83675303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.32.184"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812202/; classtype:trojan-activity;sid:83675302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812201/; classtype:trojan-activity;sid:83675301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812199/; classtype:trojan-activity;sid:83675299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812200/; classtype:trojan-activity;sid:83675300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812195/; classtype:trojan-activity;sid:83675295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812196/; classtype:trojan-activity;sid:83675296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812197/; classtype:trojan-activity;sid:83675297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812198/; classtype:trojan-activity;sid:83675298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.55.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812194/; classtype:trojan-activity;sid:83675294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.14.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812193/; classtype:trojan-activity;sid:83675293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.29.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812192/; classtype:trojan-activity;sid:83675292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.168.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812191/; classtype:trojan-activity;sid:83675291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.208.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812190/; classtype:trojan-activity;sid:83675290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812189/; classtype:trojan-activity;sid:83675289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.172.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812188/; classtype:trojan-activity;sid:83675288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.32.184"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812187/; classtype:trojan-activity;sid:83675287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.253.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812186/; classtype:trojan-activity;sid:83675286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.253.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812185/; classtype:trojan-activity;sid:83675285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.113.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812184/; classtype:trojan-activity;sid:83675284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.3.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812183/; classtype:trojan-activity;sid:83675283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttt.exe"; depth:8; endswith; nocase; http.host; content:"94.232.45.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812182/; classtype:trojan-activity;sid:83675282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812181/; classtype:trojan-activity;sid:83675281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.219.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812180/; classtype:trojan-activity;sid:83675280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.101.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812179/; classtype:trojan-activity;sid:83675279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.221.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812178/; classtype:trojan-activity;sid:83675278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.90.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812177/; classtype:trojan-activity;sid:83675277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.147.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812176/; classtype:trojan-activity;sid:83675276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.138.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812175/; classtype:trojan-activity;sid:83675275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.143.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812174/; classtype:trojan-activity;sid:83675274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.106.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812173/; classtype:trojan-activity;sid:83675273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.43.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812171/; classtype:trojan-activity;sid:83675271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.151.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812172/; classtype:trojan-activity;sid:83675272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.236.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812170/; classtype:trojan-activity;sid:83675270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812169/; classtype:trojan-activity;sid:83675269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.186.155.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812168/; classtype:trojan-activity;sid:83675268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.127.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812167/; classtype:trojan-activity;sid:83675267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.200.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812166/; classtype:trojan-activity;sid:83675266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.100.177.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812165/; classtype:trojan-activity;sid:83675265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.113.207.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812164/; classtype:trojan-activity;sid:83675264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812163/; classtype:trojan-activity;sid:83675263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812162/; classtype:trojan-activity;sid:83675262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812161/; classtype:trojan-activity;sid:83675261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"oqb.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812160/; classtype:trojan-activity;sid:83675260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.45.56.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812158/; classtype:trojan-activity;sid:83675258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.221.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812159/; classtype:trojan-activity;sid:83675259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.186.155.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812157/; classtype:trojan-activity;sid:83675257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.231.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812156/; classtype:trojan-activity;sid:83675256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.97.138.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812155/; classtype:trojan-activity;sid:83675255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.16.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812154/; classtype:trojan-activity;sid:83675254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.127.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812153/; classtype:trojan-activity;sid:83675253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.49.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812152/; classtype:trojan-activity;sid:83675252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812151/; classtype:trojan-activity;sid:83675251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812150/; classtype:trojan-activity;sid:83675250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.170.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812149/; classtype:trojan-activity;sid:83675249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.0.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812148/; classtype:trojan-activity;sid:83675248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.99.112.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812147/; classtype:trojan-activity;sid:83675247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bu8h"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812146/; classtype:trojan-activity;sid:83675246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.21.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812145/; classtype:trojan-activity;sid:83675245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.201.137.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812144/; classtype:trojan-activity;sid:83675244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.44.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812143/; classtype:trojan-activity;sid:83675243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.21.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812142/; classtype:trojan-activity;sid:83675242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.231.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812141/; classtype:trojan-activity;sid:83675241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812140/; classtype:trojan-activity;sid:83675240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.174.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812139/; classtype:trojan-activity;sid:83675239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.83.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812138/; classtype:trojan-activity;sid:83675238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.170.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812137/; classtype:trojan-activity;sid:83675237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.99.112.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812136/; classtype:trojan-activity;sid:83675236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.243.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812134/; classtype:trojan-activity;sid:83675234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812135/; classtype:trojan-activity;sid:83675235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812132/; classtype:trojan-activity;sid:83675232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.49.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812133/; classtype:trojan-activity;sid:83675233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.119.132.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812131/; classtype:trojan-activity;sid:83675231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.9.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812130/; classtype:trojan-activity;sid:83675230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.174.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812129/; classtype:trojan-activity;sid:83675229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.201.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812128/; classtype:trojan-activity;sid:83675228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.90.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812127/; classtype:trojan-activity;sid:83675227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.40.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812126/; classtype:trojan-activity;sid:83675226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812125/; classtype:trojan-activity;sid:83675225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.126.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812124/; classtype:trojan-activity;sid:83675224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.228.45.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812123/; classtype:trojan-activity;sid:83675223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.117.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812122/; classtype:trojan-activity;sid:83675222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.243.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812121/; classtype:trojan-activity;sid:83675221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.73.248.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812120/; classtype:trojan-activity;sid:83675220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.171.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812119/; classtype:trojan-activity;sid:83675219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.201.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812118/; classtype:trojan-activity;sid:83675218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.92.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812117/; classtype:trojan-activity;sid:83675217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.216.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812116/; classtype:trojan-activity;sid:83675216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.202.55.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812115/; classtype:trojan-activity;sid:83675215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.60.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812114/; classtype:trojan-activity;sid:83675214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.47.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812113/; classtype:trojan-activity;sid:83675213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812112/; classtype:trojan-activity;sid:83675212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.250.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812111/; classtype:trojan-activity;sid:83675211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.162.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812110/; classtype:trojan-activity;sid:83675210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.73.248.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812109/; classtype:trojan-activity;sid:83675209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.228.157.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812108/; classtype:trojan-activity;sid:83675208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.10.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812106/; classtype:trojan-activity;sid:83675206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.117.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812107/; classtype:trojan-activity;sid:83675207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812105/; classtype:trojan-activity;sid:83675205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.238.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812104/; classtype:trojan-activity;sid:83675204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.104.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812103/; classtype:trojan-activity;sid:83675203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.221.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812101/; classtype:trojan-activity;sid:83675201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.161.31.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812102/; classtype:trojan-activity;sid:83675202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.209.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812100/; classtype:trojan-activity;sid:83675200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.126.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812099/; classtype:trojan-activity;sid:83675199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.146.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812098/; classtype:trojan-activity;sid:83675198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.59.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812097/; classtype:trojan-activity;sid:83675197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812096/; classtype:trojan-activity;sid:83675196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812095/; classtype:trojan-activity;sid:83675195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.148.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812094/; classtype:trojan-activity;sid:83675194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.10.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812093/; classtype:trojan-activity;sid:83675193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812092/; classtype:trojan-activity;sid:83675192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/m68k"; depth:9; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812088/; classtype:trojan-activity;sid:83675188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm6"; depth:9; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812089/; classtype:trojan-activity;sid:83675189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/sh4"; depth:8; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812090/; classtype:trojan-activity;sid:83675190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm7"; depth:9; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812091/; classtype:trojan-activity;sid:83675191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/mpsl"; depth:9; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812083/; classtype:trojan-activity;sid:83675183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm"; depth:8; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812084/; classtype:trojan-activity;sid:83675184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/ppc"; depth:8; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812085/; classtype:trojan-activity;sid:83675185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/mips"; depth:9; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812086/; classtype:trojan-activity;sid:83675186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/x86"; depth:8; endswith; nocase; http.host; content:"91.92.252.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812087/; classtype:trojan-activity;sid:83675187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.49.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812082/; classtype:trojan-activity;sid:83675182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.227.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812081/; classtype:trojan-activity;sid:83675181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.153.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812080/; classtype:trojan-activity;sid:83675180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.26.113.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812078/; classtype:trojan-activity;sid:83675178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.180.242.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812079/; classtype:trojan-activity;sid:83675179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.47.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812077/; classtype:trojan-activity;sid:83675177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.32.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812076/; classtype:trojan-activity;sid:83675176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.146.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812075/; classtype:trojan-activity;sid:83675175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812074/; classtype:trojan-activity;sid:83675174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.148.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812073/; classtype:trojan-activity;sid:83675173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.64.4.78"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812072/; classtype:trojan-activity;sid:83675172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.55.98.253"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812071/; classtype:trojan-activity;sid:83675171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.146.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812070/; classtype:trojan-activity;sid:83675170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.49.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812069/; classtype:trojan-activity;sid:83675169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.186.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812068/; classtype:trojan-activity;sid:83675168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.221.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812067/; classtype:trojan-activity;sid:83675167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.34.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812066/; classtype:trojan-activity;sid:83675166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.89.52.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812065/; classtype:trojan-activity;sid:83675165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.141.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812064/; classtype:trojan-activity;sid:83675164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812063/; classtype:trojan-activity;sid:83675163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.55.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812061/; classtype:trojan-activity;sid:83675161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.10.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812062/; classtype:trojan-activity;sid:83675162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.236.185.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812060/; classtype:trojan-activity;sid:83675160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.35.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812059/; classtype:trojan-activity;sid:83675159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"206.72.193.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812058/; classtype:trojan-activity;sid:83675158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.snoopy"; depth:15; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812056/; classtype:trojan-activity;sid:83675156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"192.210.196.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812057/; classtype:trojan-activity;sid:83675157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.snoopy"; depth:14; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812048/; classtype:trojan-activity;sid:83675148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812049/; classtype:trojan-activity;sid:83675149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.snoopy"; depth:14; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812050/; classtype:trojan-activity;sid:83675150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.snoopy"; depth:15; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812051/; classtype:trojan-activity;sid:83675151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.snoopy"; depth:14; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812052/; classtype:trojan-activity;sid:83675152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812053/; classtype:trojan-activity;sid:83675153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.snoopy"; depth:15; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812054/; classtype:trojan-activity;sid:83675154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.snoopy"; depth:15; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812055/; classtype:trojan-activity;sid:83675155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.snoopy"; depth:15; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812047/; classtype:trojan-activity;sid:83675147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812043/; classtype:trojan-activity;sid:83675143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812044/; classtype:trojan-activity;sid:83675144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812045/; classtype:trojan-activity;sid:83675145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.snoopy"; depth:15; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812046/; classtype:trojan-activity;sid:83675146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812035/; classtype:trojan-activity;sid:83675135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812036/; classtype:trojan-activity;sid:83675136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"87.246.7.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812037/; classtype:trojan-activity;sid:83675137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812038/; classtype:trojan-activity;sid:83675138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812039/; classtype:trojan-activity;sid:83675139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812040/; classtype:trojan-activity;sid:83675140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812041/; classtype:trojan-activity;sid:83675141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812042/; classtype:trojan-activity;sid:83675142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812033/; classtype:trojan-activity;sid:83675133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812034/; classtype:trojan-activity;sid:83675134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812028/; classtype:trojan-activity;sid:83675128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812029/; classtype:trojan-activity;sid:83675129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.snoopy"; depth:15; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812030/; classtype:trojan-activity;sid:83675130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.snoopy"; depth:14; endswith; nocase; http.host; content:"93.115.17.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812031/; classtype:trojan-activity;sid:83675131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812032/; classtype:trojan-activity;sid:83675132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"87.246.7.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812027/; classtype:trojan-activity;sid:83675127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.17.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812026/; classtype:trojan-activity;sid:83675126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.40.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812025/; classtype:trojan-activity;sid:83675125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.78.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812024/; classtype:trojan-activity;sid:83675124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.223.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812023/; classtype:trojan-activity;sid:83675123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.146.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812022/; classtype:trojan-activity;sid:83675122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.36.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812021/; classtype:trojan-activity;sid:83675121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.98.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812020/; classtype:trojan-activity;sid:83675120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.61.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812019/; classtype:trojan-activity;sid:83675119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.166.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812018/; classtype:trojan-activity;sid:83675118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.108.135.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812017/; classtype:trojan-activity;sid:83675117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.166.85.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812016/; classtype:trojan-activity;sid:83675116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812015/; classtype:trojan-activity;sid:83675115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.36.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812014/; classtype:trojan-activity;sid:83675114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.141.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812013/; classtype:trojan-activity;sid:83675113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812012/; classtype:trojan-activity;sid:83675112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.10.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812011/; classtype:trojan-activity;sid:83675111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.125.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812010/; classtype:trojan-activity;sid:83675110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.246.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812009/; classtype:trojan-activity;sid:83675109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.168.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812008/; classtype:trojan-activity;sid:83675108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.158.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812007/; classtype:trojan-activity;sid:83675107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.108.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812006/; classtype:trojan-activity;sid:83675106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812005/; classtype:trojan-activity;sid:83675105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.35.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812004/; classtype:trojan-activity;sid:83675104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.243.70.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812003/; classtype:trojan-activity;sid:83675103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812002/; classtype:trojan-activity;sid:83675102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.252.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812001/; classtype:trojan-activity;sid:83675101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.166.85.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812000/; classtype:trojan-activity;sid:83675100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.166.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811999/; classtype:trojan-activity;sid:83675099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811998/; classtype:trojan-activity;sid:83675098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.80.189.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811997/; classtype:trojan-activity;sid:83675097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.3.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811996/; classtype:trojan-activity;sid:83675096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.82.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811995/; classtype:trojan-activity;sid:83675095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.125.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811994/; classtype:trojan-activity;sid:83675094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.85.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811993/; classtype:trojan-activity;sid:83675093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811992/; classtype:trojan-activity;sid:83675092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.108.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811991/; classtype:trojan-activity;sid:83675091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.168.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811990/; classtype:trojan-activity;sid:83675090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.44.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811989/; classtype:trojan-activity;sid:83675089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811988/; classtype:trojan-activity;sid:83675088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.0.123.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811987/; classtype:trojan-activity;sid:83675087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.255.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811986/; classtype:trojan-activity;sid:83675086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.252.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811985/; classtype:trojan-activity;sid:83675085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.85.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811984/; classtype:trojan-activity;sid:83675084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.219.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811983/; classtype:trojan-activity;sid:83675083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.228.157.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811982/; classtype:trojan-activity;sid:83675082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811980/; classtype:trojan-activity;sid:83675080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811981/; classtype:trojan-activity;sid:83675081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.118.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811979/; classtype:trojan-activity;sid:83675079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.0.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811978/; classtype:trojan-activity;sid:83675078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811977/; classtype:trojan-activity;sid:83675077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811976/; classtype:trojan-activity;sid:83675076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.80.189.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811975/; classtype:trojan-activity;sid:83675075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.40.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811974/; classtype:trojan-activity;sid:83675074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.143.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811973/; classtype:trojan-activity;sid:83675073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.59.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811972/; classtype:trojan-activity;sid:83675072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"45.76.147.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811970/; classtype:trojan-activity;sid:83675070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"45.76.147.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811971/; classtype:trojan-activity;sid:83675071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811969/; classtype:trojan-activity;sid:83675069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.117.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811968/; classtype:trojan-activity;sid:83675068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.36.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811967/; classtype:trojan-activity;sid:83675067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.29.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811966/; classtype:trojan-activity;sid:83675066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811965/; classtype:trojan-activity;sid:83675065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.114.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811964/; classtype:trojan-activity;sid:83675064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.spc"; depth:23; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811963/; classtype:trojan-activity;sid:83675063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.176.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811962/; classtype:trojan-activity;sid:83675062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.7.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811960/; classtype:trojan-activity;sid:83675060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.18.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811961/; classtype:trojan-activity;sid:83675061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.71.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811959/; classtype:trojan-activity;sid:83675059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.209.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811958/; classtype:trojan-activity;sid:83675058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811954/; classtype:trojan-activity;sid:83675054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811955/; classtype:trojan-activity;sid:83675055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811956/; classtype:trojan-activity;sid:83675056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811957/; classtype:trojan-activity;sid:83675057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811950/; classtype:trojan-activity;sid:83675050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811951/; classtype:trojan-activity;sid:83675051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811952/; classtype:trojan-activity;sid:83675052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811953/; classtype:trojan-activity;sid:83675053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.spc"; depth:9; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811946/; classtype:trojan-activity;sid:83675046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811947/; classtype:trojan-activity;sid:83675047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811948/; classtype:trojan-activity;sid:83675048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811949/; classtype:trojan-activity;sid:83675049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mipsel"; depth:12; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811945/; classtype:trojan-activity;sid:83675045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.14.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811944/; classtype:trojan-activity;sid:83675044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811943/; classtype:trojan-activity;sid:83675043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.213.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811941/; classtype:trojan-activity;sid:83675041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.131.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811942/; classtype:trojan-activity;sid:83675042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.191.207.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811940/; classtype:trojan-activity;sid:83675040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.207.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811938/; classtype:trojan-activity;sid:83675038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668594311|3f|hash=f1ezamz2o7nrutchhlvzzmtojmcuybazzueoffu3pdh|7c|26|7c|dl=hk3nefbcvbzrwd97bbymfffcotzallvfvkrxwh25cux|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811939/; classtype:trojan-activity;sid:83675039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.238.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811937/; classtype:trojan-activity;sid:83675037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.26.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811936/; classtype:trojan-activity;sid:83675036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.82.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811934/; classtype:trojan-activity;sid:83675034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.47.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811935/; classtype:trojan-activity;sid:83675035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.mpsl"; depth:24; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811927/; classtype:trojan-activity;sid:83675027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.ppc"; depth:23; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811928/; classtype:trojan-activity;sid:83675028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.sh4"; depth:23; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811929/; classtype:trojan-activity;sid:83675029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.170.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811930/; classtype:trojan-activity;sid:83675030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.arm5"; depth:24; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811931/; classtype:trojan-activity;sid:83675031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.arm"; depth:23; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811932/; classtype:trojan-activity;sid:83675032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.mips"; depth:24; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811933/; classtype:trojan-activity;sid:83675033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.m68k"; depth:24; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811923/; classtype:trojan-activity;sid:83675023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.x86"; depth:23; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811924/; classtype:trojan-activity;sid:83675024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.arm6"; depth:24; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811925/; classtype:trojan-activity;sid:83675025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.arm7"; depth:24; endswith; nocase; http.host; content:"194.62.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811926/; classtype:trojan-activity;sid:83675026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.224.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811921/; classtype:trojan-activity;sid:83675021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.209.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811922/; classtype:trojan-activity;sid:83675022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.14.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811920/; classtype:trojan-activity;sid:83675020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811919/; classtype:trojan-activity;sid:83675019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.72.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811918/; classtype:trojan-activity;sid:83675018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.251.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811917/; classtype:trojan-activity;sid:83675017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.183.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811916/; classtype:trojan-activity;sid:83675016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.146.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811915/; classtype:trojan-activity;sid:83675015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.180.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811914/; classtype:trojan-activity;sid:83675014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.191.207.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811913/; classtype:trojan-activity;sid:83675013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.224.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811912/; classtype:trojan-activity;sid:83675012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.138.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811911/; classtype:trojan-activity;sid:83675011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.139.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811910/; classtype:trojan-activity;sid:83675010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.46.207.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811909/; classtype:trojan-activity;sid:83675009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.72.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811908/; classtype:trojan-activity;sid:83675008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.4.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811907/; classtype:trojan-activity;sid:83675007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.146.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811906/; classtype:trojan-activity;sid:83675006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.236.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811905/; classtype:trojan-activity;sid:83675005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.34.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811904/; classtype:trojan-activity;sid:83675004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.138.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811903/; classtype:trojan-activity;sid:83675003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.5.243"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811902/; classtype:trojan-activity;sid:83675002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.189.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811901/; classtype:trojan-activity;sid:83675001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.139.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811900/; classtype:trojan-activity;sid:83675000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.46.207.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811899/; classtype:trojan-activity;sid:83674999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.24.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811898/; classtype:trojan-activity;sid:83674998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.5.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811897/; classtype:trojan-activity;sid:83674997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.68.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811896/; classtype:trojan-activity;sid:83674996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.236.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811895/; classtype:trojan-activity;sid:83674995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.28.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811894/; classtype:trojan-activity;sid:83674994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.111.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811893/; classtype:trojan-activity;sid:83674993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.176.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811892/; classtype:trojan-activity;sid:83674992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.147.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811891/; classtype:trojan-activity;sid:83674991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.207.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811890/; classtype:trojan-activity;sid:83674990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.189.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811889/; classtype:trojan-activity;sid:83674989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.18.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811888/; classtype:trojan-activity;sid:83674988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.59.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811887/; classtype:trojan-activity;sid:83674987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.151.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811886/; classtype:trojan-activity;sid:83674986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.217.47.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811885/; classtype:trojan-activity;sid:83674985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.241.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811884/; classtype:trojan-activity;sid:83674984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.253.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811881/; classtype:trojan-activity;sid:83674981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.34.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811882/; classtype:trojan-activity;sid:83674982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.43.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811883/; classtype:trojan-activity;sid:83674983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811880/; classtype:trojan-activity;sid:83674980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.111.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811879/; classtype:trojan-activity;sid:83674979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811872/; classtype:trojan-activity;sid:83674972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811873/; classtype:trojan-activity;sid:83674973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811874/; classtype:trojan-activity;sid:83674974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811875/; classtype:trojan-activity;sid:83674975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811876/; classtype:trojan-activity;sid:83674976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811877/; classtype:trojan-activity;sid:83674977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811878/; classtype:trojan-activity;sid:83674978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811869/; classtype:trojan-activity;sid:83674969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811870/; classtype:trojan-activity;sid:83674970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811871/; classtype:trojan-activity;sid:83674971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811868/; classtype:trojan-activity;sid:83674968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.189.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811867/; classtype:trojan-activity;sid:83674967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.207.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811866/; classtype:trojan-activity;sid:83674966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.176.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811865/; classtype:trojan-activity;sid:83674965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.217.47.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811864/; classtype:trojan-activity;sid:83674964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.18.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811863/; classtype:trojan-activity;sid:83674963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.95.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811862/; classtype:trojan-activity;sid:83674962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.190.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811861/; classtype:trojan-activity;sid:83674961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.215.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811860/; classtype:trojan-activity;sid:83674960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.53.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811859/; classtype:trojan-activity;sid:83674959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.52.35"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811858/; classtype:trojan-activity;sid:83674958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.195.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811857/; classtype:trojan-activity;sid:83674957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.9.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811856/; classtype:trojan-activity;sid:83674956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.175.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811855/; classtype:trojan-activity;sid:83674955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811854/; classtype:trojan-activity;sid:83674954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811853/; classtype:trojan-activity;sid:83674953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.59.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811851/; classtype:trojan-activity;sid:83674951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.59.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811852/; classtype:trojan-activity;sid:83674952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.75.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811849/; classtype:trojan-activity;sid:83674949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.206.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811850/; classtype:trojan-activity;sid:83674950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.253.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811848/; classtype:trojan-activity;sid:83674948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.106.44.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811846/; classtype:trojan-activity;sid:83674946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.151.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811847/; classtype:trojan-activity;sid:83674947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.235.126.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811845/; classtype:trojan-activity;sid:83674945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.60.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811844/; classtype:trojan-activity;sid:83674944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.163.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811843/; classtype:trojan-activity;sid:83674943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811842/; classtype:trojan-activity;sid:83674942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.148.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811840/; classtype:trojan-activity;sid:83674940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.59.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811841/; classtype:trojan-activity;sid:83674941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"45.125.66.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811838/; classtype:trojan-activity;sid:83674938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811839/; classtype:trojan-activity;sid:83674939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.106.44.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811837/; classtype:trojan-activity;sid:83674937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.206.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811836/; classtype:trojan-activity;sid:83674936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.126.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811835/; classtype:trojan-activity;sid:83674935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811834/; classtype:trojan-activity;sid:83674934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.75.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811833/; classtype:trojan-activity;sid:83674933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.134.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811832/; classtype:trojan-activity;sid:83674932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.91.240.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811831/; classtype:trojan-activity;sid:83674931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"gaf.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811830/; classtype:trojan-activity;sid:83674930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.91.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811828/; classtype:trojan-activity;sid:83674928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.60.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811829/; classtype:trojan-activity;sid:83674929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.60.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811827/; classtype:trojan-activity;sid:83674927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.201.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811826/; classtype:trojan-activity;sid:83674926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811825/; classtype:trojan-activity;sid:83674925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.60.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811824/; classtype:trojan-activity;sid:83674924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.198.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811823/; classtype:trojan-activity;sid:83674923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.200.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811822/; classtype:trojan-activity;sid:83674922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811821/; classtype:trojan-activity;sid:83674921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.91.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811820/; classtype:trojan-activity;sid:83674920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.77.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811819/; classtype:trojan-activity;sid:83674919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.122.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811818/; classtype:trojan-activity;sid:83674918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.80.189.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811817/; classtype:trojan-activity;sid:83674917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.238.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811816/; classtype:trojan-activity;sid:83674916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.117.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811815/; classtype:trojan-activity;sid:83674915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.44.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811814/; classtype:trojan-activity;sid:83674914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.251.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811813/; classtype:trojan-activity;sid:83674913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.117.189.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811812/; classtype:trojan-activity;sid:83674912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"206.189.63.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811811/; classtype:trojan-activity;sid:83674911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.114.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811810/; classtype:trojan-activity;sid:83674910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.47.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811809/; classtype:trojan-activity;sid:83674909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.44.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811808/; classtype:trojan-activity;sid:83674908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.13.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811805/; classtype:trojan-activity;sid:83674905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.47.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811806/; classtype:trojan-activity;sid:83674906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.122.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811807/; classtype:trojan-activity;sid:83674907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.153.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811804/; classtype:trojan-activity;sid:83674904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/logo2.jpg"; depth:17; endswith; nocase; http.host; content:"sdshsjakdjsaljdkasda.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811803/; classtype:trojan-activity;sid:83674903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/logo3.jpg"; depth:17; endswith; nocase; http.host; content:"sdshsjakdjsaljdkasda.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811802/; classtype:trojan-activity;sid:83674902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.69.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811801/; classtype:trojan-activity;sid:83674901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.114.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811800/; classtype:trojan-activity;sid:83674900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.30.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811799/; classtype:trojan-activity;sid:83674899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.29.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811798/; classtype:trojan-activity;sid:83674898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.224.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811797/; classtype:trojan-activity;sid:83674897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.228.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811796/; classtype:trojan-activity;sid:83674896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.58.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811795/; classtype:trojan-activity;sid:83674895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.51.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811793/; classtype:trojan-activity;sid:83674893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.255.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811794/; classtype:trojan-activity;sid:83674894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.136.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811792/; classtype:trojan-activity;sid:83674892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811788/; classtype:trojan-activity;sid:83674888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811789/; classtype:trojan-activity;sid:83674889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811790/; classtype:trojan-activity;sid:83674890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811791/; classtype:trojan-activity;sid:83674891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811786/; classtype:trojan-activity;sid:83674886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811787/; classtype:trojan-activity;sid:83674887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811780/; classtype:trojan-activity;sid:83674880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811781/; classtype:trojan-activity;sid:83674881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811782/; classtype:trojan-activity;sid:83674882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811783/; classtype:trojan-activity;sid:83674883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811784/; classtype:trojan-activity;sid:83674884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"103.252.93.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811785/; classtype:trojan-activity;sid:83674885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.172.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811779/; classtype:trojan-activity;sid:83674879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.145.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811778/; classtype:trojan-activity;sid:83674878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.228.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811777/; classtype:trojan-activity;sid:83674877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.30.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811776/; classtype:trojan-activity;sid:83674876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811775/; classtype:trojan-activity;sid:83674875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.178.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811774/; classtype:trojan-activity;sid:83674874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.173.6.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811773/; classtype:trojan-activity;sid:83674873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.136.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811772/; classtype:trojan-activity;sid:83674872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811771/; classtype:trojan-activity;sid:83674871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.202.236.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811770/; classtype:trojan-activity;sid:83674870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.172.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811767/; classtype:trojan-activity;sid:83674867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.247.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811768/; classtype:trojan-activity;sid:83674868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.156.67.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811769/; classtype:trojan-activity;sid:83674869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.226.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811766/; classtype:trojan-activity;sid:83674866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.64.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811765/; classtype:trojan-activity;sid:83674865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.233.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811764/; classtype:trojan-activity;sid:83674864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811763/; classtype:trojan-activity;sid:83674863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.235.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811762/; classtype:trojan-activity;sid:83674862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.178.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811761/; classtype:trojan-activity;sid:83674861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.63.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811760/; classtype:trojan-activity;sid:83674860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.47.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811759/; classtype:trojan-activity;sid:83674859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.168.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811758/; classtype:trojan-activity;sid:83674858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.64.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811757/; classtype:trojan-activity;sid:83674857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.89.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811756/; classtype:trojan-activity;sid:83674856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"161.35.214.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811755/; classtype:trojan-activity;sid:83674855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.13.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811754/; classtype:trojan-activity;sid:83674854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.6.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811753/; classtype:trojan-activity;sid:83674853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.235.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811751/; classtype:trojan-activity;sid:83674851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.193.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811752/; classtype:trojan-activity;sid:83674852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.47.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811750/; classtype:trojan-activity;sid:83674850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.91.248.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811749/; classtype:trojan-activity;sid:83674849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.152.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811748/; classtype:trojan-activity;sid:83674848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.168.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811747/; classtype:trojan-activity;sid:83674847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.44.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811746/; classtype:trojan-activity;sid:83674846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.193.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811745/; classtype:trojan-activity;sid:83674845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.13.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811744/; classtype:trojan-activity;sid:83674844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.201.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811742/; classtype:trojan-activity;sid:83674842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.33.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811743/; classtype:trojan-activity;sid:83674843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.70.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811741/; classtype:trojan-activity;sid:83674841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.6.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811740/; classtype:trojan-activity;sid:83674840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.64.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811739/; classtype:trojan-activity;sid:83674839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.9.253"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811738/; classtype:trojan-activity;sid:83674838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.180.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811737/; classtype:trojan-activity;sid:83674837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.248.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811736/; classtype:trojan-activity;sid:83674836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.160.171.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811734/; classtype:trojan-activity;sid:83674834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.92.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811735/; classtype:trojan-activity;sid:83674835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.86.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811733/; classtype:trojan-activity;sid:83674833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.247.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811732/; classtype:trojan-activity;sid:83674832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.201.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811731/; classtype:trojan-activity;sid:83674831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.70.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811729/; classtype:trojan-activity;sid:83674829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.94.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811730/; classtype:trojan-activity;sid:83674830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.102.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811728/; classtype:trojan-activity;sid:83674828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.235.174.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811727/; classtype:trojan-activity;sid:83674827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.221.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811726/; classtype:trojan-activity;sid:83674826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.182.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811725/; classtype:trojan-activity;sid:83674825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.254.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811724/; classtype:trojan-activity;sid:83674824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.82.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811723/; classtype:trojan-activity;sid:83674823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.137.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811722/; classtype:trojan-activity;sid:83674822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.15.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811720/; classtype:trojan-activity;sid:83674820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.215.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811721/; classtype:trojan-activity;sid:83674821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.170.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811719/; classtype:trojan-activity;sid:83674819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.180.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811718/; classtype:trojan-activity;sid:83674818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.94.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811717/; classtype:trojan-activity;sid:83674817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/players"; depth:8; endswith; nocase; http.host; content:"146.19.191.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811716/; classtype:trojan-activity;sid:83674816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.57.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811715/; classtype:trojan-activity;sid:83674815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.86.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811714/; classtype:trojan-activity;sid:83674814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.160.171.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811713/; classtype:trojan-activity;sid:83674813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/st200.exe"; depth:15; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811712/; classtype:trojan-activity;sid:83674812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/remcos_a.exe"; depth:13; endswith; nocase; http.host; content:"vyhvje2.sa.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811711/; classtype:trojan-activity;sid:83674811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.102.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811710/; classtype:trojan-activity;sid:83674810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.24.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811709/; classtype:trojan-activity;sid:83674809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.143.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811708/; classtype:trojan-activity;sid:83674808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.188.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811706/; classtype:trojan-activity;sid:83674806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.148.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811707/; classtype:trojan-activity;sid:83674807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.15.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811705/; classtype:trojan-activity;sid:83674805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.215.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811704/; classtype:trojan-activity;sid:83674804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.135.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811703/; classtype:trojan-activity;sid:83674803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.212.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811702/; classtype:trojan-activity;sid:83674802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.210.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811701/; classtype:trojan-activity;sid:83674801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.173.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811700/; classtype:trojan-activity;sid:83674800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.93.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811699/; classtype:trojan-activity;sid:83674799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.181.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811698/; classtype:trojan-activity;sid:83674798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.188.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811697/; classtype:trojan-activity;sid:83674797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.93.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811696/; classtype:trojan-activity;sid:83674796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.109.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811695/; classtype:trojan-activity;sid:83674795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.135.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811694/; classtype:trojan-activity;sid:83674794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.86.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811693/; classtype:trojan-activity;sid:83674793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811690/; classtype:trojan-activity;sid:83674790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811691/; classtype:trojan-activity;sid:83674791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811692/; classtype:trojan-activity;sid:83674792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811687/; classtype:trojan-activity;sid:83674787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.210.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811688/; classtype:trojan-activity;sid:83674788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811689/; classtype:trojan-activity;sid:83674789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811685/; classtype:trojan-activity;sid:83674785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811686/; classtype:trojan-activity;sid:83674786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sorabins.sh"; depth:12; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811684/; classtype:trojan-activity;sid:83674784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811680/; classtype:trojan-activity;sid:83674780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811681/; classtype:trojan-activity;sid:83674781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811682/; classtype:trojan-activity;sid:83674782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"192.53.123.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811683/; classtype:trojan-activity;sid:83674783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.212.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811679/; classtype:trojan-activity;sid:83674779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.190.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811677/; classtype:trojan-activity;sid:83674777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.45.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811678/; classtype:trojan-activity;sid:83674778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.26.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811676/; classtype:trojan-activity;sid:83674776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.6.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811675/; classtype:trojan-activity;sid:83674775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.58.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811674/; classtype:trojan-activity;sid:83674774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.70.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811673/; classtype:trojan-activity;sid:83674773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.166.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811672/; classtype:trojan-activity;sid:83674772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.82.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811671/; classtype:trojan-activity;sid:83674771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.30.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811670/; classtype:trojan-activity;sid:83674770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a95bc524d4f5c43a/nss3.dll"; depth:26; endswith; nocase; http.host; content:"192.121.87.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811669/; classtype:trojan-activity;sid:83674769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23cafb7a4fcef13f/nss3.dll"; depth:26; endswith; nocase; http.host; content:"89.105.201.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811668/; classtype:trojan-activity;sid:83674768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a95bc524d4f5c43a/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"192.121.87.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811667/; classtype:trojan-activity;sid:83674767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a95bc524d4f5c43a/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"192.121.87.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811662/; classtype:trojan-activity;sid:83674762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a95bc524d4f5c43a/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"192.121.87.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811663/; classtype:trojan-activity;sid:83674763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a95bc524d4f5c43a/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"192.121.87.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811664/; classtype:trojan-activity;sid:83674764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a95bc524d4f5c43a/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"192.121.87.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811665/; classtype:trojan-activity;sid:83674765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23cafb7a4fcef13f/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"89.105.201.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811666/; classtype:trojan-activity;sid:83674766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23cafb7a4fcef13f/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"89.105.201.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811659/; classtype:trojan-activity;sid:83674759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23cafb7a4fcef13f/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"89.105.201.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811660/; classtype:trojan-activity;sid:83674760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a95bc524d4f5c43a/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"192.121.87.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811661/; classtype:trojan-activity;sid:83674761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.180.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811658/; classtype:trojan-activity;sid:83674758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/patchestextbook.exe"; depth:25; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811657/; classtype:trojan-activity;sid:83674757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.exe"; depth:12; endswith; nocase; http.host; content:"host1870453.hostland.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811654/; classtype:trojan-activity;sid:83674754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.184.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811655/; classtype:trojan-activity;sid:83674755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tandos.exe"; depth:11; endswith; nocase; http.host; content:"vyhvje2.sa.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811656/; classtype:trojan-activity;sid:83674756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crypted.exe"; depth:12; endswith; nocase; http.host; content:"91.92.255.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811653/; classtype:trojan-activity;sid:83674753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811652/; classtype:trojan-activity;sid:83674752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a67b9d6832f9c3f7e2a3677d7c75465b/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811649/; classtype:trojan-activity;sid:83674749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23dc03de0da81686128d3211652ab24f/4767d2e713f2021e8fe856e3ea638b58.exe"; depth:70; endswith; nocase; http.host; content:"junglethomas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811650/; classtype:trojan-activity;sid:83674750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23dc03de0da81686128d3211652ab24f/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811651/; classtype:trojan-activity;sid:83674751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.58.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811648/; classtype:trojan-activity;sid:83674748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811647/; classtype:trojan-activity;sid:83674747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.37.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811646/; classtype:trojan-activity;sid:83674746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811645/; classtype:trojan-activity;sid:83674745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.19.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811644/; classtype:trojan-activity;sid:83674744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.26.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811643/; classtype:trojan-activity;sid:83674743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.225.211.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811642/; classtype:trojan-activity;sid:83674742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.182.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811641/; classtype:trojan-activity;sid:83674741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.89.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811639/; classtype:trojan-activity;sid:83674739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.75.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811640/; classtype:trojan-activity;sid:83674740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.147.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811638/; classtype:trojan-activity;sid:83674738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.251.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811637/; classtype:trojan-activity;sid:83674737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.74.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811636/; classtype:trojan-activity;sid:83674736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.70.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811635/; classtype:trojan-activity;sid:83674735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.142.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811634/; classtype:trojan-activity;sid:83674734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.212.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811632/; classtype:trojan-activity;sid:83674732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.164.141.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811633/; classtype:trojan-activity;sid:83674733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.215.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811631/; classtype:trojan-activity;sid:83674731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.211.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811630/; classtype:trojan-activity;sid:83674730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.47.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811629/; classtype:trojan-activity;sid:83674729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811628/; classtype:trojan-activity;sid:83674728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.17.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811627/; classtype:trojan-activity;sid:83674727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.21.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811626/; classtype:trojan-activity;sid:83674726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.184.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811625/; classtype:trojan-activity;sid:83674725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.215.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811624/; classtype:trojan-activity;sid:83674724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.251.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811623/; classtype:trojan-activity;sid:83674723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.175.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811622/; classtype:trojan-activity;sid:83674722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.74.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811620/; classtype:trojan-activity;sid:83674720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.215.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811621/; classtype:trojan-activity;sid:83674721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.211.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811619/; classtype:trojan-activity;sid:83674719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.185.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811618/; classtype:trojan-activity;sid:83674718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.72.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811617/; classtype:trojan-activity;sid:83674717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.189.99.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811616/; classtype:trojan-activity;sid:83674716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.209.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811615/; classtype:trojan-activity;sid:83674715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.36.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811614/; classtype:trojan-activity;sid:83674714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.20.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811612/; classtype:trojan-activity;sid:83674712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811613/; classtype:trojan-activity;sid:83674713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.87.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811611/; classtype:trojan-activity;sid:83674711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.142.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811610/; classtype:trojan-activity;sid:83674710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.175.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811608/; classtype:trojan-activity;sid:83674708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.0.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811609/; classtype:trojan-activity;sid:83674709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.199.50.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811607/; classtype:trojan-activity;sid:83674707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.89.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811606/; classtype:trojan-activity;sid:83674706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.32.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811605/; classtype:trojan-activity;sid:83674705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.199.50.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811604/; classtype:trojan-activity;sid:83674704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.233.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811603/; classtype:trojan-activity;sid:83674703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.2.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811602/; classtype:trojan-activity;sid:83674702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.150.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811601/; classtype:trojan-activity;sid:83674701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.180.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811600/; classtype:trojan-activity;sid:83674700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.20.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811599/; classtype:trojan-activity;sid:83674699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.17.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811597/; classtype:trojan-activity;sid:83674697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.132.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811598/; classtype:trojan-activity;sid:83674698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.111.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811596/; classtype:trojan-activity;sid:83674696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811595/; classtype:trojan-activity;sid:83674695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.150.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811594/; classtype:trojan-activity;sid:83674694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.124.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811593/; classtype:trojan-activity;sid:83674693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.38.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811592/; classtype:trojan-activity;sid:83674692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.142.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811591/; classtype:trojan-activity;sid:83674691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.0.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811589/; classtype:trojan-activity;sid:83674689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811590/; classtype:trojan-activity;sid:83674690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.93.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811588/; classtype:trojan-activity;sid:83674688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.148.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811587/; classtype:trojan-activity;sid:83674687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.151.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811585/; classtype:trojan-activity;sid:83674685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.32.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811586/; classtype:trojan-activity;sid:83674686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.211.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811584/; classtype:trojan-activity;sid:83674684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.124.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811583/; classtype:trojan-activity;sid:83674683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.111.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811582/; classtype:trojan-activity;sid:83674682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.233.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811581/; classtype:trojan-activity;sid:83674681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.203.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811580/; classtype:trojan-activity;sid:83674680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.58.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811579/; classtype:trojan-activity;sid:83674679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.130.151.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811578/; classtype:trojan-activity;sid:83674678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.129.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811577/; classtype:trojan-activity;sid:83674677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.206.137.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811576/; classtype:trojan-activity;sid:83674676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811575/; classtype:trojan-activity;sid:83674675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.227.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811573/; classtype:trojan-activity;sid:83674673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.177.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811574/; classtype:trojan-activity;sid:83674674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.23.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811572/; classtype:trojan-activity;sid:83674672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.86.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811571/; classtype:trojan-activity;sid:83674671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.10.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811570/; classtype:trojan-activity;sid:83674670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.11.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811569/; classtype:trojan-activity;sid:83674669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.0.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811568/; classtype:trojan-activity;sid:83674668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.102.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811567/; classtype:trojan-activity;sid:83674667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.211.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811566/; classtype:trojan-activity;sid:83674666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.38.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811565/; classtype:trojan-activity;sid:83674665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.118.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811564/; classtype:trojan-activity;sid:83674664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811563/; classtype:trojan-activity;sid:83674663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.176.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811562/; classtype:trojan-activity;sid:83674662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.191.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811561/; classtype:trojan-activity;sid:83674661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.53.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811559/; classtype:trojan-activity;sid:83674659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.29.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811560/; classtype:trojan-activity;sid:83674660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.26.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811557/; classtype:trojan-activity;sid:83674657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.247.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811558/; classtype:trojan-activity;sid:83674658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811556/; classtype:trojan-activity;sid:83674656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.206.137.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811555/; classtype:trojan-activity;sid:83674655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.29.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811554/; classtype:trojan-activity;sid:83674654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.72.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811553/; classtype:trojan-activity;sid:83674653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.212.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811552/; classtype:trojan-activity;sid:83674652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811551/; classtype:trojan-activity;sid:83674651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.102.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811550/; classtype:trojan-activity;sid:83674650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.178.116.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811549/; classtype:trojan-activity;sid:83674649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.194.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811548/; classtype:trojan-activity;sid:83674648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.47.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811547/; classtype:trojan-activity;sid:83674647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.8.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811546/; classtype:trojan-activity;sid:83674646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.45.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811545/; classtype:trojan-activity;sid:83674645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.191.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811544/; classtype:trojan-activity;sid:83674644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.236.184.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811543/; classtype:trojan-activity;sid:83674643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.241.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811542/; classtype:trojan-activity;sid:83674642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811541/; classtype:trojan-activity;sid:83674641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.233.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811540/; classtype:trojan-activity;sid:83674640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.188.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811539/; classtype:trojan-activity;sid:83674639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"qdlcq.honors.howamerica.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811538/; classtype:trojan-activity;sid:83674638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.72.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811537/; classtype:trojan-activity;sid:83674637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"152.160.191.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811536/; classtype:trojan-activity;sid:83674636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811535/; classtype:trojan-activity;sid:83674635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.39.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811534/; classtype:trojan-activity;sid:83674634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.220.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811533/; classtype:trojan-activity;sid:83674633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.47.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811532/; classtype:trojan-activity;sid:83674632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.236.184.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811531/; classtype:trojan-activity;sid:83674631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.50.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811530/; classtype:trojan-activity;sid:83674630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.102.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811528/; classtype:trojan-activity;sid:83674628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.242.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811529/; classtype:trojan-activity;sid:83674629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.13.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811527/; classtype:trojan-activity;sid:83674627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.92.157.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811526/; classtype:trojan-activity;sid:83674626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.44.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811525/; classtype:trojan-activity;sid:83674625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.181.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811522/; classtype:trojan-activity;sid:83674622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.226.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811523/; classtype:trojan-activity;sid:83674623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.92.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811524/; classtype:trojan-activity;sid:83674624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.147.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811521/; classtype:trojan-activity;sid:83674621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.52.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811520/; classtype:trojan-activity;sid:83674620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.247.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811516/; classtype:trojan-activity;sid:83674616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.181.2.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811517/; classtype:trojan-activity;sid:83674617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.75.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811518/; classtype:trojan-activity;sid:83674618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.241.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811519/; classtype:trojan-activity;sid:83674619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.61.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811515/; classtype:trojan-activity;sid:83674615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.186.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811514/; classtype:trojan-activity;sid:83674614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.13.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811512/; classtype:trojan-activity;sid:83674612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.25.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811513/; classtype:trojan-activity;sid:83674613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.112.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811511/; classtype:trojan-activity;sid:83674611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.92.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811510/; classtype:trojan-activity;sid:83674610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811507/; classtype:trojan-activity;sid:83674607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811508/; classtype:trojan-activity;sid:83674608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.39.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811509/; classtype:trojan-activity;sid:83674609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.247.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811506/; classtype:trojan-activity;sid:83674606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.102.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811505/; classtype:trojan-activity;sid:83674605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.4.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811504/; classtype:trojan-activity;sid:83674604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.192.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811503/; classtype:trojan-activity;sid:83674603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811502/; classtype:trojan-activity;sid:83674602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811501/; classtype:trojan-activity;sid:83674601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.92.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811500/; classtype:trojan-activity;sid:83674600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811499/; classtype:trojan-activity;sid:83674599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.215.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811498/; classtype:trojan-activity;sid:83674598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.215.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811497/; classtype:trojan-activity;sid:83674597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811496/; classtype:trojan-activity;sid:83674596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.112.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811495/; classtype:trojan-activity;sid:83674595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.208.56.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811494/; classtype:trojan-activity;sid:83674594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/player123"; depth:10; endswith; nocase; http.host; content:"146.19.191.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811493/; classtype:trojan-activity;sid:83674593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.169.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811492/; classtype:trojan-activity;sid:83674592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.170.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811491/; classtype:trojan-activity;sid:83674591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.4.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811490/; classtype:trojan-activity;sid:83674590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.246.70.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811489/; classtype:trojan-activity;sid:83674589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.99.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811488/; classtype:trojan-activity;sid:83674588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.215.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811487/; classtype:trojan-activity;sid:83674587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.178.116.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811486/; classtype:trojan-activity;sid:83674586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/education/shield/microsoftservice.exe"; depth:38; endswith; nocase; http.host; content:"duckz.online"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811485/; classtype:trojan-activity;sid:83674585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811484/; classtype:trojan-activity;sid:83674584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.213.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811483/; classtype:trojan-activity;sid:83674583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"151.177.251.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811482/; classtype:trojan-activity;sid:83674582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.45.19.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811481/; classtype:trojan-activity;sid:83674581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.246.70.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811480/; classtype:trojan-activity;sid:83674580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811479/; classtype:trojan-activity;sid:83674579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.4.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811478/; classtype:trojan-activity;sid:83674578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.49.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811477/; classtype:trojan-activity;sid:83674577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.112.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811476/; classtype:trojan-activity;sid:83674576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811475/; classtype:trojan-activity;sid:83674575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.113.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811474/; classtype:trojan-activity;sid:83674574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.193.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811473/; classtype:trojan-activity;sid:83674573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.213.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811472/; classtype:trojan-activity;sid:83674572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.121.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811471/; classtype:trojan-activity;sid:83674571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811470/; classtype:trojan-activity;sid:83674570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.175.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811469/; classtype:trojan-activity;sid:83674569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811468/; classtype:trojan-activity;sid:83674568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.215.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811466/; classtype:trojan-activity;sid:83674566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.58.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811467/; classtype:trojan-activity;sid:83674567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.246.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811465/; classtype:trojan-activity;sid:83674565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811462/; classtype:trojan-activity;sid:83674562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811463/; classtype:trojan-activity;sid:83674563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811464/; classtype:trojan-activity;sid:83674564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.56.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811461/; classtype:trojan-activity;sid:83674561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"nextoneup.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811460/; classtype:trojan-activity;sid:83674560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811459/; classtype:trojan-activity;sid:83674559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.175.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811458/; classtype:trojan-activity;sid:83674558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.250.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811457/; classtype:trojan-activity;sid:83674557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.250.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811456/; classtype:trojan-activity;sid:83674556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.239.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811455/; classtype:trojan-activity;sid:83674555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.9.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811454/; classtype:trojan-activity;sid:83674554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.206.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811453/; classtype:trojan-activity;sid:83674553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.210.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811452/; classtype:trojan-activity;sid:83674552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.246.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811451/; classtype:trojan-activity;sid:83674551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.46.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811450/; classtype:trojan-activity;sid:83674550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.153.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811446/; classtype:trojan-activity;sid:83674546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.249.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811447/; classtype:trojan-activity;sid:83674547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811448/; classtype:trojan-activity;sid:83674548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.23.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811449/; classtype:trojan-activity;sid:83674549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811445/; classtype:trojan-activity;sid:83674545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.94.16.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811444/; classtype:trojan-activity;sid:83674544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.243.97.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811443/; classtype:trojan-activity;sid:83674543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.30.74.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811442/; classtype:trojan-activity;sid:83674542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.103.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811441/; classtype:trojan-activity;sid:83674541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.138.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811440/; classtype:trojan-activity;sid:83674540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.117.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811439/; classtype:trojan-activity;sid:83674539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.208.180.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811438/; classtype:trojan-activity;sid:83674538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.19.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811437/; classtype:trojan-activity;sid:83674537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811436/; classtype:trojan-activity;sid:83674536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.249.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811435/; classtype:trojan-activity;sid:83674535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811434/; classtype:trojan-activity;sid:83674534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.194.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811433/; classtype:trojan-activity;sid:83674533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.249.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811432/; classtype:trojan-activity;sid:83674532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.113.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811431/; classtype:trojan-activity;sid:83674531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.9.121.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811430/; classtype:trojan-activity;sid:83674530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.42.187.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811428/; classtype:trojan-activity;sid:83674528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.191.102.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811429/; classtype:trojan-activity;sid:83674529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.23.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811427/; classtype:trojan-activity;sid:83674527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.151.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811425/; classtype:trojan-activity;sid:83674525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.36.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811426/; classtype:trojan-activity;sid:83674526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.113.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811424/; classtype:trojan-activity;sid:83674524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.74.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811423/; classtype:trojan-activity;sid:83674523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.24.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811422/; classtype:trojan-activity;sid:83674522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.82.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811421/; classtype:trojan-activity;sid:83674521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.117.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811420/; classtype:trojan-activity;sid:83674520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811415/; classtype:trojan-activity;sid:83674515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magic"; depth:6; endswith; nocase; http.host; content:"94.156.67.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811416/; classtype:trojan-activity;sid:83674516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"94.156.67.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811417/; classtype:trojan-activity;sid:83674517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/key"; depth:4; endswith; nocase; http.host; content:"94.156.67.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811418/; classtype:trojan-activity;sid:83674518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"157.230.102.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811419/; classtype:trojan-activity;sid:83674519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.5.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811414/; classtype:trojan-activity;sid:83674514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.42.187.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811413/; classtype:trojan-activity;sid:83674513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.24.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811412/; classtype:trojan-activity;sid:83674512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.161.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811410/; classtype:trojan-activity;sid:83674510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811411/; classtype:trojan-activity;sid:83674511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.58.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811409/; classtype:trojan-activity;sid:83674509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.126.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811408/; classtype:trojan-activity;sid:83674508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.239.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811406/; classtype:trojan-activity;sid:83674506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.151.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811407/; classtype:trojan-activity;sid:83674507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.185.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811405/; classtype:trojan-activity;sid:83674505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.162.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811404/; classtype:trojan-activity;sid:83674504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.43.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811403/; classtype:trojan-activity;sid:83674503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811401/; classtype:trojan-activity;sid:83674501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.236.186.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811402/; classtype:trojan-activity;sid:83674502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.102.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811400/; classtype:trojan-activity;sid:83674500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"iuay.loans.fishingreelinvestments.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811399/; classtype:trojan-activity;sid:83674499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.5.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811398/; classtype:trojan-activity;sid:83674498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811397/; classtype:trojan-activity;sid:83674497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.54.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811395/; classtype:trojan-activity;sid:83674495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.61.51.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811396/; classtype:trojan-activity;sid:83674496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.46.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811394/; classtype:trojan-activity;sid:83674494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.8.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811393/; classtype:trojan-activity;sid:83674493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.15.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811392/; classtype:trojan-activity;sid:83674492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.150.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811391/; classtype:trojan-activity;sid:83674491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.115.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811390/; classtype:trojan-activity;sid:83674490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.101.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811389/; classtype:trojan-activity;sid:83674489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.73.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811388/; classtype:trojan-activity;sid:83674488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.239.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811387/; classtype:trojan-activity;sid:83674487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.44.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811386/; classtype:trojan-activity;sid:83674486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.32.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811385/; classtype:trojan-activity;sid:83674485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.232.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811384/; classtype:trojan-activity;sid:83674484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.194.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811383/; classtype:trojan-activity;sid:83674483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.249.230.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811382/; classtype:trojan-activity;sid:83674482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.194.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811381/; classtype:trojan-activity;sid:83674481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.61.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811380/; classtype:trojan-activity;sid:83674480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.44.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811379/; classtype:trojan-activity;sid:83674479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.94.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811378/; classtype:trojan-activity;sid:83674478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811376/; classtype:trojan-activity;sid:83674476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.152.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811377/; classtype:trojan-activity;sid:83674477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.187.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811375/; classtype:trojan-activity;sid:83674475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.251.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811371/; classtype:trojan-activity;sid:83674471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.65.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811372/; classtype:trojan-activity;sid:83674472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.70.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811373/; classtype:trojan-activity;sid:83674473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.210.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811374/; classtype:trojan-activity;sid:83674474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.222.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811370/; classtype:trojan-activity;sid:83674470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.145.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811369/; classtype:trojan-activity;sid:83674469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.143.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811368/; classtype:trojan-activity;sid:83674468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.61.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811367/; classtype:trojan-activity;sid:83674467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.94.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811366/; classtype:trojan-activity;sid:83674466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.219.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811365/; classtype:trojan-activity;sid:83674465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.44.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811364/; classtype:trojan-activity;sid:83674464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.185.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811363/; classtype:trojan-activity;sid:83674463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.68.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811362/; classtype:trojan-activity;sid:83674462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.57.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811361/; classtype:trojan-activity;sid:83674461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.145.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811360/; classtype:trojan-activity;sid:83674460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.163.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811359/; classtype:trojan-activity;sid:83674459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.184.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811358/; classtype:trojan-activity;sid:83674458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.81.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811357/; classtype:trojan-activity;sid:83674457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.135.64.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811356/; classtype:trojan-activity;sid:83674456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.207.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811355/; classtype:trojan-activity;sid:83674455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.143.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811354/; classtype:trojan-activity;sid:83674454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.57.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811353/; classtype:trojan-activity;sid:83674453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.185.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811352/; classtype:trojan-activity;sid:83674452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.5.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811350/; classtype:trojan-activity;sid:83674450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.44.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811351/; classtype:trojan-activity;sid:83674451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811349/; classtype:trojan-activity;sid:83674449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.216.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811348/; classtype:trojan-activity;sid:83674448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.99.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811347/; classtype:trojan-activity;sid:83674447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.38.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811346/; classtype:trojan-activity;sid:83674446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.184.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811345/; classtype:trojan-activity;sid:83674445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811344/; classtype:trojan-activity;sid:83674444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.163.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811343/; classtype:trojan-activity;sid:83674443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.68.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811342/; classtype:trojan-activity;sid:83674442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.43.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811341/; classtype:trojan-activity;sid:83674441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811340/; classtype:trojan-activity;sid:83674440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.5.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811339/; classtype:trojan-activity;sid:83674439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811338/; classtype:trojan-activity;sid:83674438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.76.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811337/; classtype:trojan-activity;sid:83674437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.2.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811336/; classtype:trojan-activity;sid:83674436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.76.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811335/; classtype:trojan-activity;sid:83674435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.115.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811334/; classtype:trojan-activity;sid:83674434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.227.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811333/; classtype:trojan-activity;sid:83674433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.109.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811332/; classtype:trojan-activity;sid:83674432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.26.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811331/; classtype:trojan-activity;sid:83674431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.118.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811330/; classtype:trojan-activity;sid:83674430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.185.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811329/; classtype:trojan-activity;sid:83674429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.180.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811328/; classtype:trojan-activity;sid:83674428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.214.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811327/; classtype:trojan-activity;sid:83674427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.142.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811326/; classtype:trojan-activity;sid:83674426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.174.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811324/; classtype:trojan-activity;sid:83674424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.113.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811325/; classtype:trojan-activity;sid:83674425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.9.189.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811323/; classtype:trojan-activity;sid:83674423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.61.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811322/; classtype:trojan-activity;sid:83674422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.115.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811321/; classtype:trojan-activity;sid:83674421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.119.132.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811319/; classtype:trojan-activity;sid:83674419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.133.184.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811320/; classtype:trojan-activity;sid:83674420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.21.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811318/; classtype:trojan-activity;sid:83674418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.103.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811317/; classtype:trojan-activity;sid:83674417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.19.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811316/; classtype:trojan-activity;sid:83674416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.206.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811314/; classtype:trojan-activity;sid:83674414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.204.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811315/; classtype:trojan-activity;sid:83674415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.166.242.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811313/; classtype:trojan-activity;sid:83674413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.118.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811312/; classtype:trojan-activity;sid:83674412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.147.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811310/; classtype:trojan-activity;sid:83674410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.211.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811311/; classtype:trojan-activity;sid:83674411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.169.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811307/; classtype:trojan-activity;sid:83674407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.176.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811308/; classtype:trojan-activity;sid:83674408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.180.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811309/; classtype:trojan-activity;sid:83674409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.254.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811305/; classtype:trojan-activity;sid:83674405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.174.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811306/; classtype:trojan-activity;sid:83674406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.21.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811304/; classtype:trojan-activity;sid:83674404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811303/; classtype:trojan-activity;sid:83674403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.84.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811302/; classtype:trojan-activity;sid:83674402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.133.184.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811301/; classtype:trojan-activity;sid:83674401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.37.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811300/; classtype:trojan-activity;sid:83674400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.181.65.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811299/; classtype:trojan-activity;sid:83674399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.117.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811297/; classtype:trojan-activity;sid:83674397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.178.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811298/; classtype:trojan-activity;sid:83674398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/u8rfmtwb"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811295/; classtype:trojan-activity;sid:83674395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.121.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811296/; classtype:trojan-activity;sid:83674396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811294/; classtype:trojan-activity;sid:83674394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.119.132.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811293/; classtype:trojan-activity;sid:83674393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.249.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811292/; classtype:trojan-activity;sid:83674392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.29.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811291/; classtype:trojan-activity;sid:83674391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.81.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811289/; classtype:trojan-activity;sid:83674389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.217.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811290/; classtype:trojan-activity;sid:83674390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.114.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811288/; classtype:trojan-activity;sid:83674388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.23.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811287/; classtype:trojan-activity;sid:83674387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.138.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811286/; classtype:trojan-activity;sid:83674386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.19.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811285/; classtype:trojan-activity;sid:83674385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/superstart.exe"; depth:20; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811284/; classtype:trojan-activity;sid:83674384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.121.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811283/; classtype:trojan-activity;sid:83674383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.41.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811282/; classtype:trojan-activity;sid:83674382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.84.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811281/; classtype:trojan-activity;sid:83674381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.158.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811280/; classtype:trojan-activity;sid:83674380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.103.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811278/; classtype:trojan-activity;sid:83674378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.138.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811279/; classtype:trojan-activity;sid:83674379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.32.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811277/; classtype:trojan-activity;sid:83674377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.240.238.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811274/; classtype:trojan-activity;sid:83674374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811275/; classtype:trojan-activity;sid:83674375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.254.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811276/; classtype:trojan-activity;sid:83674376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/wk6rb9ih"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811270/; classtype:trojan-activity;sid:83674370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.170.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811271/; classtype:trojan-activity;sid:83674371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.205.253.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811272/; classtype:trojan-activity;sid:83674372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.5"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811273/; classtype:trojan-activity;sid:83674373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.21.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811269/; classtype:trojan-activity;sid:83674369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.210.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811268/; classtype:trojan-activity;sid:83674368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.163.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811267/; classtype:trojan-activity;sid:83674367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/nzbqp3dd"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811266/; classtype:trojan-activity;sid:83674366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.41.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811265/; classtype:trojan-activity;sid:83674365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811264/; classtype:trojan-activity;sid:83674364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.100.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811263/; classtype:trojan-activity;sid:83674363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.100.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811262/; classtype:trojan-activity;sid:83674362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.23.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811261/; classtype:trojan-activity;sid:83674361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.202.90.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811260/; classtype:trojan-activity;sid:83674360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.28.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811259/; classtype:trojan-activity;sid:83674359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.5"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811258/; classtype:trojan-activity;sid:83674358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"106.41.45.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811257/; classtype:trojan-activity;sid:83674357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.100.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811256/; classtype:trojan-activity;sid:83674356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsv9"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811255/; classtype:trojan-activity;sid:83674355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsfd"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811253/; classtype:trojan-activity;sid:83674353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsfl"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811254/; classtype:trojan-activity;sid:83674354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsd0"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811251/; classtype:trojan-activity;sid:83674351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/buw4"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811252/; classtype:trojan-activity;sid:83674352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bkr5"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811249/; classtype:trojan-activity;sid:83674349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bksg"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811250/; classtype:trojan-activity;sid:83674350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/blqj"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811246/; classtype:trojan-activity;sid:83674346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/blql"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811247/; classtype:trojan-activity;sid:83674347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bkr1"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811248/; classtype:trojan-activity;sid:83674348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsv4"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811244/; classtype:trojan-activity;sid:83674344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsrh"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811245/; classtype:trojan-activity;sid:83674345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xbod1ucjo8dc"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811242/; classtype:trojan-activity;sid:83674342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xffrcvqikxwb"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811243/; classtype:trojan-activity;sid:83674343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bswi"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811240/; classtype:trojan-activity;sid:83674340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsfj"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811241/; classtype:trojan-activity;sid:83674341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xfttuwcyyk0j"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811237/; classtype:trojan-activity;sid:83674337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xh5lfzgfa0qq"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811238/; classtype:trojan-activity;sid:83674338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xggp3bzhzdqc"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811239/; classtype:trojan-activity;sid:83674339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bskh"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811236/; classtype:trojan-activity;sid:83674336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsfm"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811234/; classtype:trojan-activity;sid:83674334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/btxr"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811235/; classtype:trojan-activity;sid:83674335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.39.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811233/; classtype:trojan-activity;sid:83674333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsvc"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811230/; classtype:trojan-activity;sid:83674330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/blnm"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811231/; classtype:trojan-activity;sid:83674331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsew"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811232/; classtype:trojan-activity;sid:83674332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/btpl"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811228/; classtype:trojan-activity;sid:83674328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsfh"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811229/; classtype:trojan-activity;sid:83674329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsfg"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811227/; classtype:trojan-activity;sid:83674327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bshk"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811224/; classtype:trojan-activity;sid:83674324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bslz"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811225/; classtype:trojan-activity;sid:83674325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bsv7"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811226/; classtype:trojan-activity;sid:83674326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.188.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811223/; classtype:trojan-activity;sid:83674323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811222/; classtype:trojan-activity;sid:83674322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/7oanineicw"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811221/; classtype:trojan-activity;sid:83674321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bu42"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811219/; classtype:trojan-activity;sid:83674319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bu71"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811220/; classtype:trojan-activity;sid:83674320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811218/; classtype:trojan-activity;sid:83674318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.206.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811217/; classtype:trojan-activity;sid:83674317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.8.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811216/; classtype:trojan-activity;sid:83674316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.107.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811215/; classtype:trojan-activity;sid:83674315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.15.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811214/; classtype:trojan-activity;sid:83674314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.29.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811213/; classtype:trojan-activity;sid:83674313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.78.205.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811212/; classtype:trojan-activity;sid:83674312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.arm6"; depth:11; endswith; nocase; http.host; content:"45.138.74.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811211/; classtype:trojan-activity;sid:83674311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.arm4"; depth:11; endswith; nocase; http.host; content:"45.138.74.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811210/; classtype:trojan-activity;sid:83674310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.x86"; depth:10; endswith; nocase; http.host; content:"45.138.74.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811209/; classtype:trojan-activity;sid:83674309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.mips"; depth:11; endswith; nocase; http.host; content:"45.138.74.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811207/; classtype:trojan-activity;sid:83674307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.ppc"; depth:10; endswith; nocase; http.host; content:"45.138.74.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811208/; classtype:trojan-activity;sid:83674308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.mpsl"; depth:11; endswith; nocase; http.host; content:"45.138.74.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811204/; classtype:trojan-activity;sid:83674304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.arm5"; depth:11; endswith; nocase; http.host; content:"45.138.74.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811205/; classtype:trojan-activity;sid:83674305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.sparc"; depth:12; endswith; nocase; http.host; content:"45.138.74.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811206/; classtype:trojan-activity;sid:83674306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co"; depth:3; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811198/; classtype:trojan-activity;sid:83674298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811199/; classtype:trojan-activity;sid:83674299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811200/; classtype:trojan-activity;sid:83674300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811201/; classtype:trojan-activity;sid:83674301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811202/; classtype:trojan-activity;sid:83674302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811203/; classtype:trojan-activity;sid:83674303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811193/; classtype:trojan-activity;sid:83674293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811194/; classtype:trojan-activity;sid:83674294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811195/; classtype:trojan-activity;sid:83674295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811196/; classtype:trojan-activity;sid:83674296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811197/; classtype:trojan-activity;sid:83674297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811192/; classtype:trojan-activity;sid:83674292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811187/; classtype:trojan-activity;sid:83674287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811188/; classtype:trojan-activity;sid:83674288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811189/; classtype:trojan-activity;sid:83674289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811190/; classtype:trojan-activity;sid:83674290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811191/; classtype:trojan-activity;sid:83674291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811181/; classtype:trojan-activity;sid:83674281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811182/; classtype:trojan-activity;sid:83674282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811183/; classtype:trojan-activity;sid:83674283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811184/; classtype:trojan-activity;sid:83674284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811185/; classtype:trojan-activity;sid:83674285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811186/; classtype:trojan-activity;sid:83674286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811175/; classtype:trojan-activity;sid:83674275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811176/; classtype:trojan-activity;sid:83674276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811177/; classtype:trojan-activity;sid:83674277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811178/; classtype:trojan-activity;sid:83674278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811179/; classtype:trojan-activity;sid:83674279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811180/; classtype:trojan-activity;sid:83674280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811163/; classtype:trojan-activity;sid:83674263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811164/; classtype:trojan-activity;sid:83674264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.m68k"; depth:14; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811165/; classtype:trojan-activity;sid:83674265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811166/; classtype:trojan-activity;sid:83674266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"91.92.251.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811167/; classtype:trojan-activity;sid:83674267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811168/; classtype:trojan-activity;sid:83674268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811169/; classtype:trojan-activity;sid:83674269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811170/; classtype:trojan-activity;sid:83674270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811171/; classtype:trojan-activity;sid:83674271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dss"; depth:4; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811172/; classtype:trojan-activity;sid:83674272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/watchdog"; depth:9; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811173/; classtype:trojan-activity;sid:83674273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811174/; classtype:trojan-activity;sid:83674274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811156/; classtype:trojan-activity;sid:83674256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811157/; classtype:trojan-activity;sid:83674257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811158/; classtype:trojan-activity;sid:83674258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811159/; classtype:trojan-activity;sid:83674259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811160/; classtype:trojan-activity;sid:83674260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"176.123.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811161/; classtype:trojan-activity;sid:83674261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811162/; classtype:trojan-activity;sid:83674262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811154/; classtype:trojan-activity;sid:83674254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc"; depth:3; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811155/; classtype:trojan-activity;sid:83674255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"93.123.85.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811152/; classtype:trojan-activity;sid:83674252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"185.196.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811153/; classtype:trojan-activity;sid:83674253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811150/; classtype:trojan-activity;sid:83674250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811151/; classtype:trojan-activity;sid:83674251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811148/; classtype:trojan-activity;sid:83674248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"198.46.177.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811149/; classtype:trojan-activity;sid:83674249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811146/; classtype:trojan-activity;sid:83674246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811147/; classtype:trojan-activity;sid:83674247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811141/; classtype:trojan-activity;sid:83674241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811142/; classtype:trojan-activity;sid:83674242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811143/; classtype:trojan-activity;sid:83674243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811144/; classtype:trojan-activity;sid:83674244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811145/; classtype:trojan-activity;sid:83674245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811138/; classtype:trojan-activity;sid:83674238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811139/; classtype:trojan-activity;sid:83674239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.ppc"; depth:13; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811140/; classtype:trojan-activity;sid:83674240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm5"; depth:14; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811118/; classtype:trojan-activity;sid:83674218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm7"; depth:14; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811119/; classtype:trojan-activity;sid:83674219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm6"; depth:14; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811120/; classtype:trojan-activity;sid:83674220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.sh4"; depth:13; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811121/; classtype:trojan-activity;sid:83674221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.x86"; depth:13; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811122/; classtype:trojan-activity;sid:83674222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mpsl"; depth:14; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811123/; classtype:trojan-activity;sid:83674223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811124/; classtype:trojan-activity;sid:83674224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811125/; classtype:trojan-activity;sid:83674225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811126/; classtype:trojan-activity;sid:83674226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811127/; classtype:trojan-activity;sid:83674227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811128/; classtype:trojan-activity;sid:83674228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mips"; depth:14; endswith; nocase; http.host; content:"94.156.8.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811129/; classtype:trojan-activity;sid:83674229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811130/; classtype:trojan-activity;sid:83674230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811131/; classtype:trojan-activity;sid:83674231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811132/; classtype:trojan-activity;sid:83674232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811133/; classtype:trojan-activity;sid:83674233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811134/; classtype:trojan-activity;sid:83674234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811135/; classtype:trojan-activity;sid:83674235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811136/; classtype:trojan-activity;sid:83674236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"205.209.114.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811137/; classtype:trojan-activity;sid:83674237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.195.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811117/; classtype:trojan-activity;sid:83674217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.89.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811115/; classtype:trojan-activity;sid:83674215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.213.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811116/; classtype:trojan-activity;sid:83674216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.13.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811114/; classtype:trojan-activity;sid:83674214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.141.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811113/; classtype:trojan-activity;sid:83674213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.75.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811112/; classtype:trojan-activity;sid:83674212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.239.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811110/; classtype:trojan-activity;sid:83674210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.82.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811111/; classtype:trojan-activity;sid:83674211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.76.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811109/; classtype:trojan-activity;sid:83674209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.78.205.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811108/; classtype:trojan-activity;sid:83674208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.119.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811107/; classtype:trojan-activity;sid:83674207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.145.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811106/; classtype:trojan-activity;sid:83674206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.173.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811105/; classtype:trojan-activity;sid:83674205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811104/; classtype:trojan-activity;sid:83674204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.123.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811103/; classtype:trojan-activity;sid:83674203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.37.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811102/; classtype:trojan-activity;sid:83674202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.141.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811101/; classtype:trojan-activity;sid:83674201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.89.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811099/; classtype:trojan-activity;sid:83674199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.239.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811100/; classtype:trojan-activity;sid:83674200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.213.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811098/; classtype:trojan-activity;sid:83674198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.38.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811096/; classtype:trojan-activity;sid:83674196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.57.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811097/; classtype:trojan-activity;sid:83674197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.132.192.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811095/; classtype:trojan-activity;sid:83674195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.76.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811094/; classtype:trojan-activity;sid:83674194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.179.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811093/; classtype:trojan-activity;sid:83674193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.112.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811092/; classtype:trojan-activity;sid:83674192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811091/; classtype:trojan-activity;sid:83674191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.71.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811090/; classtype:trojan-activity;sid:83674190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.123.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811089/; classtype:trojan-activity;sid:83674189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.64.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811088/; classtype:trojan-activity;sid:83674188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.97.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811087/; classtype:trojan-activity;sid:83674187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.172.18.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811086/; classtype:trojan-activity;sid:83674186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.35.240.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811085/; classtype:trojan-activity;sid:83674185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.119.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811084/; classtype:trojan-activity;sid:83674184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.81.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811083/; classtype:trojan-activity;sid:83674183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.37.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811082/; classtype:trojan-activity;sid:83674182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.117.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811081/; classtype:trojan-activity;sid:83674181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.237.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811080/; classtype:trojan-activity;sid:83674180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.112.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811079/; classtype:trojan-activity;sid:83674179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.149.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811078/; classtype:trojan-activity;sid:83674178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.243.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811077/; classtype:trojan-activity;sid:83674177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.145.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811076/; classtype:trojan-activity;sid:83674176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.113.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811075/; classtype:trojan-activity;sid:83674175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.25.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811073/; classtype:trojan-activity;sid:83674173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.172.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811074/; classtype:trojan-activity;sid:83674174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.224.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811072/; classtype:trojan-activity;sid:83674172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.17.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811070/; classtype:trojan-activity;sid:83674170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.84.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811071/; classtype:trojan-activity;sid:83674171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.239.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811069/; classtype:trojan-activity;sid:83674169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.61.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811068/; classtype:trojan-activity;sid:83674168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.81.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811067/; classtype:trojan-activity;sid:83674167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.113.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811066/; classtype:trojan-activity;sid:83674166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.63.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811065/; classtype:trojan-activity;sid:83674165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.201.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811064/; classtype:trojan-activity;sid:83674164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.145.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811062/; classtype:trojan-activity;sid:83674162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.108.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811063/; classtype:trojan-activity;sid:83674163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.25.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811061/; classtype:trojan-activity;sid:83674161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.239.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811060/; classtype:trojan-activity;sid:83674160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.172.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811059/; classtype:trojan-activity;sid:83674159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811058/; classtype:trojan-activity;sid:83674158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.246.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811057/; classtype:trojan-activity;sid:83674157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.143.10.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811056/; classtype:trojan-activity;sid:83674156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.220.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811055/; classtype:trojan-activity;sid:83674155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.91.180.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811052/; classtype:trojan-activity;sid:83674152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.49.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811053/; classtype:trojan-activity;sid:83674153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.132.130.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811054/; classtype:trojan-activity;sid:83674154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.109.87.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811051/; classtype:trojan-activity;sid:83674151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zamok/dendy.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811050/; classtype:trojan-activity;sid:83674150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668569449|3f|hash=zmoyle8cwusrird6ukvn2vkjin2aa06bqeiug4qzggl|7c|26|7c|dl=4tavtespkjgpzui5zwcgmtb9nn8vzmjbesx5yzbdjf4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811049/; classtype:trojan-activity;sid:83674149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.192.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811048/; classtype:trojan-activity;sid:83674148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668569429|3f|hash=wl5qtdttfzrwzu4iiksendlg6fizn8h80jwuiwtp6fg|7c|26|7c|dl=3bu9cxexecipfwtouhqkibzxksai6seswl2x1bnjpuh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811047/; classtype:trojan-activity;sid:83674147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.216.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811046/; classtype:trojan-activity;sid:83674146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.243.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811044/; classtype:trojan-activity;sid:83674144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.241.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811045/; classtype:trojan-activity;sid:83674145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.162.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811043/; classtype:trojan-activity;sid:83674143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"122.189.193.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811042/; classtype:trojan-activity;sid:83674142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.39.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811041/; classtype:trojan-activity;sid:83674141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"lce.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811040/; classtype:trojan-activity;sid:83674140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811039/; classtype:trojan-activity;sid:83674139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.71.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811038/; classtype:trojan-activity;sid:83674138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.143.10.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811037/; classtype:trojan-activity;sid:83674137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.217.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811036/; classtype:trojan-activity;sid:83674136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.109.87.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811035/; classtype:trojan-activity;sid:83674135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811034/; classtype:trojan-activity;sid:83674134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.148.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811033/; classtype:trojan-activity;sid:83674133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.215.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811032/; classtype:trojan-activity;sid:83674132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.78.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811031/; classtype:trojan-activity;sid:83674131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/education/shield/businessletter.exe"; depth:36; endswith; nocase; http.host; content:"duckz.online"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811030/; classtype:trojan-activity;sid:83674130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.192.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811027/; classtype:trojan-activity;sid:83674127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documentos/notafiscal.pdf.lnk"; depth:30; endswith; nocase; http.host; content:"191.239.116.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811028/; classtype:trojan-activity;sid:83674128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documentos/files/a3.cmd"; depth:24; endswith; nocase; http.host; content:"191.239.116.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811026/; classtype:trojan-activity;sid:83674126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.216.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811025/; classtype:trojan-activity;sid:83674125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.40.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811024/; classtype:trojan-activity;sid:83674124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.191.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811023/; classtype:trojan-activity;sid:83674123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811022/; classtype:trojan-activity;sid:83674122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.28.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811021/; classtype:trojan-activity;sid:83674121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.217.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811020/; classtype:trojan-activity;sid:83674120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/spixa.exe"; depth:15; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811019/; classtype:trojan-activity;sid:83674119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.48.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811017/; classtype:trojan-activity;sid:83674117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.243.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811018/; classtype:trojan-activity;sid:83674118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.194.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811016/; classtype:trojan-activity;sid:83674116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811013/; classtype:trojan-activity;sid:83674113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811014/; classtype:trojan-activity;sid:83674114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.78.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811015/; classtype:trojan-activity;sid:83674115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.15.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811012/; classtype:trojan-activity;sid:83674112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.189.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811011/; classtype:trojan-activity;sid:83674111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.76.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811010/; classtype:trojan-activity;sid:83674110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.149.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811009/; classtype:trojan-activity;sid:83674109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.123.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811007/; classtype:trojan-activity;sid:83674107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.186.155.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811008/; classtype:trojan-activity;sid:83674108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.48.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811006/; classtype:trojan-activity;sid:83674106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.203.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811005/; classtype:trojan-activity;sid:83674105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.194.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811004/; classtype:trojan-activity;sid:83674104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.30.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811003/; classtype:trojan-activity;sid:83674103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.190.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811002/; classtype:trojan-activity;sid:83674102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.32.172.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811001/; classtype:trojan-activity;sid:83674101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.6.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811000/; classtype:trojan-activity;sid:83674100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.28.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810999/; classtype:trojan-activity;sid:83674099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.75.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810998/; classtype:trojan-activity;sid:83674098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logo.jpg"; depth:9; endswith; nocase; http.host; content:"a0944905.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810997/; classtype:trojan-activity;sid:83674097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.219.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810996/; classtype:trojan-activity;sid:83674096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810995/; classtype:trojan-activity;sid:83674095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.199.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810992/; classtype:trojan-activity;sid:83674092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.83.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810993/; classtype:trojan-activity;sid:83674093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.69.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810994/; classtype:trojan-activity;sid:83674094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.133.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810991/; classtype:trojan-activity;sid:83674091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.134.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810990/; classtype:trojan-activity;sid:83674090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.197.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810989/; classtype:trojan-activity;sid:83674089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.203.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810988/; classtype:trojan-activity;sid:83674088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.197.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810987/; classtype:trojan-activity;sid:83674087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.36.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810986/; classtype:trojan-activity;sid:83674086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.175.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810984/; classtype:trojan-activity;sid:83674084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.26.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810985/; classtype:trojan-activity;sid:83674085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810983/; classtype:trojan-activity;sid:83674083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.219.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810982/; classtype:trojan-activity;sid:83674082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.36.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810981/; classtype:trojan-activity;sid:83674081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.58.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810980/; classtype:trojan-activity;sid:83674080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.59.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810979/; classtype:trojan-activity;sid:83674079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.197.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810978/; classtype:trojan-activity;sid:83674078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.19.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810977/; classtype:trojan-activity;sid:83674077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.29.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810976/; classtype:trojan-activity;sid:83674076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810975/; classtype:trojan-activity;sid:83674075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810974/; classtype:trojan-activity;sid:83674074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.213.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810973/; classtype:trojan-activity;sid:83674073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.29.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810972/; classtype:trojan-activity;sid:83674072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.52.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810971/; classtype:trojan-activity;sid:83674071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.54.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810970/; classtype:trojan-activity;sid:83674070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.221.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810969/; classtype:trojan-activity;sid:83674069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.179.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810968/; classtype:trojan-activity;sid:83674068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.211.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810967/; classtype:trojan-activity;sid:83674067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810964/; classtype:trojan-activity;sid:83674064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810965/; classtype:trojan-activity;sid:83674065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810966/; classtype:trojan-activity;sid:83674066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv4"; depth:12; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810954/; classtype:trojan-activity;sid:83674054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810955/; classtype:trojan-activity;sid:83674055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810956/; classtype:trojan-activity;sid:83674056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810957/; classtype:trojan-activity;sid:83674057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810958/; classtype:trojan-activity;sid:83674058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810959/; classtype:trojan-activity;sid:83674059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810960/; classtype:trojan-activity;sid:83674060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810961/; classtype:trojan-activity;sid:83674061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810962/; classtype:trojan-activity;sid:83674062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810963/; classtype:trojan-activity;sid:83674063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftpd"; depth:6; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810950/; classtype:trojan-activity;sid:83674050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810951/; classtype:trojan-activity;sid:83674051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i586"; depth:11; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810952/; classtype:trojan-activity;sid:83674052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810953/; classtype:trojan-activity;sid:83674053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv6l"; depth:13; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810947/; classtype:trojan-activity;sid:83674047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.i686"; depth:11; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810948/; classtype:trojan-activity;sid:83674048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.x86"; depth:10; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810949/; classtype:trojan-activity;sid:83674049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810945/; classtype:trojan-activity;sid:83674045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mips"; depth:11; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810946/; classtype:trojan-activity;sid:83674046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810939/; classtype:trojan-activity;sid:83674039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sh4"; depth:10; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810940/; classtype:trojan-activity;sid:83674040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810941/; classtype:trojan-activity;sid:83674041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.sparc"; depth:12; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810942/; classtype:trojan-activity;sid:83674042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nano"; depth:5; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810943/; classtype:trojan-activity;sid:83674043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.mipsel"; depth:13; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810944/; classtype:trojan-activity;sid:83674044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"93.123.85.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810934/; classtype:trojan-activity;sid:83674034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.sh4"; depth:13; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810935/; classtype:trojan-activity;sid:83674035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810936/; classtype:trojan-activity;sid:83674036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810937/; classtype:trojan-activity;sid:83674037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"216.126.231.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810938/; classtype:trojan-activity;sid:83674038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.armv5"; depth:12; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810928/; classtype:trojan-activity;sid:83674028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.m68k"; depth:11; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810929/; classtype:trojan-activity;sid:83674029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sauce.ppc"; depth:10; endswith; nocase; http.host; content:"2.58.113.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810930/; classtype:trojan-activity;sid:83674030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.mips"; depth:14; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810931/; classtype:trojan-activity;sid:83674031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pc"; depth:3; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810932/; classtype:trojan-activity;sid:83674032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.arm7"; depth:14; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810933/; classtype:trojan-activity;sid:83674033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/var"; depth:4; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810924/; classtype:trojan-activity;sid:83674024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810925/; classtype:trojan-activity;sid:83674025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.arm6"; depth:14; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810926/; classtype:trojan-activity;sid:83674026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"45.128.232.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810927/; classtype:trojan-activity;sid:83674027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810921/; classtype:trojan-activity;sid:83674021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.ppc"; depth:13; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810922/; classtype:trojan-activity;sid:83674022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.arm5"; depth:14; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810923/; classtype:trojan-activity;sid:83674023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.mpsl"; depth:14; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810920/; classtype:trojan-activity;sid:83674020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.x86"; depth:13; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810917/; classtype:trojan-activity;sid:83674017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810918/; classtype:trojan-activity;sid:83674018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hotnet.m68k"; depth:14; endswith; nocase; http.host; content:"93.123.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810919/; classtype:trojan-activity;sid:83674019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logo2.jpg"; depth:10; endswith; nocase; http.host; content:"a0944905.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810915/; classtype:trojan-activity;sid:83674015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810916/; classtype:trojan-activity;sid:83674016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810914/; classtype:trojan-activity;sid:83674014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.72.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810913/; classtype:trojan-activity;sid:83674013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.13.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810912/; classtype:trojan-activity;sid:83674012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.146.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810911/; classtype:trojan-activity;sid:83674011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.211.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810910/; classtype:trojan-activity;sid:83674010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.239.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810909/; classtype:trojan-activity;sid:83674009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810908/; classtype:trojan-activity;sid:83674008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.172.50.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810907/; classtype:trojan-activity;sid:83674007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.223.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810906/; classtype:trojan-activity;sid:83674006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.102.33.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810905/; classtype:trojan-activity;sid:83674005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.91.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810904/; classtype:trojan-activity;sid:83674004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.197.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810902/; classtype:trojan-activity;sid:83674002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810903/; classtype:trojan-activity;sid:83674003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.133.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810901/; classtype:trojan-activity;sid:83674001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.175.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810900/; classtype:trojan-activity;sid:83674000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.125.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810899/; classtype:trojan-activity;sid:83673999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.146.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810898/; classtype:trojan-activity;sid:83673998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.190.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810897/; classtype:trojan-activity;sid:83673997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.228.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810896/; classtype:trojan-activity;sid:83673996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.197.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810895/; classtype:trojan-activity;sid:83673995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810894/; classtype:trojan-activity;sid:83673994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.31.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810892/; classtype:trojan-activity;sid:83673992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.239.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810893/; classtype:trojan-activity;sid:83673993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.86.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810891/; classtype:trojan-activity;sid:83673991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.76.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810890/; classtype:trojan-activity;sid:83673990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.239.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810889/; classtype:trojan-activity;sid:83673989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.138.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810888/; classtype:trojan-activity;sid:83673988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.209.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810887/; classtype:trojan-activity;sid:83673987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.125.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810886/; classtype:trojan-activity;sid:83673986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.73.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810884/; classtype:trojan-activity;sid:83673984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.35.93.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810885/; classtype:trojan-activity;sid:83673985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.43.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810883/; classtype:trojan-activity;sid:83673983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810882/; classtype:trojan-activity;sid:83673982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"94.156.10.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810881/; classtype:trojan-activity;sid:83673981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.175.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810880/; classtype:trojan-activity;sid:83673980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810879/; classtype:trojan-activity;sid:83673979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.228.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810878/; classtype:trojan-activity;sid:83673978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.33.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810877/; classtype:trojan-activity;sid:83673977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.31.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810875/; classtype:trojan-activity;sid:83673975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.75.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810876/; classtype:trojan-activity;sid:83673976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810874/; classtype:trojan-activity;sid:83673974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810873/; classtype:trojan-activity;sid:83673973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.230.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810872/; classtype:trojan-activity;sid:83673972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.99.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810871/; classtype:trojan-activity;sid:83673971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.13.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810870/; classtype:trojan-activity;sid:83673970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.99.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810869/; classtype:trojan-activity;sid:83673969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.sh4"; depth:13; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810867/; classtype:trojan-activity;sid:83673967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.spc"; depth:13; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810868/; classtype:trojan-activity;sid:83673968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.arm5"; depth:14; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810866/; classtype:trojan-activity;sid:83673966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.35.93.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810865/; classtype:trojan-activity;sid:83673965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.165.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810864/; classtype:trojan-activity;sid:83673964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.m68k"; depth:14; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810860/; classtype:trojan-activity;sid:83673960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.arm6"; depth:14; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810861/; classtype:trojan-activity;sid:83673961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.arm7"; depth:14; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810862/; classtype:trojan-activity;sid:83673962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.ppc"; depth:13; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810863/; classtype:trojan-activity;sid:83673963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.46.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810859/; classtype:trojan-activity;sid:83673959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.43.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810858/; classtype:trojan-activity;sid:83673958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.246.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810856/; classtype:trojan-activity;sid:83673956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810857/; classtype:trojan-activity;sid:83673957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.247.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810855/; classtype:trojan-activity;sid:83673955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.115.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810854/; classtype:trojan-activity;sid:83673954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.50.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810853/; classtype:trojan-activity;sid:83673953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.230.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810852/; classtype:trojan-activity;sid:83673952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.75.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810851/; classtype:trojan-activity;sid:83673951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"148.103.220.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810850/; classtype:trojan-activity;sid:83673950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.213.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810849/; classtype:trojan-activity;sid:83673949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.36.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810844/; classtype:trojan-activity;sid:83673944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.99.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810845/; classtype:trojan-activity;sid:83673945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.30.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810846/; classtype:trojan-activity;sid:83673946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.241.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810847/; classtype:trojan-activity;sid:83673947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.24.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810848/; classtype:trojan-activity;sid:83673948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.182.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810843/; classtype:trojan-activity;sid:83673943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.251.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810842/; classtype:trojan-activity;sid:83673942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.36.191.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810841/; classtype:trojan-activity;sid:83673941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.8.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810840/; classtype:trojan-activity;sid:83673940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.213.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810839/; classtype:trojan-activity;sid:83673939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.74.59.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810838/; classtype:trojan-activity;sid:83673938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.85.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810837/; classtype:trojan-activity;sid:83673937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.46.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810835/; classtype:trojan-activity;sid:83673935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.165.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810836/; classtype:trojan-activity;sid:83673936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.241.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810834/; classtype:trojan-activity;sid:83673934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.16.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810833/; classtype:trojan-activity;sid:83673933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.97.138.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810832/; classtype:trojan-activity;sid:83673932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.50.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810831/; classtype:trojan-activity;sid:83673931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.arm"; depth:13; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810830/; classtype:trojan-activity;sid:83673930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.x86"; depth:13; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810827/; classtype:trojan-activity;sid:83673927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.mpsl"; depth:14; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810828/; classtype:trojan-activity;sid:83673928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/new.mips"; depth:14; endswith; nocase; http.host; content:"37.44.238.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810829/; classtype:trojan-activity;sid:83673929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.43.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810826/; classtype:trojan-activity;sid:83673926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.88.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810825/; classtype:trojan-activity;sid:83673925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.36.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810824/; classtype:trojan-activity;sid:83673924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.75.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810823/; classtype:trojan-activity;sid:83673923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.150.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810822/; classtype:trojan-activity;sid:83673922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.82.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810821/; classtype:trojan-activity;sid:83673921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.61.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810819/; classtype:trojan-activity;sid:83673919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.5.82"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810820/; classtype:trojan-activity;sid:83673920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.114.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810817/; classtype:trojan-activity;sid:83673917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timesync.exe"; depth:13; endswith; nocase; http.host; content:"185.172.128.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810818/; classtype:trojan-activity;sid:83673918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.153.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810816/; classtype:trojan-activity;sid:83673916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.190.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810815/; classtype:trojan-activity;sid:83673915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.244.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810814/; classtype:trojan-activity;sid:83673914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.43.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810813/; classtype:trojan-activity;sid:83673913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.16.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810812/; classtype:trojan-activity;sid:83673912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.76.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810810/; classtype:trojan-activity;sid:83673910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.119.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810811/; classtype:trojan-activity;sid:83673911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.179.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810809/; classtype:trojan-activity;sid:83673909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.153.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810808/; classtype:trojan-activity;sid:83673908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.205.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810807/; classtype:trojan-activity;sid:83673907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.252.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810806/; classtype:trojan-activity;sid:83673906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810805/; classtype:trojan-activity;sid:83673905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.160.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810804/; classtype:trojan-activity;sid:83673904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810803/; classtype:trojan-activity;sid:83673903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.179.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810801/; classtype:trojan-activity;sid:83673901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.225.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810802/; classtype:trojan-activity;sid:83673902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810800/; classtype:trojan-activity;sid:83673900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.252.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810799/; classtype:trojan-activity;sid:83673899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.36.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810798/; classtype:trojan-activity;sid:83673898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.164.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810797/; classtype:trojan-activity;sid:83673897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.89.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810796/; classtype:trojan-activity;sid:83673896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.89.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810795/; classtype:trojan-activity;sid:83673895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.68.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810793/; classtype:trojan-activity;sid:83673893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.225.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810794/; classtype:trojan-activity;sid:83673894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.226.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810792/; classtype:trojan-activity;sid:83673892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810791/; classtype:trojan-activity;sid:83673891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.159.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810790/; classtype:trojan-activity;sid:83673890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.108.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810789/; classtype:trojan-activity;sid:83673889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.164.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810788/; classtype:trojan-activity;sid:83673888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810787/; classtype:trojan-activity;sid:83673887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.36.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810786/; classtype:trojan-activity;sid:83673886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810785/; classtype:trojan-activity;sid:83673885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810784/; classtype:trojan-activity;sid:83673884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.66.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810783/; classtype:trojan-activity;sid:83673883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.105.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810782/; classtype:trojan-activity;sid:83673882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810781/; classtype:trojan-activity;sid:83673881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.226.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810780/; classtype:trojan-activity;sid:83673880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.209.8.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810779/; classtype:trojan-activity;sid:83673879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810778/; classtype:trojan-activity;sid:83673878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.212.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810777/; classtype:trojan-activity;sid:83673877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"95.216.57.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810776/; classtype:trojan-activity;sid:83673876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.135.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810775/; classtype:trojan-activity;sid:83673875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbg"; depth:4; endswith; nocase; http.host; content:"116.202.129.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810774/; classtype:trojan-activity;sid:83673874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"93.123.39.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810772/; classtype:trojan-activity;sid:83673872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"188.165.219.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810773/; classtype:trojan-activity;sid:83673873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"93.123.39.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810767/; classtype:trojan-activity;sid:83673867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftudftui"; depth:9; endswith; nocase; http.host; content:"164.92.166.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810768/; classtype:trojan-activity;sid:83673868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"93.123.39.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810769/; classtype:trojan-activity;sid:83673869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"93.123.39.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810770/; classtype:trojan-activity;sid:83673870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uyyuyioy"; depth:9; endswith; nocase; http.host; content:"164.92.166.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810771/; classtype:trojan-activity;sid:83673871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-mipsel"; depth:15; endswith; nocase; http.host; content:"5.39.88.92"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810764/; classtype:trojan-activity;sid:83673864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghfjfgvj"; depth:9; endswith; nocase; http.host; content:"164.92.166.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810765/; classtype:trojan-activity;sid:83673865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-mipsel"; depth:15; endswith; nocase; http.host; content:"144.76.6.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810766/; classtype:trojan-activity;sid:83673866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jipjipjj"; depth:9; endswith; nocase; http.host; content:"164.92.166.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810763/; classtype:trojan-activity;sid:83673863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"188.165.219.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810760/; classtype:trojan-activity;sid:83673860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhuoh"; depth:6; endswith; nocase; http.host; content:"164.92.166.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810761/; classtype:trojan-activity;sid:83673861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jipjuipjh"; depth:10; endswith; nocase; http.host; content:"164.92.166.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810762/; classtype:trojan-activity;sid:83673862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.30.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810759/; classtype:trojan-activity;sid:83673859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.120.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810758/; classtype:trojan-activity;sid:83673858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.9.22.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810757/; classtype:trojan-activity;sid:83673857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.211.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810756/; classtype:trojan-activity;sid:83673856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.66.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810755/; classtype:trojan-activity;sid:83673855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.91.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810754/; classtype:trojan-activity;sid:83673854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.67.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810753/; classtype:trojan-activity;sid:83673853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.24.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810752/; classtype:trojan-activity;sid:83673852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.212.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810751/; classtype:trojan-activity;sid:83673851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.129.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810750/; classtype:trojan-activity;sid:83673850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.86.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810749/; classtype:trojan-activity;sid:83673849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810748/; classtype:trojan-activity;sid:83673848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.91.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810747/; classtype:trojan-activity;sid:83673847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.137.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810746/; classtype:trojan-activity;sid:83673846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810745/; classtype:trojan-activity;sid:83673845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810744/; classtype:trojan-activity;sid:83673844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.25.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810743/; classtype:trojan-activity;sid:83673843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.75.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810742/; classtype:trojan-activity;sid:83673842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.220.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810741/; classtype:trojan-activity;sid:83673841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.74.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810740/; classtype:trojan-activity;sid:83673840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.87.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810739/; classtype:trojan-activity;sid:83673839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.25.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810738/; classtype:trojan-activity;sid:83673838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.5.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810737/; classtype:trojan-activity;sid:83673837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810736/; classtype:trojan-activity;sid:83673836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.34.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810735/; classtype:trojan-activity;sid:83673835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.86.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810733/; classtype:trojan-activity;sid:83673833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810734/; classtype:trojan-activity;sid:83673834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/current.exe"; depth:12; endswith; nocase; http.host; content:"changetheworldwithflowers.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810731/; classtype:trojan-activity;sid:83673831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.152.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810732/; classtype:trojan-activity;sid:83673832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.90.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810730/; classtype:trojan-activity;sid:83673830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/hgh/hg/wecankissinglovershandwithentirethingstogetmebackinhandsheisverybeautiful__itrulyloveherboobstokiss.doc"; depth:117; endswith; nocase; http.host; content:"104.168.32.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810728/; classtype:trojan-activity;sid:83673828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ifeanyi.exe"; depth:12; endswith; nocase; http.host; content:"104.168.32.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810729/; classtype:trojan-activity;sid:83673829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.120.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810727/; classtype:trojan-activity;sid:83673827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810726/; classtype:trojan-activity;sid:83673826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810725/; classtype:trojan-activity;sid:83673825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.41.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810724/; classtype:trojan-activity;sid:83673824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.32.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810723/; classtype:trojan-activity;sid:83673823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.200.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810722/; classtype:trojan-activity;sid:83673822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.87.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810721/; classtype:trojan-activity;sid:83673821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.5.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810720/; classtype:trojan-activity;sid:83673820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.152.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810719/; classtype:trojan-activity;sid:83673819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.217.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810718/; classtype:trojan-activity;sid:83673818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.90.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810717/; classtype:trojan-activity;sid:83673817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.164.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810716/; classtype:trojan-activity;sid:83673816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.175.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810715/; classtype:trojan-activity;sid:83673815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.87.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810714/; classtype:trojan-activity;sid:83673814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol/elo.exe"; depth:12; endswith; nocase; http.host; content:"185.241.208.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810713/; classtype:trojan-activity;sid:83673813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.43.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810712/; classtype:trojan-activity;sid:83673812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.39.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810711/; classtype:trojan-activity;sid:83673811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.204.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810710/; classtype:trojan-activity;sid:83673810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.151.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810709/; classtype:trojan-activity;sid:83673809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.23.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810708/; classtype:trojan-activity;sid:83673808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.204.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810707/; classtype:trojan-activity;sid:83673807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.87.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810706/; classtype:trojan-activity;sid:83673806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.78.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810705/; classtype:trojan-activity;sid:83673805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.49.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810704/; classtype:trojan-activity;sid:83673804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.127.110.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810703/; classtype:trojan-activity;sid:83673803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.148.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810702/; classtype:trojan-activity;sid:83673802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.10.15.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810701/; classtype:trojan-activity;sid:83673801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.2.105"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810699/; classtype:trojan-activity;sid:83673799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.22.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810700/; classtype:trojan-activity;sid:83673800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.39.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810698/; classtype:trojan-activity;sid:83673798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.58.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810697/; classtype:trojan-activity;sid:83673797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.180.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810696/; classtype:trojan-activity;sid:83673796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.137.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810694/; classtype:trojan-activity;sid:83673794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.222.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810695/; classtype:trojan-activity;sid:83673795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.252.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810693/; classtype:trojan-activity;sid:83673793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810692/; classtype:trojan-activity;sid:83673792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227908000405000233/1228194380406329415/clickchartsetup.zip|3f|ex=662b2827|7c|26|7c|is=6618b327|7c|26|7c|hm=8ee81dd0a14ee3d7898e6d9895d43eb9c6e9a1cd3265820f12f06501e70fe3ab|7c|26|7c|"; depth:195; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810691/; classtype:trojan-activity;sid:83673791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.1"; depth:3; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810689/; classtype:trojan-activity;sid:83673789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.4"; depth:3; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810690/; classtype:trojan-activity;sid:83673790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.3"; depth:3; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810687/; classtype:trojan-activity;sid:83673787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.2"; depth:3; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810688/; classtype:trojan-activity;sid:83673788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"89.190.156.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810686/; classtype:trojan-activity;sid:83673786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.2.105"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810685/; classtype:trojan-activity;sid:83673785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.22.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810683/; classtype:trojan-activity;sid:83673783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.147.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810684/; classtype:trojan-activity;sid:83673784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.59.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810682/; classtype:trojan-activity;sid:83673782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.148.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810681/; classtype:trojan-activity;sid:83673781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.82.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810680/; classtype:trojan-activity;sid:83673780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.99.221.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810679/; classtype:trojan-activity;sid:83673779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.23.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810678/; classtype:trojan-activity;sid:83673778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.45.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810676/; classtype:trojan-activity;sid:83673776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.96.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810677/; classtype:trojan-activity;sid:83673777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.216.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810675/; classtype:trojan-activity;sid:83673775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.49.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810673/; classtype:trojan-activity;sid:83673773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.180.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810674/; classtype:trojan-activity;sid:83673774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.31.135.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810672/; classtype:trojan-activity;sid:83673772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.119.13.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810671/; classtype:trojan-activity;sid:83673771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.188.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810668/; classtype:trojan-activity;sid:83673768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.45.146.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810669/; classtype:trojan-activity;sid:83673769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.165.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810670/; classtype:trojan-activity;sid:83673770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.59.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810667/; classtype:trojan-activity;sid:83673767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.43.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810666/; classtype:trojan-activity;sid:83673766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.82.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810665/; classtype:trojan-activity;sid:83673765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.147.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810663/; classtype:trojan-activity;sid:83673763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.45.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810664/; classtype:trojan-activity;sid:83673764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.150.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810662/; classtype:trojan-activity;sid:83673762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.96.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810661/; classtype:trojan-activity;sid:83673761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810660/; classtype:trojan-activity;sid:83673760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.210.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810659/; classtype:trojan-activity;sid:83673759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.216.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810658/; classtype:trojan-activity;sid:83673758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.101.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810657/; classtype:trojan-activity;sid:83673757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.43.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810656/; classtype:trojan-activity;sid:83673756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.20.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810655/; classtype:trojan-activity;sid:83673755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.225.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810654/; classtype:trojan-activity;sid:83673754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.164.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810653/; classtype:trojan-activity;sid:83673753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.107.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810652/; classtype:trojan-activity;sid:83673752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.234.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810651/; classtype:trojan-activity;sid:83673751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.210.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810650/; classtype:trojan-activity;sid:83673750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.79.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810649/; classtype:trojan-activity;sid:83673749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.188.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810648/; classtype:trojan-activity;sid:83673748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.220.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810647/; classtype:trojan-activity;sid:83673747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810646/; classtype:trojan-activity;sid:83673746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.172.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810645/; classtype:trojan-activity;sid:83673745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.234.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810644/; classtype:trojan-activity;sid:83673744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.168.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810643/; classtype:trojan-activity;sid:83673743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.49.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810642/; classtype:trojan-activity;sid:83673742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.107.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810641/; classtype:trojan-activity;sid:83673741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.88.60.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810639/; classtype:trojan-activity;sid:83673739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.64.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810640/; classtype:trojan-activity;sid:83673740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.5.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810638/; classtype:trojan-activity;sid:83673738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.136.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810637/; classtype:trojan-activity;sid:83673737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.233.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810636/; classtype:trojan-activity;sid:83673736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.193.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810635/; classtype:trojan-activity;sid:83673735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.110.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810634/; classtype:trojan-activity;sid:83673734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.164.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810633/; classtype:trojan-activity;sid:83673733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.68.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810632/; classtype:trojan-activity;sid:83673732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.193.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810631/; classtype:trojan-activity;sid:83673731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.13.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810630/; classtype:trojan-activity;sid:83673730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.117.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810628/; classtype:trojan-activity;sid:83673728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.150.254.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810629/; classtype:trojan-activity;sid:83673729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.86.96.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810626/; classtype:trojan-activity;sid:83673726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810627/; classtype:trojan-activity;sid:83673727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.83.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810625/; classtype:trojan-activity;sid:83673725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.244.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810624/; classtype:trojan-activity;sid:83673724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.24.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810623/; classtype:trojan-activity;sid:83673723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.4.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810622/; classtype:trojan-activity;sid:83673722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.31.135.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810621/; classtype:trojan-activity;sid:83673721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.249.72.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810619/; classtype:trojan-activity;sid:83673719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.123.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810620/; classtype:trojan-activity;sid:83673720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.172.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810618/; classtype:trojan-activity;sid:83673718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.70.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810617/; classtype:trojan-activity;sid:83673717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.168.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810616/; classtype:trojan-activity;sid:83673716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.70.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810615/; classtype:trojan-activity;sid:83673715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.79.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810614/; classtype:trojan-activity;sid:83673714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.105.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810613/; classtype:trojan-activity;sid:83673713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810612/; classtype:trojan-activity;sid:83673712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.68.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810610/; classtype:trojan-activity;sid:83673710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.229.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810611/; classtype:trojan-activity;sid:83673711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.96.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810609/; classtype:trojan-activity;sid:83673709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810608/; classtype:trojan-activity;sid:83673708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.13.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810607/; classtype:trojan-activity;sid:83673707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.188.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810606/; classtype:trojan-activity;sid:83673706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.170.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810604/; classtype:trojan-activity;sid:83673704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.83.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810605/; classtype:trojan-activity;sid:83673705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.117.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810603/; classtype:trojan-activity;sid:83673703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810602/; classtype:trojan-activity;sid:83673702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.131.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810601/; classtype:trojan-activity;sid:83673701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.209.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810600/; classtype:trojan-activity;sid:83673700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.175.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810599/; classtype:trojan-activity;sid:83673699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.184.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810598/; classtype:trojan-activity;sid:83673698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.43.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810597/; classtype:trojan-activity;sid:83673697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.73.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810596/; classtype:trojan-activity;sid:83673696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.249.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810595/; classtype:trojan-activity;sid:83673695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.131.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810594/; classtype:trojan-activity;sid:83673694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.188.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810593/; classtype:trojan-activity;sid:83673693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.103.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810592/; classtype:trojan-activity;sid:83673692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.45.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810591/; classtype:trojan-activity;sid:83673691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.216.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810590/; classtype:trojan-activity;sid:83673690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.197.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810589/; classtype:trojan-activity;sid:83673689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.73.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810588/; classtype:trojan-activity;sid:83673688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.164.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810587/; classtype:trojan-activity;sid:83673687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.45.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810586/; classtype:trojan-activity;sid:83673686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol/capy.exe"; depth:13; endswith; nocase; http.host; content:"185.241.208.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810584/; classtype:trojan-activity;sid:83673684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol/rave.exe"; depth:13; endswith; nocase; http.host; content:"185.241.208.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810585/; classtype:trojan-activity;sid:83673685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.216.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810583/; classtype:trojan-activity;sid:83673683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.209.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810582/; classtype:trojan-activity;sid:83673682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.122.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810581/; classtype:trojan-activity;sid:83673681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.34.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810580/; classtype:trojan-activity;sid:83673680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.39.209.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810579/; classtype:trojan-activity;sid:83673679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.201.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810578/; classtype:trojan-activity;sid:83673678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.209.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810577/; classtype:trojan-activity;sid:83673677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.168.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810576/; classtype:trojan-activity;sid:83673676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol/remek.exe"; depth:14; endswith; nocase; http.host; content:"185.241.208.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810575/; classtype:trojan-activity;sid:83673675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.164.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810574/; classtype:trojan-activity;sid:83673674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810573/; classtype:trojan-activity;sid:83673673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.40.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810572/; classtype:trojan-activity;sid:83673672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.168.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810571/; classtype:trojan-activity;sid:83673671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.62.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810570/; classtype:trojan-activity;sid:83673670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810569/; classtype:trojan-activity;sid:83673669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.227.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810568/; classtype:trojan-activity;sid:83673668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.15.53.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810567/; classtype:trojan-activity;sid:83673667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.244.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810566/; classtype:trojan-activity;sid:83673666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.179.181.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810565/; classtype:trojan-activity;sid:83673665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.221.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810564/; classtype:trojan-activity;sid:83673664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.160.185.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810563/; classtype:trojan-activity;sid:83673663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server/ww16/appgate2103v01_16.exe"; depth:34; endswith; nocase; http.host; content:"193.233.132.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810562/; classtype:trojan-activity;sid:83673662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.227.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810561/; classtype:trojan-activity;sid:83673661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sarm7"; depth:9; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810560/; classtype:trojan-activity;sid:83673660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sarm"; depth:8; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810559/; classtype:trojan-activity;sid:83673659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sppc"; depth:8; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810555/; classtype:trojan-activity;sid:83673655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sx86"; depth:8; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810556/; classtype:trojan-activity;sid:83673656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.smpsl"; depth:9; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810557/; classtype:trojan-activity;sid:83673657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.ssh4"; depth:8; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810558/; classtype:trojan-activity;sid:83673658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.236.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810554/; classtype:trojan-activity;sid:83673654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.151.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810553/; classtype:trojan-activity;sid:83673653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.86.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810552/; classtype:trojan-activity;sid:83673652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.20.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810551/; classtype:trojan-activity;sid:83673651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.24.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810550/; classtype:trojan-activity;sid:83673650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.214.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810549/; classtype:trojan-activity;sid:83673649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.43.38.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810548/; classtype:trojan-activity;sid:83673648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.3.2"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810547/; classtype:trojan-activity;sid:83673647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810546/; classtype:trojan-activity;sid:83673646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.24.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810544/; classtype:trojan-activity;sid:83673644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.236.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810545/; classtype:trojan-activity;sid:83673645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.62.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810543/; classtype:trojan-activity;sid:83673643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.59.217"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810541/; classtype:trojan-activity;sid:83673641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810542/; classtype:trojan-activity;sid:83673642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.45.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810540/; classtype:trojan-activity;sid:83673640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.215.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810539/; classtype:trojan-activity;sid:83673639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.173.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810538/; classtype:trojan-activity;sid:83673638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.58.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810537/; classtype:trojan-activity;sid:83673637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"193.234.67.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810536/; classtype:trojan-activity;sid:83673636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810535/; classtype:trojan-activity;sid:83673635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.119.19.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810534/; classtype:trojan-activity;sid:83673634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.214.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810533/; classtype:trojan-activity;sid:83673633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.228.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810532/; classtype:trojan-activity;sid:83673632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810531/; classtype:trojan-activity;sid:83673631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.223.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810530/; classtype:trojan-activity;sid:83673630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.188.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810528/; classtype:trojan-activity;sid:83673628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.56.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810529/; classtype:trojan-activity;sid:83673629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.114.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810527/; classtype:trojan-activity;sid:83673627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.248.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810526/; classtype:trojan-activity;sid:83673626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.143.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810524/; classtype:trojan-activity;sid:83673624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.148.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810525/; classtype:trojan-activity;sid:83673625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.52.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810523/; classtype:trojan-activity;sid:83673623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810521/; classtype:trojan-activity;sid:83673621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.45.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810522/; classtype:trojan-activity;sid:83673622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.62.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810520/; classtype:trojan-activity;sid:83673620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.123.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810519/; classtype:trojan-activity;sid:83673619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.61.119.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810518/; classtype:trojan-activity;sid:83673618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810517/; classtype:trojan-activity;sid:83673617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.81.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810516/; classtype:trojan-activity;sid:83673616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.47.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810515/; classtype:trojan-activity;sid:83673615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810514/; classtype:trojan-activity;sid:83673614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.87.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810513/; classtype:trojan-activity;sid:83673613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.58.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810512/; classtype:trojan-activity;sid:83673612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.123.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810511/; classtype:trojan-activity;sid:83673611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.148.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810510/; classtype:trojan-activity;sid:83673610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.114.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810509/; classtype:trojan-activity;sid:83673609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.56.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810508/; classtype:trojan-activity;sid:83673608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.37.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810507/; classtype:trojan-activity;sid:83673607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.143.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810506/; classtype:trojan-activity;sid:83673606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.186.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810505/; classtype:trojan-activity;sid:83673605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810504/; classtype:trojan-activity;sid:83673604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.179.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810503/; classtype:trojan-activity;sid:83673603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.46.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810502/; classtype:trojan-activity;sid:83673602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.81.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810501/; classtype:trojan-activity;sid:83673601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.58.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810500/; classtype:trojan-activity;sid:83673600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.120.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810499/; classtype:trojan-activity;sid:83673599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810498/; classtype:trojan-activity;sid:83673598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.205.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810497/; classtype:trojan-activity;sid:83673597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.87.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810496/; classtype:trojan-activity;sid:83673596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.186.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810495/; classtype:trojan-activity;sid:83673595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.139.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810494/; classtype:trojan-activity;sid:83673594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.204.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810493/; classtype:trojan-activity;sid:83673593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.12.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810490/; classtype:trojan-activity;sid:83673590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.23.149.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810491/; classtype:trojan-activity;sid:83673591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.176.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810492/; classtype:trojan-activity;sid:83673592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.102.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810489/; classtype:trojan-activity;sid:83673589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.126.176.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810488/; classtype:trojan-activity;sid:83673588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.215.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810487/; classtype:trojan-activity;sid:83673587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.120.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810486/; classtype:trojan-activity;sid:83673586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.222.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810485/; classtype:trojan-activity;sid:83673585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810484/; classtype:trojan-activity;sid:83673584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.107.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810482/; classtype:trojan-activity;sid:83673582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.144.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810483/; classtype:trojan-activity;sid:83673583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.220.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810481/; classtype:trojan-activity;sid:83673581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.98.115"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810480/; classtype:trojan-activity;sid:83673580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810479/; classtype:trojan-activity;sid:83673579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.204.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810478/; classtype:trojan-activity;sid:83673578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.130.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810477/; classtype:trojan-activity;sid:83673577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.95.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810476/; classtype:trojan-activity;sid:83673576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.166.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810475/; classtype:trojan-activity;sid:83673575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.193.23.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810474/; classtype:trojan-activity;sid:83673574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.213.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810473/; classtype:trojan-activity;sid:83673573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.40.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810472/; classtype:trojan-activity;sid:83673572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.24.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810469/; classtype:trojan-activity;sid:83673569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.107.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810470/; classtype:trojan-activity;sid:83673570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.200"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810471/; classtype:trojan-activity;sid:83673571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.218.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810468/; classtype:trojan-activity;sid:83673568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.102.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810467/; classtype:trojan-activity;sid:83673567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.254.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810466/; classtype:trojan-activity;sid:83673566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.222.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810465/; classtype:trojan-activity;sid:83673565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.38.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810464/; classtype:trojan-activity;sid:83673564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.149.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810463/; classtype:trojan-activity;sid:83673563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.220.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810462/; classtype:trojan-activity;sid:83673562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"81.215.202.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810461/; classtype:trojan-activity;sid:83673561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.35.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810460/; classtype:trojan-activity;sid:83673560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.152.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810459/; classtype:trojan-activity;sid:83673559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.213.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810458/; classtype:trojan-activity;sid:83673558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.166.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810457/; classtype:trojan-activity;sid:83673557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.66.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810455/; classtype:trojan-activity;sid:83673555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.66.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810456/; classtype:trojan-activity;sid:83673556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.100.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810454/; classtype:trojan-activity;sid:83673554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.236.249.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810453/; classtype:trojan-activity;sid:83673553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.160.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810452/; classtype:trojan-activity;sid:83673552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.38.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810451/; classtype:trojan-activity;sid:83673551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810450/; classtype:trojan-activity;sid:83673550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.162.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810449/; classtype:trojan-activity;sid:83673549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810448/; classtype:trojan-activity;sid:83673548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.254.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810447/; classtype:trojan-activity;sid:83673547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.69.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810446/; classtype:trojan-activity;sid:83673546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.160.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810445/; classtype:trojan-activity;sid:83673545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.180.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810444/; classtype:trojan-activity;sid:83673544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.163.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810443/; classtype:trojan-activity;sid:83673543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.219.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810442/; classtype:trojan-activity;sid:83673542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810441/; classtype:trojan-activity;sid:83673541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.25.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810440/; classtype:trojan-activity;sid:83673540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.157.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810439/; classtype:trojan-activity;sid:83673539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.57.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810438/; classtype:trojan-activity;sid:83673538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810437/; classtype:trojan-activity;sid:83673537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.79.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810436/; classtype:trojan-activity;sid:83673536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.227.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810435/; classtype:trojan-activity;sid:83673535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.56.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810434/; classtype:trojan-activity;sid:83673534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttrr.exe"; depth:9; endswith; nocase; http.host; content:"88.218.61.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810433/; classtype:trojan-activity;sid:83673533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.45.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810432/; classtype:trojan-activity;sid:83673532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.69.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810431/; classtype:trojan-activity;sid:83673531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.25.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810430/; classtype:trojan-activity;sid:83673530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.57.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810429/; classtype:trojan-activity;sid:83673529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.57.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810428/; classtype:trojan-activity;sid:83673528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.7.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810427/; classtype:trojan-activity;sid:83673527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.187.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810426/; classtype:trojan-activity;sid:83673526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.221.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810425/; classtype:trojan-activity;sid:83673525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810424/; classtype:trojan-activity;sid:83673524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.185.47.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810423/; classtype:trojan-activity;sid:83673523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.75.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810422/; classtype:trojan-activity;sid:83673522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.7.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810420/; classtype:trojan-activity;sid:83673520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.64.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810421/; classtype:trojan-activity;sid:83673521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.109.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810419/; classtype:trojan-activity;sid:83673519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.159.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810418/; classtype:trojan-activity;sid:83673518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810417/; classtype:trojan-activity;sid:83673517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.234.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810416/; classtype:trojan-activity;sid:83673516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.187.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810415/; classtype:trojan-activity;sid:83673515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.211.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810414/; classtype:trojan-activity;sid:83673514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810413/; classtype:trojan-activity;sid:83673513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.221.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810412/; classtype:trojan-activity;sid:83673512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.84.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810411/; classtype:trojan-activity;sid:83673511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.211.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810410/; classtype:trojan-activity;sid:83673510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.48.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810409/; classtype:trojan-activity;sid:83673509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.105"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810408/; classtype:trojan-activity;sid:83673508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.52.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810407/; classtype:trojan-activity;sid:83673507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.48.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810406/; classtype:trojan-activity;sid:83673506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.86.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810405/; classtype:trojan-activity;sid:83673505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.153.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810404/; classtype:trojan-activity;sid:83673504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.97.169.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810403/; classtype:trojan-activity;sid:83673503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810402/; classtype:trojan-activity;sid:83673502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.84.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810401/; classtype:trojan-activity;sid:83673501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.48.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810400/; classtype:trojan-activity;sid:83673500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.72.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810399/; classtype:trojan-activity;sid:83673499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.185.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810397/; classtype:trojan-activity;sid:83673497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810398/; classtype:trojan-activity;sid:83673498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810396/; classtype:trojan-activity;sid:83673496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.95.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810395/; classtype:trojan-activity;sid:83673495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.142.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810394/; classtype:trojan-activity;sid:83673494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.210.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810393/; classtype:trojan-activity;sid:83673493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.102.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810392/; classtype:trojan-activity;sid:83673492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.123.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810391/; classtype:trojan-activity;sid:83673491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.161.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810390/; classtype:trojan-activity;sid:83673490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810389/; classtype:trojan-activity;sid:83673489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.72.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810388/; classtype:trojan-activity;sid:83673488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.99.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810387/; classtype:trojan-activity;sid:83673487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.25.183.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810386/; classtype:trojan-activity;sid:83673486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.251.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810385/; classtype:trojan-activity;sid:83673485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.244.88.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810383/; classtype:trojan-activity;sid:83673483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.161.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810384/; classtype:trojan-activity;sid:83673484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810382/; classtype:trojan-activity;sid:83673482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.102.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810381/; classtype:trojan-activity;sid:83673481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.120.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810380/; classtype:trojan-activity;sid:83673480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.53.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810379/; classtype:trojan-activity;sid:83673479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.95.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810378/; classtype:trojan-activity;sid:83673478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.123.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810377/; classtype:trojan-activity;sid:83673477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.244.88.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810376/; classtype:trojan-activity;sid:83673476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810375/; classtype:trojan-activity;sid:83673475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.103.245.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810374/; classtype:trojan-activity;sid:83673474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.247.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810373/; classtype:trojan-activity;sid:83673473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810372/; classtype:trojan-activity;sid:83673472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.178.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810371/; classtype:trojan-activity;sid:83673471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.150.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810370/; classtype:trojan-activity;sid:83673470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.247.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810369/; classtype:trojan-activity;sid:83673469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.252.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810368/; classtype:trojan-activity;sid:83673468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.50.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810367/; classtype:trojan-activity;sid:83673467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.189.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810365/; classtype:trojan-activity;sid:83673465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810366/; classtype:trojan-activity;sid:83673466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.120.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810364/; classtype:trojan-activity;sid:83673464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.33.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810363/; classtype:trojan-activity;sid:83673463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810361/; classtype:trojan-activity;sid:83673461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.154.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810362/; classtype:trojan-activity;sid:83673462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.165.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810360/; classtype:trojan-activity;sid:83673460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.49.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810359/; classtype:trojan-activity;sid:83673459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.94.31.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810358/; classtype:trojan-activity;sid:83673458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.178.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810357/; classtype:trojan-activity;sid:83673457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.164.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810356/; classtype:trojan-activity;sid:83673456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.103.245.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810355/; classtype:trojan-activity;sid:83673455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.53.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810354/; classtype:trojan-activity;sid:83673454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.51"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810353/; classtype:trojan-activity;sid:83673453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.57.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810352/; classtype:trojan-activity;sid:83673452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.48.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810351/; classtype:trojan-activity;sid:83673451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.32.210.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810350/; classtype:trojan-activity;sid:83673450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.86.71.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810349/; classtype:trojan-activity;sid:83673449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.16"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810348/; classtype:trojan-activity;sid:83673448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.108.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810347/; classtype:trojan-activity;sid:83673447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.181.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810345/; classtype:trojan-activity;sid:83673445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.46.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810346/; classtype:trojan-activity;sid:83673446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.49.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810344/; classtype:trojan-activity;sid:83673444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.33.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810343/; classtype:trojan-activity;sid:83673443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.63.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810341/; classtype:trojan-activity;sid:83673441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810342/; classtype:trojan-activity;sid:83673442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.188.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810340/; classtype:trojan-activity;sid:83673440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.95.228.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810339/; classtype:trojan-activity;sid:83673439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.22.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810338/; classtype:trojan-activity;sid:83673438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.94.31.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810337/; classtype:trojan-activity;sid:83673437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.181.67.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810336/; classtype:trojan-activity;sid:83673436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.143.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810335/; classtype:trojan-activity;sid:83673435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.119.233.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810334/; classtype:trojan-activity;sid:83673434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.84.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810333/; classtype:trojan-activity;sid:83673433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.141.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810332/; classtype:trojan-activity;sid:83673432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.86.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810331/; classtype:trojan-activity;sid:83673431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.108.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810330/; classtype:trojan-activity;sid:83673430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"pfxd.loans.fishingreelinvestments.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810329/; classtype:trojan-activity;sid:83673429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.mips"; depth:11; endswith; nocase; http.host; content:"89.23.102.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810328/; classtype:trojan-activity;sid:83673428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.81.93.24"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810327/; classtype:trojan-activity;sid:83673427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.139.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810326/; classtype:trojan-activity;sid:83673426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.6.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810325/; classtype:trojan-activity;sid:83673425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.86.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810324/; classtype:trojan-activity;sid:83673424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.153.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810323/; classtype:trojan-activity;sid:83673423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.208.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810322/; classtype:trojan-activity;sid:83673422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.185.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810321/; classtype:trojan-activity;sid:83673421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.195.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810320/; classtype:trojan-activity;sid:83673420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.161.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810319/; classtype:trojan-activity;sid:83673419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.6.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810318/; classtype:trojan-activity;sid:83673418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.3.126"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810317/; classtype:trojan-activity;sid:83673417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.23.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810316/; classtype:trojan-activity;sid:83673416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.203.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810315/; classtype:trojan-activity;sid:83673415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.195.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810313/; classtype:trojan-activity;sid:83673413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.233.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810314/; classtype:trojan-activity;sid:83673414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810312/; classtype:trojan-activity;sid:83673412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.185.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810311/; classtype:trojan-activity;sid:83673411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.208.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810310/; classtype:trojan-activity;sid:83673410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810309/; classtype:trojan-activity;sid:83673409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.228.157.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810308/; classtype:trojan-activity;sid:83673408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.153.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810307/; classtype:trojan-activity;sid:83673407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810306/; classtype:trojan-activity;sid:83673406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.191.102.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810305/; classtype:trojan-activity;sid:83673405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.61.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810304/; classtype:trojan-activity;sid:83673404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810303/; classtype:trojan-activity;sid:83673403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.99.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810302/; classtype:trojan-activity;sid:83673402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.66.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810301/; classtype:trojan-activity;sid:83673401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.145.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810300/; classtype:trojan-activity;sid:83673400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.77.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810299/; classtype:trojan-activity;sid:83673399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810297/; classtype:trojan-activity;sid:83673397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.75.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810298/; classtype:trojan-activity;sid:83673398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.69.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810296/; classtype:trojan-activity;sid:83673396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.99.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810295/; classtype:trojan-activity;sid:83673395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.77.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810294/; classtype:trojan-activity;sid:83673394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.46.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810292/; classtype:trojan-activity;sid:83673392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sun/restor.exe"; depth:15; endswith; nocase; http.host; content:"193.233.132.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810293/; classtype:trojan-activity;sid:83673393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.24.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810291/; classtype:trojan-activity;sid:83673391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.81.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810290/; classtype:trojan-activity;sid:83673390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.69.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810289/; classtype:trojan-activity;sid:83673389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.193.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810288/; classtype:trojan-activity;sid:83673388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.104.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810286/; classtype:trojan-activity;sid:83673386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.8.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810287/; classtype:trojan-activity;sid:83673387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.86.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810285/; classtype:trojan-activity;sid:83673385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.26"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810284/; classtype:trojan-activity;sid:83673384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.252.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810283/; classtype:trojan-activity;sid:83673383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.250.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810282/; classtype:trojan-activity;sid:83673382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.46.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810281/; classtype:trojan-activity;sid:83673381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.9.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810280/; classtype:trojan-activity;sid:83673380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.141.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810279/; classtype:trojan-activity;sid:83673379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.147.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810278/; classtype:trojan-activity;sid:83673378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810277/; classtype:trojan-activity;sid:83673377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.102.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810276/; classtype:trojan-activity;sid:83673376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.250.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810274/; classtype:trojan-activity;sid:83673374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.7.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810275/; classtype:trojan-activity;sid:83673375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668523428|3f|hash=1kzq84jf72ekrux3t3knqwzfnyhqwbs0pixbjyote5w|7c|26|7c|dl=v72xrmstringbvmraijhec1dm3quims8olmdnr2zbll|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810273/; classtype:trojan-activity;sid:83673373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.104.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810272/; classtype:trojan-activity;sid:83673372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.21.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810270/; classtype:trojan-activity;sid:83673370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810271/; classtype:trojan-activity;sid:83673371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.23.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810269/; classtype:trojan-activity;sid:83673369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.102.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810268/; classtype:trojan-activity;sid:83673368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.115.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810267/; classtype:trojan-activity;sid:83673367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.113.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810266/; classtype:trojan-activity;sid:83673366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.47.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810265/; classtype:trojan-activity;sid:83673365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.91.184"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810264/; classtype:trojan-activity;sid:83673364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.113.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810263/; classtype:trojan-activity;sid:83673363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.23.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810262/; classtype:trojan-activity;sid:83673362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"yksiz.loans.fishingreelinvestments.com"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810261/; classtype:trojan-activity;sid:83673361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.7.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810260/; classtype:trojan-activity;sid:83673360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.117.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810259/; classtype:trojan-activity;sid:83673359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.235.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810258/; classtype:trojan-activity;sid:83673358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.69.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810257/; classtype:trojan-activity;sid:83673357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.205.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810256/; classtype:trojan-activity;sid:83673356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.198.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810255/; classtype:trojan-activity;sid:83673355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.132.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810254/; classtype:trojan-activity;sid:83673354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.255.92.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810252/; classtype:trojan-activity;sid:83673352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.56.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810253/; classtype:trojan-activity;sid:83673353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.7.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810251/; classtype:trojan-activity;sid:83673351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.69.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810250/; classtype:trojan-activity;sid:83673350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.205.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810248/; classtype:trojan-activity;sid:83673348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.87.49.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810249/; classtype:trojan-activity;sid:83673349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.87.49.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810247/; classtype:trojan-activity;sid:83673347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.50.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810246/; classtype:trojan-activity;sid:83673346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.92.82.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810245/; classtype:trojan-activity;sid:83673345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.83.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810244/; classtype:trojan-activity;sid:83673344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810243/; classtype:trojan-activity;sid:83673343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.183.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810242/; classtype:trojan-activity;sid:83673342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.244.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810241/; classtype:trojan-activity;sid:83673341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.55.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810240/; classtype:trojan-activity;sid:83673340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.205.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810239/; classtype:trojan-activity;sid:83673339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.179.180.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810238/; classtype:trojan-activity;sid:83673338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.100.41.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810237/; classtype:trojan-activity;sid:83673337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ig.sx86_64"; depth:11; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810236/; classtype:trojan-activity;sid:83673336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.149.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810235/; classtype:trojan-activity;sid:83673335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.179.180.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810234/; classtype:trojan-activity;sid:83673334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810233/; classtype:trojan-activity;sid:83673333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.92.82.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810232/; classtype:trojan-activity;sid:83673332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.202.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810231/; classtype:trojan-activity;sid:83673331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810230/; classtype:trojan-activity;sid:83673330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.214.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810229/; classtype:trojan-activity;sid:83673329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.192.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810228/; classtype:trojan-activity;sid:83673328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.55.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810227/; classtype:trojan-activity;sid:83673327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.47.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810226/; classtype:trojan-activity;sid:83673326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.81.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810225/; classtype:trojan-activity;sid:83673325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810224/; classtype:trojan-activity;sid:83673324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.50.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810223/; classtype:trojan-activity;sid:83673323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.147.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810222/; classtype:trojan-activity;sid:83673322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810221/; classtype:trojan-activity;sid:83673321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.47.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810220/; classtype:trojan-activity;sid:83673320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810219/; classtype:trojan-activity;sid:83673319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.112.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810218/; classtype:trojan-activity;sid:83673318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.68.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810217/; classtype:trojan-activity;sid:83673317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.148.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810216/; classtype:trojan-activity;sid:83673316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.192.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810215/; classtype:trojan-activity;sid:83673315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.44.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810214/; classtype:trojan-activity;sid:83673314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.81.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810213/; classtype:trojan-activity;sid:83673313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.26.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810212/; classtype:trojan-activity;sid:83673312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.115.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810210/; classtype:trojan-activity;sid:83673310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.84.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810211/; classtype:trojan-activity;sid:83673311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.180.152.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810209/; classtype:trojan-activity;sid:83673309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.189.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810208/; classtype:trojan-activity;sid:83673308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810207/; classtype:trojan-activity;sid:83673307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.68.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810206/; classtype:trojan-activity;sid:83673306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.100.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810205/; classtype:trojan-activity;sid:83673305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.172.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810204/; classtype:trojan-activity;sid:83673304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.151.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810203/; classtype:trojan-activity;sid:83673303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.180.41.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810202/; classtype:trojan-activity;sid:83673302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.153.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810201/; classtype:trojan-activity;sid:83673301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.183.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810200/; classtype:trojan-activity;sid:83673300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.171.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810199/; classtype:trojan-activity;sid:83673299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810198/; classtype:trojan-activity;sid:83673298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.211.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810197/; classtype:trojan-activity;sid:83673297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.190.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810196/; classtype:trojan-activity;sid:83673296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810195/; classtype:trojan-activity;sid:83673295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.100.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810194/; classtype:trojan-activity;sid:83673294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.183.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810193/; classtype:trojan-activity;sid:83673293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.193.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810192/; classtype:trojan-activity;sid:83673292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xmsbkx2f0oqn"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810191/; classtype:trojan-activity;sid:83673291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.88.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810190/; classtype:trojan-activity;sid:83673290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.102.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810189/; classtype:trojan-activity;sid:83673289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.77.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810188/; classtype:trojan-activity;sid:83673288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.211.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810187/; classtype:trojan-activity;sid:83673287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.8.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810186/; classtype:trojan-activity;sid:83673286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.37.10.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810185/; classtype:trojan-activity;sid:83673285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.11.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810184/; classtype:trojan-activity;sid:83673284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810183/; classtype:trojan-activity;sid:83673283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.77.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810182/; classtype:trojan-activity;sid:83673282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.88.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810181/; classtype:trojan-activity;sid:83673281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.85.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810180/; classtype:trojan-activity;sid:83673280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.181.67.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810179/; classtype:trojan-activity;sid:83673279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.214.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810178/; classtype:trojan-activity;sid:83673278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.138.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810177/; classtype:trojan-activity;sid:83673277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.121.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810176/; classtype:trojan-activity;sid:83673276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.8.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810175/; classtype:trojan-activity;sid:83673275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.214.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810174/; classtype:trojan-activity;sid:83673274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.253.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810173/; classtype:trojan-activity;sid:83673273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.72"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810172/; classtype:trojan-activity;sid:83673272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.213.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810171/; classtype:trojan-activity;sid:83673271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.62.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810170/; classtype:trojan-activity;sid:83673270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.85.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810169/; classtype:trojan-activity;sid:83673269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.138.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810168/; classtype:trojan-activity;sid:83673268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.12.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810167/; classtype:trojan-activity;sid:83673267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shared/static/4o2ph2vfbtrqsximkjy0mioyr76y765n.7z"; depth:50; endswith; nocase; http.host; content:"elmauz.box.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810166/; classtype:trojan-activity;sid:83673266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.47.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810165/; classtype:trojan-activity;sid:83673265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xx5vj2w5iykb"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810163/; classtype:trojan-activity;sid:83673263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xmkwfcsoklvr"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810164/; classtype:trojan-activity;sid:83673264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.109.2.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810162/; classtype:trojan-activity;sid:83673262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.225.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810161/; classtype:trojan-activity;sid:83673261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668532587|3f|hash=puqhrxzsvsaebphjcmy77d6ehcxbjkgzzdq7ov3242o|7c|26|7c|dl=tw7ojrnszczykyfbmmbhq5agej4y94bucvzmjxzdklc|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810160/; classtype:trojan-activity;sid:83673260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.97.136.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810159/; classtype:trojan-activity;sid:83673259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668532536|3f|hash=uspzsdqojymzienyp1umrzlmimo6bzxodcvt6i3funz|7c|26|7c|dl=9glwbazbzdkycrhuoa6fjc7xlkswlykpfvzn8hufmg8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810158/; classtype:trojan-activity;sid:83673258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.186.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810157/; classtype:trojan-activity;sid:83673257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.85.94.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810156/; classtype:trojan-activity;sid:83673256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.48.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810155/; classtype:trojan-activity;sid:83673255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.48.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810154/; classtype:trojan-activity;sid:83673254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.186.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810153/; classtype:trojan-activity;sid:83673253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810152/; classtype:trojan-activity;sid:83673252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.163.78.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810151/; classtype:trojan-activity;sid:83673251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.120.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810148/; classtype:trojan-activity;sid:83673248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.238.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810149/; classtype:trojan-activity;sid:83673249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.117.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810150/; classtype:trojan-activity;sid:83673250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.139.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810147/; classtype:trojan-activity;sid:83673247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.78.5.89"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810146/; classtype:trojan-activity;sid:83673246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.188.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810145/; classtype:trojan-activity;sid:83673245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.71.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810144/; classtype:trojan-activity;sid:83673244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.70.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810143/; classtype:trojan-activity;sid:83673243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.9.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810142/; classtype:trojan-activity;sid:83673242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.78.5.89"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810141/; classtype:trojan-activity;sid:83673241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.36.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810140/; classtype:trojan-activity;sid:83673240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdtzx.scr"; depth:10; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810139/; classtype:trojan-activity;sid:83673239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.135.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810138/; classtype:trojan-activity;sid:83673238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.24.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810137/; classtype:trojan-activity;sid:83673237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.12.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810136/; classtype:trojan-activity;sid:83673236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.164.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810135/; classtype:trojan-activity;sid:83673235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.238.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810134/; classtype:trojan-activity;sid:83673234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810133/; classtype:trojan-activity;sid:83673233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810132/; classtype:trojan-activity;sid:83673232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.86.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810131/; classtype:trojan-activity;sid:83673231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.45.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810129/; classtype:trojan-activity;sid:83673229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.15.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810130/; classtype:trojan-activity;sid:83673230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.212.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810128/; classtype:trojan-activity;sid:83673228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.70.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810127/; classtype:trojan-activity;sid:83673227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.212.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810126/; classtype:trojan-activity;sid:83673226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.36.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810125/; classtype:trojan-activity;sid:83673225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.215.189.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810124/; classtype:trojan-activity;sid:83673224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.250.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810123/; classtype:trojan-activity;sid:83673223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.22.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810121/; classtype:trojan-activity;sid:83673221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.224.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810122/; classtype:trojan-activity;sid:83673222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.57.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810120/; classtype:trojan-activity;sid:83673220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.73.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810119/; classtype:trojan-activity;sid:83673219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.121.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810117/; classtype:trojan-activity;sid:83673217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.93.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810118/; classtype:trojan-activity;sid:83673218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/50-ac.exe"; depth:10; endswith; nocase; http.host; content:"aaahomestore.ru.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810116/; classtype:trojan-activity;sid:83673216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.44.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810115/; classtype:trojan-activity;sid:83673215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.168.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810113/; classtype:trojan-activity;sid:83673213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.44.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810114/; classtype:trojan-activity;sid:83673214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.193.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810112/; classtype:trojan-activity;sid:83673212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.52.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810111/; classtype:trojan-activity;sid:83673211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.15.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810110/; classtype:trojan-activity;sid:83673210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.255.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810109/; classtype:trojan-activity;sid:83673209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.164.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810108/; classtype:trojan-activity;sid:83673208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810107/; classtype:trojan-activity;sid:83673207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.44.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810106/; classtype:trojan-activity;sid:83673206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.172.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810105/; classtype:trojan-activity;sid:83673205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.168.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810104/; classtype:trojan-activity;sid:83673204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garold.zip"; depth:11; endswith; nocase; http.host; content:"apknew.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810103/; classtype:trojan-activity;sid:83673203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fix.txt"; depth:8; endswith; nocase; http.host; content:"apknew.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810102/; classtype:trojan-activity;sid:83673202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.29.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810101/; classtype:trojan-activity;sid:83673201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.254.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810099/; classtype:trojan-activity;sid:83673199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810100/; classtype:trojan-activity;sid:83673200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810096/; classtype:trojan-activity;sid:83673196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.215.221.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810097/; classtype:trojan-activity;sid:83673197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.99.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810098/; classtype:trojan-activity;sid:83673198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.215.189.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810095/; classtype:trojan-activity;sid:83673195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.181.67.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810094/; classtype:trojan-activity;sid:83673194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.5.38.18"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810093/; classtype:trojan-activity;sid:83673193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.191.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810092/; classtype:trojan-activity;sid:83673192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qa.sh"; depth:6; endswith; nocase; http.host; content:"193.222.96.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810091/; classtype:trojan-activity;sid:83673191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.29.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810090/; classtype:trojan-activity;sid:83673190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810089/; classtype:trojan-activity;sid:83673189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.182.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810088/; classtype:trojan-activity;sid:83673188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.10.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810087/; classtype:trojan-activity;sid:83673187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.133.184.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810086/; classtype:trojan-activity;sid:83673186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810085/; classtype:trojan-activity;sid:83673185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.191.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810084/; classtype:trojan-activity;sid:83673184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.121.87.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810083/; classtype:trojan-activity;sid:83673183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.239.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810082/; classtype:trojan-activity;sid:83673182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.119.132.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810081/; classtype:trojan-activity;sid:83673181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.108.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810079/; classtype:trojan-activity;sid:83673179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.22.129.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810080/; classtype:trojan-activity;sid:83673180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.149.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810078/; classtype:trojan-activity;sid:83673178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668526335|3f|hash=szqbmcn9zvxpoircmd6p2rgmjffzegyoro7jdh3bnjx|7c|26|7c|dl=fvfivcepvwcqfazdgd9wd1hzcny4nid0nyuvinka9jk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810077/; classtype:trojan-activity;sid:83673177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.214.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810076/; classtype:trojan-activity;sid:83673176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.129.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810075/; classtype:trojan-activity;sid:83673175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.41.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810074/; classtype:trojan-activity;sid:83673174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.214.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810073/; classtype:trojan-activity;sid:83673173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.16.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810072/; classtype:trojan-activity;sid:83673172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.129.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810070/; classtype:trojan-activity;sid:83673170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.81.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810071/; classtype:trojan-activity;sid:83673171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.121.87.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810069/; classtype:trojan-activity;sid:83673169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.55.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810068/; classtype:trojan-activity;sid:83673168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.124.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810067/; classtype:trojan-activity;sid:83673167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.15.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810066/; classtype:trojan-activity;sid:83673166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.217.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810065/; classtype:trojan-activity;sid:83673165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.25.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810064/; classtype:trojan-activity;sid:83673164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.179.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810063/; classtype:trojan-activity;sid:83673163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668526301|3f|hash=ztb0zzkkruwz5bmw48aqkwgsjyllawgonmjddl3ryvl|7c|26|7c|dl=eswgdzolxl36wbzzvzkcdccz8ztr7hdoqhudqjicxho|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810062/; classtype:trojan-activity;sid:83673162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/logo.jpg"; depth:16; endswith; nocase; http.host; content:"sdshsjakdjsaljdkasda.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810061/; classtype:trojan-activity;sid:83673161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.81.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810060/; classtype:trojan-activity;sid:83673160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.156.57.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810059/; classtype:trojan-activity;sid:83673159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.135.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810058/; classtype:trojan-activity;sid:83673158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.247.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810057/; classtype:trojan-activity;sid:83673157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.26.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810056/; classtype:trojan-activity;sid:83673156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.141.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810055/; classtype:trojan-activity;sid:83673155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.106.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810054/; classtype:trojan-activity;sid:83673154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.166.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810053/; classtype:trojan-activity;sid:83673153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.211.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810052/; classtype:trojan-activity;sid:83673152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.55.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810051/; classtype:trojan-activity;sid:83673151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810050/; classtype:trojan-activity;sid:83673150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.150.181.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810049/; classtype:trojan-activity;sid:83673149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.247.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810048/; classtype:trojan-activity;sid:83673148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.250.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810047/; classtype:trojan-activity;sid:83673147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.82.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810046/; classtype:trojan-activity;sid:83673146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.181.65.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810045/; classtype:trojan-activity;sid:83673145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.130"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810044/; classtype:trojan-activity;sid:83673144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.99.201.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810041/; classtype:trojan-activity;sid:83673141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.8.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810042/; classtype:trojan-activity;sid:83673142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.66.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810043/; classtype:trojan-activity;sid:83673143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.79.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810040/; classtype:trojan-activity;sid:83673140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.233.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810039/; classtype:trojan-activity;sid:83673139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810038/; classtype:trojan-activity;sid:83673138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.189.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810037/; classtype:trojan-activity;sid:83673137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.85.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810036/; classtype:trojan-activity;sid:83673136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.117.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810035/; classtype:trojan-activity;sid:83673135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.24.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810034/; classtype:trojan-activity;sid:83673134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.221.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810033/; classtype:trojan-activity;sid:83673133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.8.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810032/; classtype:trojan-activity;sid:83673132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.250.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810031/; classtype:trojan-activity;sid:83673131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.44.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810030/; classtype:trojan-activity;sid:83673130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.220.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810029/; classtype:trojan-activity;sid:83673129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.134.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810028/; classtype:trojan-activity;sid:83673128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.186.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810027/; classtype:trojan-activity;sid:83673127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810026/; classtype:trojan-activity;sid:83673126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.215.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810025/; classtype:trojan-activity;sid:83673125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enc.exe"; depth:8; endswith; nocase; http.host; content:"91.92.253.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810024/; classtype:trojan-activity;sid:83673124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.44.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810023/; classtype:trojan-activity;sid:83673123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810022/; classtype:trojan-activity;sid:83673122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.102.33.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810021/; classtype:trojan-activity;sid:83673121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.121.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810020/; classtype:trojan-activity;sid:83673120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.79.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810019/; classtype:trojan-activity;sid:83673119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.221.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810018/; classtype:trojan-activity;sid:83673118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.220.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810017/; classtype:trojan-activity;sid:83673117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.24.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810016/; classtype:trojan-activity;sid:83673116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.116.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810015/; classtype:trojan-activity;sid:83673115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.58.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810013/; classtype:trojan-activity;sid:83673113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.93.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810014/; classtype:trojan-activity;sid:83673114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.242.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810012/; classtype:trojan-activity;sid:83673112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.130.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810011/; classtype:trojan-activity;sid:83673111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heargjhw.exe"; depth:13; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810010/; classtype:trojan-activity;sid:83673110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.205.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810009/; classtype:trojan-activity;sid:83673109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.99.2.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810008/; classtype:trojan-activity;sid:83673108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.219.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810007/; classtype:trojan-activity;sid:83673107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.120.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810006/; classtype:trojan-activity;sid:83673106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.239.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810005/; classtype:trojan-activity;sid:83673105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.115.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810004/; classtype:trojan-activity;sid:83673104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.153.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810003/; classtype:trojan-activity;sid:83673103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.130.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810002/; classtype:trojan-activity;sid:83673102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.116.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810001/; classtype:trojan-activity;sid:83673101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.71.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810000/; classtype:trojan-activity;sid:83673100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.64.130.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809999/; classtype:trojan-activity;sid:83673099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809998/; classtype:trojan-activity;sid:83673098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809997/; classtype:trojan-activity;sid:83673097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809992/; classtype:trojan-activity;sid:83673092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809993/; classtype:trojan-activity;sid:83673093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809994/; classtype:trojan-activity;sid:83673094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809995/; classtype:trojan-activity;sid:83673095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809996/; classtype:trojan-activity;sid:83673096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809988/; classtype:trojan-activity;sid:83673088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809989/; classtype:trojan-activity;sid:83673089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809990/; classtype:trojan-activity;sid:83673090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809991/; classtype:trojan-activity;sid:83673091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.56.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809987/; classtype:trojan-activity;sid:83673087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809986/; classtype:trojan-activity;sid:83673086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.99.2.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809984/; classtype:trojan-activity;sid:83673084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"14.225.213.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809985/; classtype:trojan-activity;sid:83673085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.64.130.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809983/; classtype:trojan-activity;sid:83673083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.120.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809982/; classtype:trojan-activity;sid:83673082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.239.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809981/; classtype:trojan-activity;sid:83673081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.72.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809980/; classtype:trojan-activity;sid:83673080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.211.213.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809979/; classtype:trojan-activity;sid:83673079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.33.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809978/; classtype:trojan-activity;sid:83673078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.196.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809977/; classtype:trojan-activity;sid:83673077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.118.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809976/; classtype:trojan-activity;sid:83673076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.170.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809975/; classtype:trojan-activity;sid:83673075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.121.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809974/; classtype:trojan-activity;sid:83673074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.113.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809973/; classtype:trojan-activity;sid:83673073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.253.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809972/; classtype:trojan-activity;sid:83673072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.72.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809971/; classtype:trojan-activity;sid:83673071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.199.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809970/; classtype:trojan-activity;sid:83673070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.13.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809969/; classtype:trojan-activity;sid:83673069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.81.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809967/; classtype:trojan-activity;sid:83673067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.110.137.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809968/; classtype:trojan-activity;sid:83673068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.153.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809966/; classtype:trojan-activity;sid:83673066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.236.187.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809965/; classtype:trojan-activity;sid:83673065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809964/; classtype:trojan-activity;sid:83673064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.118.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809963/; classtype:trojan-activity;sid:83673063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809960/; classtype:trojan-activity;sid:83673060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809961/; classtype:trojan-activity;sid:83673061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.193.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809962/; classtype:trojan-activity;sid:83673062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809958/; classtype:trojan-activity;sid:83673058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809959/; classtype:trojan-activity;sid:83673059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.238.36.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809957/; classtype:trojan-activity;sid:83673057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809954/; classtype:trojan-activity;sid:83673054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809955/; classtype:trojan-activity;sid:83673055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809956/; classtype:trojan-activity;sid:83673056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.185.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809949/; classtype:trojan-activity;sid:83673049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809950/; classtype:trojan-activity;sid:83673050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.247.87.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809951/; classtype:trojan-activity;sid:83673051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809952/; classtype:trojan-activity;sid:83673052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809953/; classtype:trojan-activity;sid:83673053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.36.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809948/; classtype:trojan-activity;sid:83673048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.110.137.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809947/; classtype:trojan-activity;sid:83673047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.184.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809946/; classtype:trojan-activity;sid:83673046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.95.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809945/; classtype:trojan-activity;sid:83673045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.153.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809944/; classtype:trojan-activity;sid:83673044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.58.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809942/; classtype:trojan-activity;sid:83673042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installrr.exe"; depth:14; endswith; nocase; http.host; content:"retfdgfgaf.b-cdn.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809943/; classtype:trojan-activity;sid:83673043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.208.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809941/; classtype:trojan-activity;sid:83673041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.180.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809939/; classtype:trojan-activity;sid:83673039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.179.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809940/; classtype:trojan-activity;sid:83673040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.231.181.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809938/; classtype:trojan-activity;sid:83673038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.108.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809937/; classtype:trojan-activity;sid:83673037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.236.187.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809936/; classtype:trojan-activity;sid:83673036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.238.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809935/; classtype:trojan-activity;sid:83673035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.108.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809934/; classtype:trojan-activity;sid:83673034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.216.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809933/; classtype:trojan-activity;sid:83673033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.91.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809931/; classtype:trojan-activity;sid:83673031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.33.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809932/; classtype:trojan-activity;sid:83673032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.8.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809930/; classtype:trojan-activity;sid:83673030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.11.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809929/; classtype:trojan-activity;sid:83673029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.238.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809928/; classtype:trojan-activity;sid:83673028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.7.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809927/; classtype:trojan-activity;sid:83673027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.134.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809926/; classtype:trojan-activity;sid:83673026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.180.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809925/; classtype:trojan-activity;sid:83673025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.8.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809924/; classtype:trojan-activity;sid:83673024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.58.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809923/; classtype:trojan-activity;sid:83673023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.91.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809922/; classtype:trojan-activity;sid:83673022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809917/; classtype:trojan-activity;sid:83673017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809918/; classtype:trojan-activity;sid:83673018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809919/; classtype:trojan-activity;sid:83673019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mips"; depth:10; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809920/; classtype:trojan-activity;sid:83673020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.mips"; depth:15; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809921/; classtype:trojan-activity;sid:83673021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.x86"; depth:14; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809914/; classtype:trojan-activity;sid:83673014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.x86_64"; depth:17; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809915/; classtype:trojan-activity;sid:83673015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809916/; classtype:trojan-activity;sid:83673016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86"; depth:9; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809912/; classtype:trojan-activity;sid:83673012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809913/; classtype:trojan-activity;sid:83673013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm7"; depth:15; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809909/; classtype:trojan-activity;sid:83673009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809910/; classtype:trojan-activity;sid:83673010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm7"; depth:10; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809911/; classtype:trojan-activity;sid:83673011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm"; depth:14; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809906/; classtype:trojan-activity;sid:83673006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809907/; classtype:trojan-activity;sid:83673007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809908/; classtype:trojan-activity;sid:83673008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809901/; classtype:trojan-activity;sid:83673001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809902/; classtype:trojan-activity;sid:83673002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm6"; depth:15; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809903/; classtype:trojan-activity;sid:83673003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809904/; classtype:trojan-activity;sid:83673004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm"; depth:9; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809905/; classtype:trojan-activity;sid:83673005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809900/; classtype:trojan-activity;sid:83673000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm6"; depth:10; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809899/; classtype:trojan-activity;sid:83672999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809895/; classtype:trojan-activity;sid:83672995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809896/; classtype:trojan-activity;sid:83672996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.mpsl"; depth:15; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809897/; classtype:trojan-activity;sid:83672997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809898/; classtype:trojan-activity;sid:83672998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.m68k"; depth:15; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809888/; classtype:trojan-activity;sid:83672988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm5"; depth:15; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809889/; classtype:trojan-activity;sid:83672989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809890/; classtype:trojan-activity;sid:83672990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809891/; classtype:trojan-activity;sid:83672991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809892/; classtype:trojan-activity;sid:83672992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809893/; classtype:trojan-activity;sid:83672993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.sh4"; depth:14; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809894/; classtype:trojan-activity;sid:83672994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mpsl"; depth:10; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809887/; classtype:trojan-activity;sid:83672987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-m68k"; depth:10; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809885/; classtype:trojan-activity;sid:83672985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-sh4"; depth:9; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809886/; classtype:trojan-activity;sid:83672986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809884/; classtype:trojan-activity;sid:83672984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809881/; classtype:trojan-activity;sid:83672981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809882/; classtype:trojan-activity;sid:83672982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.ppc"; depth:14; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809883/; classtype:trojan-activity;sid:83672983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809878/; classtype:trojan-activity;sid:83672978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809879/; classtype:trojan-activity;sid:83672979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm5"; depth:10; endswith; nocase; http.host; content:"203.145.46.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809880/; classtype:trojan-activity;sid:83672980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809877/; classtype:trojan-activity;sid:83672977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.108.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809875/; classtype:trojan-activity;sid:83672975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.163.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809874/; classtype:trojan-activity;sid:83672974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.134.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809873/; classtype:trojan-activity;sid:83672973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f0b0065685f96d4c085325b50143899/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809871/; classtype:trojan-activity;sid:83672971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0169087ee24d7208c7e1ee2f2f6e40b9/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809872/; classtype:trojan-activity;sid:83672972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35881367040156107868ae3b7424f39d.exe"; depth:37; endswith; nocase; http.host; content:"operatinghub.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809869/; classtype:trojan-activity;sid:83672969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cone/sppsvc.exe"; depth:16; endswith; nocase; http.host; content:"45.40.96.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809870/; classtype:trojan-activity;sid:83672970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/4.txt"; depth:9; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809866/; classtype:trojan-activity;sid:83672966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/du.txt"; depth:10; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809867/; classtype:trojan-activity;sid:83672967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/5ab.txt"; depth:11; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809868/; classtype:trojan-activity;sid:83672968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server/ww15/appgate2103v15.exe"; depth:31; endswith; nocase; http.host; content:"193.233.132.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809865/; classtype:trojan-activity;sid:83672965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gg/deushack%20pass%20123.rar"; depth:29; endswith; nocase; http.host; content:"valoxxx.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809864/; classtype:trojan-activity;sid:83672964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup3.exe"; depth:11; endswith; nocase; http.host; content:"185.172.128.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809847/; classtype:trojan-activity;sid:83672947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee753e43ad946d09c49a3e62acabcd97/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809848/; classtype:trojan-activity;sid:83672948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e227f826efee8bc7582be5641b9c0fb1/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809849/; classtype:trojan-activity;sid:83672949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/165e4fabfb2e989c9c906b76e894c6c4/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809850/; classtype:trojan-activity;sid:83672950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3527bafa1c78e93080aba57e8a6223ca/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809851/; classtype:trojan-activity;sid:83672951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g.txt"; depth:6; endswith; nocase; http.host; content:"bolibachan.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809852/; classtype:trojan-activity;sid:83672952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23a501a2175bebd71e360fe3d08ef78f/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809853/; classtype:trojan-activity;sid:83672953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7fe89478fb6dc707f2d9a113ae0e5321/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809854/; classtype:trojan-activity;sid:83672954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d0088102170f1282f169c4c20fe9fe9/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809855/; classtype:trojan-activity;sid:83672955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df30a69d4bf83993156a750a29848aa9/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809856/; classtype:trojan-activity;sid:83672956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a754af658e5a0e82da7cb52c131bce10/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809857/; classtype:trojan-activity;sid:83672957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee753e43ad946d09c49a3e62acabcd97/35881367040156107868ae3b7424f39d.exe"; depth:70; endswith; nocase; http.host; content:"dangerlisten.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809858/; classtype:trojan-activity;sid:83672958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/165e4fabfb2e989c9c906b76e894c6c4/35881367040156107868ae3b7424f39d.exe"; depth:70; endswith; nocase; http.host; content:"dangerlisten.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809859/; classtype:trojan-activity;sid:83672959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de0122e9b0491806d043e481475ce449/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809860/; classtype:trojan-activity;sid:83672960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e227f826efee8bc7582be5641b9c0fb1/35881367040156107868ae3b7424f39d.exe"; depth:70; endswith; nocase; http.host; content:"dangerlisten.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809861/; classtype:trojan-activity;sid:83672961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/edu.txt"; depth:11; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809862/; classtype:trojan-activity;sid:83672962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/cs.txt"; depth:10; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809863/; classtype:trojan-activity;sid:83672963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yoyobins.sh"; depth:12; endswith; nocase; http.host; content:"172.105.15.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809846/; classtype:trojan-activity;sid:83672946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sorabins.sh"; depth:12; endswith; nocase; http.host; content:"192.53.121.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809845/; classtype:trojan-activity;sid:83672945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.11.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809844/; classtype:trojan-activity;sid:83672944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/hls.txt"; depth:11; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809843/; classtype:trojan-activity;sid:83672943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.46.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809842/; classtype:trojan-activity;sid:83672942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.217.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809841/; classtype:trojan-activity;sid:83672941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.177.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809840/; classtype:trojan-activity;sid:83672940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.214.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809839/; classtype:trojan-activity;sid:83672939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.215.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809838/; classtype:trojan-activity;sid:83672938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.93.106.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809837/; classtype:trojan-activity;sid:83672937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.208.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809836/; classtype:trojan-activity;sid:83672936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.11.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809835/; classtype:trojan-activity;sid:83672935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.83.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809834/; classtype:trojan-activity;sid:83672934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.13.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809833/; classtype:trojan-activity;sid:83672933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.11.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809832/; classtype:trojan-activity;sid:83672932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.105.108.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809831/; classtype:trojan-activity;sid:83672931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.216.49.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809830/; classtype:trojan-activity;sid:83672930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.78.39.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809829/; classtype:trojan-activity;sid:83672929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.26.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809828/; classtype:trojan-activity;sid:83672928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.247.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809827/; classtype:trojan-activity;sid:83672927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.89.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809826/; classtype:trojan-activity;sid:83672926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.241.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809825/; classtype:trojan-activity;sid:83672925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.156.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809821/; classtype:trojan-activity;sid:83672921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.70.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809822/; classtype:trojan-activity;sid:83672922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.175.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809823/; classtype:trojan-activity;sid:83672923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.222.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809824/; classtype:trojan-activity;sid:83672924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.124.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809819/; classtype:trojan-activity;sid:83672919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809820/; classtype:trojan-activity;sid:83672920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.105.108.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809818/; classtype:trojan-activity;sid:83672918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.89.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809817/; classtype:trojan-activity;sid:83672917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.77.34.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809816/; classtype:trojan-activity;sid:83672916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.216.49.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809815/; classtype:trojan-activity;sid:83672915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.158.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809814/; classtype:trojan-activity;sid:83672914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.138.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809813/; classtype:trojan-activity;sid:83672913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.209.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809812/; classtype:trojan-activity;sid:83672912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809811/; classtype:trojan-activity;sid:83672911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.58.85.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809810/; classtype:trojan-activity;sid:83672910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809808/; classtype:trojan-activity;sid:83672908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.9.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809809/; classtype:trojan-activity;sid:83672909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.130.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809807/; classtype:trojan-activity;sid:83672907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.144.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809806/; classtype:trojan-activity;sid:83672906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.78.39.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809805/; classtype:trojan-activity;sid:83672905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.89.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809804/; classtype:trojan-activity;sid:83672904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.36.20.168"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809803/; classtype:trojan-activity;sid:83672903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.247.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809802/; classtype:trojan-activity;sid:83672902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.241.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809801/; classtype:trojan-activity;sid:83672901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.131.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809800/; classtype:trojan-activity;sid:83672900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.181.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809799/; classtype:trojan-activity;sid:83672899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668389126|3f|hash=llgb48jzpc3bfheccrhhnmdgellhocfrogbf7zisvmk|7c|26|7c|dl=pyya4z9n0nlvtlscx8gqkdz8k1cpy0j4d880vkngvwc|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809798/; classtype:trojan-activity;sid:83672898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668489677|3f|hash=a9eternaxcioepc4jjucd1e9myanyrpc9i1kzpkliys|7c|26|7c|dl=wya9ftzxcpqkqfn4rcse5zhoyctjgixuhslwucdypc8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809797/; classtype:trojan-activity;sid:83672897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809796/; classtype:trojan-activity;sid:83672896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.103.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809795/; classtype:trojan-activity;sid:83672895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.240.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809794/; classtype:trojan-activity;sid:83672894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.144.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809793/; classtype:trojan-activity;sid:83672893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.59.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809792/; classtype:trojan-activity;sid:83672892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.254.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809791/; classtype:trojan-activity;sid:83672891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.161.31.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809790/; classtype:trojan-activity;sid:83672890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.194.216.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809789/; classtype:trojan-activity;sid:83672889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/current.exe"; depth:12; endswith; nocase; http.host; content:"flowers4everything.shop"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809788/; classtype:trojan-activity;sid:83672888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.72.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809787/; classtype:trojan-activity;sid:83672887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.1.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809786/; classtype:trojan-activity;sid:83672886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809785/; classtype:trojan-activity;sid:83672885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.184.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809784/; classtype:trojan-activity;sid:83672884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.223.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809783/; classtype:trojan-activity;sid:83672883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.179.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809782/; classtype:trojan-activity;sid:83672882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.193.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809781/; classtype:trojan-activity;sid:83672881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.202.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809780/; classtype:trojan-activity;sid:83672880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.53.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809779/; classtype:trojan-activity;sid:83672879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.223.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809778/; classtype:trojan-activity;sid:83672878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.66.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809777/; classtype:trojan-activity;sid:83672877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.240.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809776/; classtype:trojan-activity;sid:83672876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809775/; classtype:trojan-activity;sid:83672875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.2.130"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809774/; classtype:trojan-activity;sid:83672874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.1.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809773/; classtype:trojan-activity;sid:83672873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.72.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809772/; classtype:trojan-activity;sid:83672872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.144"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809771/; classtype:trojan-activity;sid:83672871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.185.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809770/; classtype:trojan-activity;sid:83672870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809769/; classtype:trojan-activity;sid:83672869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.179.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809768/; classtype:trojan-activity;sid:83672868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.64.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809767/; classtype:trojan-activity;sid:83672867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forum/index.php"; depth:16; endswith; nocase; http.host; content:"wikkt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809766/; classtype:trojan-activity;sid:83672866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.171.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809765/; classtype:trojan-activity;sid:83672865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.66.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809764/; classtype:trojan-activity;sid:83672864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.93.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809763/; classtype:trojan-activity;sid:83672863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.225.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809762/; classtype:trojan-activity;sid:83672862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.2.130"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809761/; classtype:trojan-activity;sid:83672861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809760/; classtype:trojan-activity;sid:83672860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.147.86.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809759/; classtype:trojan-activity;sid:83672859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.218.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809758/; classtype:trojan-activity;sid:83672858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.250.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809757/; classtype:trojan-activity;sid:83672857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.236.184.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809756/; classtype:trojan-activity;sid:83672856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.139.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809753/; classtype:trojan-activity;sid:83672853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.8.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809754/; classtype:trojan-activity;sid:83672854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.95.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809755/; classtype:trojan-activity;sid:83672855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.175.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809752/; classtype:trojan-activity;sid:83672852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.8.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809751/; classtype:trojan-activity;sid:83672851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.159.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809750/; classtype:trojan-activity;sid:83672850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.93.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809749/; classtype:trojan-activity;sid:83672849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.198.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809748/; classtype:trojan-activity;sid:83672848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.94.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809747/; classtype:trojan-activity;sid:83672847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.185.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809746/; classtype:trojan-activity;sid:83672846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.112.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809744/; classtype:trojan-activity;sid:83672844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.44.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809745/; classtype:trojan-activity;sid:83672845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.179.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809743/; classtype:trojan-activity;sid:83672843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.5.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809742/; classtype:trojan-activity;sid:83672842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.90.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809741/; classtype:trojan-activity;sid:83672841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/page_error.jpeg"; depth:25; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809740/; classtype:trojan-activity;sid:83672840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.147.86.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809739/; classtype:trojan-activity;sid:83672839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.249.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809738/; classtype:trojan-activity;sid:83672838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.84.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809737/; classtype:trojan-activity;sid:83672837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.175.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809736/; classtype:trojan-activity;sid:83672836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.217.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809735/; classtype:trojan-activity;sid:83672835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.201.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809734/; classtype:trojan-activity;sid:83672834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.21.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809733/; classtype:trojan-activity;sid:83672833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.217.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809732/; classtype:trojan-activity;sid:83672832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.159.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809731/; classtype:trojan-activity;sid:83672831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.7.36.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809730/; classtype:trojan-activity;sid:83672830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.175.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809729/; classtype:trojan-activity;sid:83672829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.5.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809728/; classtype:trojan-activity;sid:83672828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.65.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809727/; classtype:trojan-activity;sid:83672827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.190.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809726/; classtype:trojan-activity;sid:83672826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809725/; classtype:trojan-activity;sid:83672825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809723/; classtype:trojan-activity;sid:83672823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ore-cli-miner.exe"; depth:18; endswith; nocase; http.host; content:"109.107.182.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809724/; classtype:trojan-activity;sid:83672824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.116.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809722/; classtype:trojan-activity;sid:83672822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.127.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809721/; classtype:trojan-activity;sid:83672821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809720/; classtype:trojan-activity;sid:83672820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.169.187.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809719/; classtype:trojan-activity;sid:83672819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.121.83.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809718/; classtype:trojan-activity;sid:83672818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.201.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809717/; classtype:trojan-activity;sid:83672817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.218.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809716/; classtype:trojan-activity;sid:83672816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.222.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809715/; classtype:trojan-activity;sid:83672815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809714/; classtype:trojan-activity;sid:83672814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.48.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809713/; classtype:trojan-activity;sid:83672813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.209.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809712/; classtype:trojan-activity;sid:83672812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.209.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809711/; classtype:trojan-activity;sid:83672811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.198.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809710/; classtype:trojan-activity;sid:83672810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.227.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809709/; classtype:trojan-activity;sid:83672809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.127.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809707/; classtype:trojan-activity;sid:83672807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.48.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809708/; classtype:trojan-activity;sid:83672808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.178.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809706/; classtype:trojan-activity;sid:83672806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.152.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809704/; classtype:trojan-activity;sid:83672804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.180.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809705/; classtype:trojan-activity;sid:83672805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.156.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809702/; classtype:trojan-activity;sid:83672802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.15.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809703/; classtype:trojan-activity;sid:83672803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.127.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809701/; classtype:trojan-activity;sid:83672801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.76.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809700/; classtype:trojan-activity;sid:83672800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.238.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809699/; classtype:trojan-activity;sid:83672799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.241.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809698/; classtype:trojan-activity;sid:83672798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.29.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809697/; classtype:trojan-activity;sid:83672797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.147.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809696/; classtype:trojan-activity;sid:83672796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ore-cli-win-1.1.exe"; depth:20; endswith; nocase; http.host; content:"109.107.182.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809694/; classtype:trojan-activity;sid:83672794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.210.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809695/; classtype:trojan-activity;sid:83672795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.89.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809693/; classtype:trojan-activity;sid:83672793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.254.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809692/; classtype:trojan-activity;sid:83672792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.11.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809691/; classtype:trojan-activity;sid:83672791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.111.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809690/; classtype:trojan-activity;sid:83672790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.173.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809689/; classtype:trojan-activity;sid:83672789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.210.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809688/; classtype:trojan-activity;sid:83672788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.92.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809684/; classtype:trojan-activity;sid:83672784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.68.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809685/; classtype:trojan-activity;sid:83672785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809686/; classtype:trojan-activity;sid:83672786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.30.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809687/; classtype:trojan-activity;sid:83672787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.89.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809683/; classtype:trojan-activity;sid:83672783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.227.222.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809682/; classtype:trojan-activity;sid:83672782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.11.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809681/; classtype:trojan-activity;sid:83672781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.126.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809680/; classtype:trojan-activity;sid:83672780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.254.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809679/; classtype:trojan-activity;sid:83672779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.89.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809678/; classtype:trojan-activity;sid:83672778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.49.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809677/; classtype:trojan-activity;sid:83672777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.15.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809676/; classtype:trojan-activity;sid:83672776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.72.23.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809675/; classtype:trojan-activity;sid:83672775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.205.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809674/; classtype:trojan-activity;sid:83672774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.11.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809673/; classtype:trojan-activity;sid:83672773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.118.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809672/; classtype:trojan-activity;sid:83672772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668499959|3f|hash=vlxawurmcbz1oln4spqzcqi6o5wt1d9zhzrsbw9zxyc|7c|26|7c|dl=nmsesxzuurha03xng9czw5edxfxkkrqwora2ngsbwit|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809671/; classtype:trojan-activity;sid:83672771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kniga/demon.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809669/; classtype:trojan-activity;sid:83672769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.83.173.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809670/; classtype:trojan-activity;sid:83672770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc329118071_676580549|3f|hash=pfvdcz3los502jpz4s1mzuaa9eun2matbz9f2cxg7ac|7c|26|7c|dl=ej7ectknt34cltnkr108qlkdhruv2sw8okdmc0jfuit|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:168; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809668/; classtype:trojan-activity;sid:83672768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809667/; classtype:trojan-activity;sid:83672767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.221.10.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809666/; classtype:trojan-activity;sid:83672766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.21.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809665/; classtype:trojan-activity;sid:83672765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.77.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809664/; classtype:trojan-activity;sid:83672764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.184.1.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809663/; classtype:trojan-activity;sid:83672763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.21.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809662/; classtype:trojan-activity;sid:83672762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.229.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809661/; classtype:trojan-activity;sid:83672761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.101.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809660/; classtype:trojan-activity;sid:83672760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.118.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809659/; classtype:trojan-activity;sid:83672759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.84.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809658/; classtype:trojan-activity;sid:83672758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"211.221.10.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809657/; classtype:trojan-activity;sid:83672757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809656/; classtype:trojan-activity;sid:83672756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.230.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809655/; classtype:trojan-activity;sid:83672755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.77.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809654/; classtype:trojan-activity;sid:83672754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.203.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809653/; classtype:trojan-activity;sid:83672753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809652/; classtype:trojan-activity;sid:83672752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.229.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809651/; classtype:trojan-activity;sid:83672751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.181.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809650/; classtype:trojan-activity;sid:83672750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.109.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809649/; classtype:trojan-activity;sid:83672749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.101.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809648/; classtype:trojan-activity;sid:83672748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.101.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809647/; classtype:trojan-activity;sid:83672747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.190.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809646/; classtype:trojan-activity;sid:83672746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.84.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809645/; classtype:trojan-activity;sid:83672745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.35.92.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809644/; classtype:trojan-activity;sid:83672744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.202.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809643/; classtype:trojan-activity;sid:83672743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668512951|3f|hash=uac9wbeb45bzz2a4vgx1xputavuzvoy56vwhrfjx9ih|7c|26|7c|dl=bnuupvvpe2gl1buqeydunncyf6yzawu0olnpakzax5l|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809642/; classtype:trojan-activity;sid:83672742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668507242|3f|hash=xehlbxfex5tfi6uznwgzeazxe0wrdbn9ovlbvvmq05t|7c|26|7c|dl=amop5zezza2relzbvuubpldv3pm4nuommfpmsz1gq6z|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809641/; classtype:trojan-activity;sid:83672741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.230.185.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809640/; classtype:trojan-activity;sid:83672740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.102.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809638/; classtype:trojan-activity;sid:83672738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.164.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809639/; classtype:trojan-activity;sid:83672739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.89.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809637/; classtype:trojan-activity;sid:83672737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.230.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809636/; classtype:trojan-activity;sid:83672736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.159.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809635/; classtype:trojan-activity;sid:83672735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.32.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809634/; classtype:trojan-activity;sid:83672734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.16.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809633/; classtype:trojan-activity;sid:83672733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.195.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809632/; classtype:trojan-activity;sid:83672732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.74.59.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809631/; classtype:trojan-activity;sid:83672731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.101.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809630/; classtype:trojan-activity;sid:83672730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.228.235.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809629/; classtype:trojan-activity;sid:83672729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.122.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809628/; classtype:trojan-activity;sid:83672728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.37.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809627/; classtype:trojan-activity;sid:83672727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.243.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809626/; classtype:trojan-activity;sid:83672726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.30.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809625/; classtype:trojan-activity;sid:83672725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.137.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809624/; classtype:trojan-activity;sid:83672724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.89.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809623/; classtype:trojan-activity;sid:83672723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.176.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809622/; classtype:trojan-activity;sid:83672722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.34.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809621/; classtype:trojan-activity;sid:83672721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.190.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809620/; classtype:trojan-activity;sid:83672720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.181.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809619/; classtype:trojan-activity;sid:83672719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.28.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809618/; classtype:trojan-activity;sid:83672718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.224.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809617/; classtype:trojan-activity;sid:83672717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.176.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809616/; classtype:trojan-activity;sid:83672716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668489825|3f|hash=mccb1nxvr8hdw4qgp01ukwpbkzk6xfs92bosc4dstng|7c|26|7c|dl=mgb11tdr4npykpukxi8q5lroj16bhpkclplrmx9hza8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809615/; classtype:trojan-activity;sid:83672715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668499988|3f|hash=1alfxv74abvtpkrayi2ilbkpk6cf8uxcmhpncskj670|7c|26|7c|dl=kjmk37dczsnfp3ii6jwpsmslzrs3pawrj0o4ietblzz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809614/; classtype:trojan-activity;sid:83672714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.11.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809613/; classtype:trojan-activity;sid:83672713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/pdf/june.exe"; depth:18; endswith; nocase; http.host; content:"bop.fishoaks.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809612/; classtype:trojan-activity;sid:83672712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.250.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809611/; classtype:trojan-activity;sid:83672711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.34.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809610/; classtype:trojan-activity;sid:83672710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.181.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809609/; classtype:trojan-activity;sid:83672709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.109.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809608/; classtype:trojan-activity;sid:83672708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.107.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809607/; classtype:trojan-activity;sid:83672707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.175.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809606/; classtype:trojan-activity;sid:83672706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.109.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809605/; classtype:trojan-activity;sid:83672705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.73.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809604/; classtype:trojan-activity;sid:83672704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.105.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809603/; classtype:trojan-activity;sid:83672703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809602/; classtype:trojan-activity;sid:83672702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.84.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809601/; classtype:trojan-activity;sid:83672701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.2.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809600/; classtype:trojan-activity;sid:83672700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.234.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809599/; classtype:trojan-activity;sid:83672699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.84.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809598/; classtype:trojan-activity;sid:83672698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.11.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809597/; classtype:trojan-activity;sid:83672697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.87.111.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809596/; classtype:trojan-activity;sid:83672696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.234.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809595/; classtype:trojan-activity;sid:83672695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.84.234.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809594/; classtype:trojan-activity;sid:83672694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.131.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809593/; classtype:trojan-activity;sid:83672693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.175.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809592/; classtype:trojan-activity;sid:83672692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.24.164.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809591/; classtype:trojan-activity;sid:83672691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.105.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809590/; classtype:trojan-activity;sid:83672690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809589/; classtype:trojan-activity;sid:83672689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.149.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809588/; classtype:trojan-activity;sid:83672688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.2.144"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809587/; classtype:trojan-activity;sid:83672687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809586/; classtype:trojan-activity;sid:83672686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.184.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809585/; classtype:trojan-activity;sid:83672685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.186.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809584/; classtype:trojan-activity;sid:83672684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.65.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809583/; classtype:trojan-activity;sid:83672683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.133.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809582/; classtype:trojan-activity;sid:83672682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.26.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809581/; classtype:trojan-activity;sid:83672681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.250.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809579/; classtype:trojan-activity;sid:83672679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.26.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809580/; classtype:trojan-activity;sid:83672680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.99.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809577/; classtype:trojan-activity;sid:83672677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.3.126"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809578/; classtype:trojan-activity;sid:83672678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.85.94.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809576/; classtype:trojan-activity;sid:83672676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.214.33.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809575/; classtype:trojan-activity;sid:83672675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.171.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809574/; classtype:trojan-activity;sid:83672674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.63.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809573/; classtype:trojan-activity;sid:83672673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test123"; depth:8; endswith; nocase; http.host; content:"193.35.18.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809572/; classtype:trojan-activity;sid:83672672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.133.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809571/; classtype:trojan-activity;sid:83672671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.26.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809570/; classtype:trojan-activity;sid:83672670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.65.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809569/; classtype:trojan-activity;sid:83672669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.9.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809568/; classtype:trojan-activity;sid:83672668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.186.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809567/; classtype:trojan-activity;sid:83672667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.127.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809566/; classtype:trojan-activity;sid:83672666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.26.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809564/; classtype:trojan-activity;sid:83672664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.37.10.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809565/; classtype:trojan-activity;sid:83672665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.85.94.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809563/; classtype:trojan-activity;sid:83672663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.22.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809562/; classtype:trojan-activity;sid:83672662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.63.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809561/; classtype:trojan-activity;sid:83672661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xjwp3uya8ujq"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809560/; classtype:trojan-activity;sid:83672660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.208.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809559/; classtype:trojan-activity;sid:83672659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.69.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809558/; classtype:trojan-activity;sid:83672658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.250.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809557/; classtype:trojan-activity;sid:83672657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.88.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809556/; classtype:trojan-activity;sid:83672656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.181.67.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809555/; classtype:trojan-activity;sid:83672655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.185.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809554/; classtype:trojan-activity;sid:83672654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.180.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809553/; classtype:trojan-activity;sid:83672653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.95.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809551/; classtype:trojan-activity;sid:83672651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"103.237.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809552/; classtype:trojan-activity;sid:83672652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.198.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809550/; classtype:trojan-activity;sid:83672650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.151.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809549/; classtype:trojan-activity;sid:83672649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.22.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809548/; classtype:trojan-activity;sid:83672648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.160.236.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809547/; classtype:trojan-activity;sid:83672647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.240.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809546/; classtype:trojan-activity;sid:83672646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.190.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809545/; classtype:trojan-activity;sid:83672645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.113.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809544/; classtype:trojan-activity;sid:83672644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.231.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809540/; classtype:trojan-activity;sid:83672640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.4.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809541/; classtype:trojan-activity;sid:83672641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.23.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809542/; classtype:trojan-activity;sid:83672642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.148.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809543/; classtype:trojan-activity;sid:83672643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.254.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809539/; classtype:trojan-activity;sid:83672639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809531/; classtype:trojan-activity;sid:83672631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809532/; classtype:trojan-activity;sid:83672632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809533/; classtype:trojan-activity;sid:83672633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809534/; classtype:trojan-activity;sid:83672634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809535/; classtype:trojan-activity;sid:83672635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809536/; classtype:trojan-activity;sid:83672636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809537/; classtype:trojan-activity;sid:83672637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809538/; classtype:trojan-activity;sid:83672638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809527/; classtype:trojan-activity;sid:83672627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809528/; classtype:trojan-activity;sid:83672628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809529/; classtype:trojan-activity;sid:83672629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809530/; classtype:trojan-activity;sid:83672630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809524/; classtype:trojan-activity;sid:83672624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809525/; classtype:trojan-activity;sid:83672625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809526/; classtype:trojan-activity;sid:83672626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809520/; classtype:trojan-activity;sid:83672620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809521/; classtype:trojan-activity;sid:83672621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809522/; classtype:trojan-activity;sid:83672622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sspc"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809523/; classtype:trojan-activity;sid:83672623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.mips"; depth:25; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809518/; classtype:trojan-activity;sid:83672618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809519/; classtype:trojan-activity;sid:83672619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sppc"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809514/; classtype:trojan-activity;sid:83672614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809515/; classtype:trojan-activity;sid:83672615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm6"; depth:25; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809516/; classtype:trojan-activity;sid:83672616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.x86"; depth:24; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809517/; classtype:trojan-activity;sid:83672617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.m68k"; depth:25; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809509/; classtype:trojan-activity;sid:83672609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809510/; classtype:trojan-activity;sid:83672610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809511/; classtype:trojan-activity;sid:83672611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809512/; classtype:trojan-activity;sid:83672612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.67.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809513/; classtype:trojan-activity;sid:83672613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809506/; classtype:trojan-activity;sid:83672606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809507/; classtype:trojan-activity;sid:83672607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"216.126.231.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809508/; classtype:trojan-activity;sid:83672608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809504/; classtype:trojan-activity;sid:83672604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smips"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809505/; classtype:trojan-activity;sid:83672605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm5"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809498/; classtype:trojan-activity;sid:83672598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809499/; classtype:trojan-activity;sid:83672599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809501/; classtype:trojan-activity;sid:83672601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"194.156.98.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809502/; classtype:trojan-activity;sid:83672602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809503/; classtype:trojan-activity;sid:83672603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.mpsl"; depth:25; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809490/; classtype:trojan-activity;sid:83672590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809491/; classtype:trojan-activity;sid:83672591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm6"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809492/; classtype:trojan-activity;sid:83672592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.sh4"; depth:24; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809493/; classtype:trojan-activity;sid:83672593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"74.50.84.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809494/; classtype:trojan-activity;sid:83672594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.218.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809495/; classtype:trojan-activity;sid:83672595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.88.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809496/; classtype:trojan-activity;sid:83672596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809497/; classtype:trojan-activity;sid:83672597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.spc"; depth:24; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809486/; classtype:trojan-activity;sid:83672586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"172.245.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809487/; classtype:trojan-activity;sid:83672587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809488/; classtype:trojan-activity;sid:83672588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smpsl"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809489/; classtype:trojan-activity;sid:83672589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sm68k"; depth:7; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809483/; classtype:trojan-activity;sid:83672583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm"; depth:24; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809484/; classtype:trojan-activity;sid:83672584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm7"; depth:25; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809485/; classtype:trojan-activity;sid:83672585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86"; depth:6; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809480/; classtype:trojan-activity;sid:83672580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86_64"; depth:9; endswith; nocase; http.host; content:"spotslfy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809481/; classtype:trojan-activity;sid:83672581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.ppc"; depth:24; endswith; nocase; http.host; content:"94.156.67.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809482/; classtype:trojan-activity;sid:83672582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.250.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809479/; classtype:trojan-activity;sid:83672579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.198.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809478/; classtype:trojan-activity;sid:83672578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809477/; classtype:trojan-activity;sid:83672577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.61.89.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809476/; classtype:trojan-activity;sid:83672576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.191.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809475/; classtype:trojan-activity;sid:83672575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.52.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809474/; classtype:trojan-activity;sid:83672574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xp1dt0wa77ix"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809473/; classtype:trojan-activity;sid:83672573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.57.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809472/; classtype:trojan-activity;sid:83672572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.27.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809471/; classtype:trojan-activity;sid:83672571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.52.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809470/; classtype:trojan-activity;sid:83672570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.45.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809469/; classtype:trojan-activity;sid:83672569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.80.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809468/; classtype:trojan-activity;sid:83672568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.61.89.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809467/; classtype:trojan-activity;sid:83672567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.87.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809466/; classtype:trojan-activity;sid:83672566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.27.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809465/; classtype:trojan-activity;sid:83672565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xoyxtgn3acgh"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809464/; classtype:trojan-activity;sid:83672564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.0.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809463/; classtype:trojan-activity;sid:83672563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.186.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809462/; classtype:trojan-activity;sid:83672562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.84.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809460/; classtype:trojan-activity;sid:83672560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.28.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809461/; classtype:trojan-activity;sid:83672561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.107.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809459/; classtype:trojan-activity;sid:83672559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.116.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809458/; classtype:trojan-activity;sid:83672558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.87.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809457/; classtype:trojan-activity;sid:83672557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.237.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809456/; classtype:trojan-activity;sid:83672556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.186.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809455/; classtype:trojan-activity;sid:83672555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.219.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809454/; classtype:trojan-activity;sid:83672554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.16.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809453/; classtype:trojan-activity;sid:83672553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.84.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809452/; classtype:trojan-activity;sid:83672552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.33.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809451/; classtype:trojan-activity;sid:83672551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.28.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809449/; classtype:trojan-activity;sid:83672549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.248.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809450/; classtype:trojan-activity;sid:83672550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.246.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809448/; classtype:trojan-activity;sid:83672548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.107.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809447/; classtype:trojan-activity;sid:83672547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.76.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809445/; classtype:trojan-activity;sid:83672545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.58.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809446/; classtype:trojan-activity;sid:83672546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.150.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809444/; classtype:trojan-activity;sid:83672544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.252.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809443/; classtype:trojan-activity;sid:83672543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.197.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809442/; classtype:trojan-activity;sid:83672542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.127.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809441/; classtype:trojan-activity;sid:83672541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.226.129.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809440/; classtype:trojan-activity;sid:83672540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.92.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809439/; classtype:trojan-activity;sid:83672539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.33.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809438/; classtype:trojan-activity;sid:83672538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.246.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809437/; classtype:trojan-activity;sid:83672537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.228.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809436/; classtype:trojan-activity;sid:83672536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.151.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809435/; classtype:trojan-activity;sid:83672535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.209.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809434/; classtype:trojan-activity;sid:83672534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.85.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809433/; classtype:trojan-activity;sid:83672533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809432/; classtype:trojan-activity;sid:83672532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.2.211"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809431/; classtype:trojan-activity;sid:83672531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.92.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809430/; classtype:trojan-activity;sid:83672530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.197.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809429/; classtype:trojan-activity;sid:83672529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.127.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809428/; classtype:trojan-activity;sid:83672528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.116.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809427/; classtype:trojan-activity;sid:83672527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xpusbwqzcksj"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809424/; classtype:trojan-activity;sid:83672524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x6xw7vcud9zm"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809425/; classtype:trojan-activity;sid:83672525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.16.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809426/; classtype:trojan-activity;sid:83672526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.31.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809423/; classtype:trojan-activity;sid:83672523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.2.211"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809422/; classtype:trojan-activity;sid:83672522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.181.67.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809421/; classtype:trojan-activity;sid:83672521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.228.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809420/; classtype:trojan-activity;sid:83672520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.151.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809419/; classtype:trojan-activity;sid:83672519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.64.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809418/; classtype:trojan-activity;sid:83672518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.148.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809417/; classtype:trojan-activity;sid:83672517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.17.225.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809416/; classtype:trojan-activity;sid:83672516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.226.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809415/; classtype:trojan-activity;sid:83672515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809414/; classtype:trojan-activity;sid:83672514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.27.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809413/; classtype:trojan-activity;sid:83672513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.131.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809412/; classtype:trojan-activity;sid:83672512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.154.118.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809411/; classtype:trojan-activity;sid:83672511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.202.65.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809409/; classtype:trojan-activity;sid:83672509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809410/; classtype:trojan-activity;sid:83672510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.64.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809407/; classtype:trojan-activity;sid:83672507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.56.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809408/; classtype:trojan-activity;sid:83672508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.179.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809406/; classtype:trojan-activity;sid:83672506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.242.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809405/; classtype:trojan-activity;sid:83672505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.222.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809404/; classtype:trojan-activity;sid:83672504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.181.67.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809403/; classtype:trojan-activity;sid:83672503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.120.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809402/; classtype:trojan-activity;sid:83672502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.233.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809401/; classtype:trojan-activity;sid:83672501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.33.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809400/; classtype:trojan-activity;sid:83672500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.90.69.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809399/; classtype:trojan-activity;sid:83672499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.126.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809398/; classtype:trojan-activity;sid:83672498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.69.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809397/; classtype:trojan-activity;sid:83672497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.153.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809396/; classtype:trojan-activity;sid:83672496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.242.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809395/; classtype:trojan-activity;sid:83672495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809394/; classtype:trojan-activity;sid:83672494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.108.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809393/; classtype:trojan-activity;sid:83672493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.216.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809392/; classtype:trojan-activity;sid:83672492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.33.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809391/; classtype:trojan-activity;sid:83672491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xub2eoyg4akd"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809390/; classtype:trojan-activity;sid:83672490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.211.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809389/; classtype:trojan-activity;sid:83672489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.249.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809388/; classtype:trojan-activity;sid:83672488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.187.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809387/; classtype:trojan-activity;sid:83672487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.242.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809386/; classtype:trojan-activity;sid:83672486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.70.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809385/; classtype:trojan-activity;sid:83672485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.164.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809384/; classtype:trojan-activity;sid:83672484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.5.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809383/; classtype:trojan-activity;sid:83672483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.69.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809382/; classtype:trojan-activity;sid:83672482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.153.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809381/; classtype:trojan-activity;sid:83672481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.243.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809380/; classtype:trojan-activity;sid:83672480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.35.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809379/; classtype:trojan-activity;sid:83672479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.80.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809378/; classtype:trojan-activity;sid:83672478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.171.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809377/; classtype:trojan-activity;sid:83672477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.126.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809376/; classtype:trojan-activity;sid:83672476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809375/; classtype:trojan-activity;sid:83672475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.164.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809374/; classtype:trojan-activity;sid:83672474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.219.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809373/; classtype:trojan-activity;sid:83672473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.187.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809372/; classtype:trojan-activity;sid:83672472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.117.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809371/; classtype:trojan-activity;sid:83672471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.3.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809370/; classtype:trojan-activity;sid:83672470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xapyupoayp9c"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809369/; classtype:trojan-activity;sid:83672469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xvdnoxtgbtmw"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809367/; classtype:trojan-activity;sid:83672467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x2jrjw01jcjq"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809368/; classtype:trojan-activity;sid:83672468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.215.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809365/; classtype:trojan-activity;sid:83672465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.85.33.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809366/; classtype:trojan-activity;sid:83672466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.135.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809364/; classtype:trojan-activity;sid:83672464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.87.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809363/; classtype:trojan-activity;sid:83672463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.25.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809362/; classtype:trojan-activity;sid:83672462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.48.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809361/; classtype:trojan-activity;sid:83672461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.251.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809360/; classtype:trojan-activity;sid:83672460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.135.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809359/; classtype:trojan-activity;sid:83672459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.236.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809357/; classtype:trojan-activity;sid:83672457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.226.48.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809358/; classtype:trojan-activity;sid:83672458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.48.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809356/; classtype:trojan-activity;sid:83672456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.117.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809355/; classtype:trojan-activity;sid:83672455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.46.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809354/; classtype:trojan-activity;sid:83672454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.117.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809353/; classtype:trojan-activity;sid:83672453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.113.68.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809352/; classtype:trojan-activity;sid:83672452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.3.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809351/; classtype:trojan-activity;sid:83672451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.196.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809350/; classtype:trojan-activity;sid:83672450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.215.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809349/; classtype:trojan-activity;sid:83672449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.57.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809348/; classtype:trojan-activity;sid:83672448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.7.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809345/; classtype:trojan-activity;sid:83672445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.93.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809346/; classtype:trojan-activity;sid:83672446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.48.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809347/; classtype:trojan-activity;sid:83672447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.87.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809343/; classtype:trojan-activity;sid:83672443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.34.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809344/; classtype:trojan-activity;sid:83672444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.226.48.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809342/; classtype:trojan-activity;sid:83672442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.216.93.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809341/; classtype:trojan-activity;sid:83672441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.164.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809340/; classtype:trojan-activity;sid:83672440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.58.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809339/; classtype:trojan-activity;sid:83672439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.161.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809338/; classtype:trojan-activity;sid:83672438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.195.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809337/; classtype:trojan-activity;sid:83672437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.57.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809336/; classtype:trojan-activity;sid:83672436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.182.242.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809335/; classtype:trojan-activity;sid:83672435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.57.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809334/; classtype:trojan-activity;sid:83672434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.81.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809332/; classtype:trojan-activity;sid:83672432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.117.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809333/; classtype:trojan-activity;sid:83672433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.72.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809331/; classtype:trojan-activity;sid:83672431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.108.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809330/; classtype:trojan-activity;sid:83672430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.116.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809329/; classtype:trojan-activity;sid:83672429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.195.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809328/; classtype:trojan-activity;sid:83672428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.181.65.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809327/; classtype:trojan-activity;sid:83672427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.62.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809326/; classtype:trojan-activity;sid:83672426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.183.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809324/; classtype:trojan-activity;sid:83672424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.138.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809325/; classtype:trojan-activity;sid:83672425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.34.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809323/; classtype:trojan-activity;sid:83672423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.108.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809322/; classtype:trojan-activity;sid:83672422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.208.56.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809321/; classtype:trojan-activity;sid:83672421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.226.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809320/; classtype:trojan-activity;sid:83672420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.186.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809319/; classtype:trojan-activity;sid:83672419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.248.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809318/; classtype:trojan-activity;sid:83672418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.120.10.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809317/; classtype:trojan-activity;sid:83672417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xiaowei.exe"; depth:12; endswith; nocase; http.host; content:"121.41.228.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809316/; classtype:trojan-activity;sid:83672416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sb360.exe"; depth:10; endswith; nocase; http.host; content:"121.41.228.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809314/; classtype:trojan-activity;sid:83672414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"121.41.228.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809315/; classtype:trojan-activity;sid:83672415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.51.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809313/; classtype:trojan-activity;sid:83672413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0m68k"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809311/; classtype:trojan-activity;sid:83672411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g.txt"; depth:6; endswith; nocase; http.host; content:"bolibachan.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809312/; classtype:trojan-activity;sid:83672412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.59.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809310/; classtype:trojan-activity;sid:83672410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.5.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809309/; classtype:trojan-activity;sid:83672409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.37.10.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809308/; classtype:trojan-activity;sid:83672408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.236.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809307/; classtype:trojan-activity;sid:83672407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kmklia12z5wz41ho5wlstcmdpaqy7tt5"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809306/; classtype:trojan-activity;sid:83672406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1cipeaimbnij6poq-5e6tcbooo4dt4w6w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809305/; classtype:trojan-activity;sid:83672405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.115.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809304/; classtype:trojan-activity;sid:83672404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/treasure/macido12.txt"; depth:22; endswith; nocase; http.host; content:"studiahoramina.cam"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809303/; classtype:trojan-activity;sid:83672403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/8zegn"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809302/; classtype:trojan-activity;sid:83672402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809301/; classtype:trojan-activity;sid:83672401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.148.32.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809300/; classtype:trojan-activity;sid:83672400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.176.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809299/; classtype:trojan-activity;sid:83672399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.45.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809297/; classtype:trojan-activity;sid:83672397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.180.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809298/; classtype:trojan-activity;sid:83672398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.158.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809296/; classtype:trojan-activity;sid:83672396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809294/; classtype:trojan-activity;sid:83672394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809295/; classtype:trojan-activity;sid:83672395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809289/; classtype:trojan-activity;sid:83672389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809290/; classtype:trojan-activity;sid:83672390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809291/; classtype:trojan-activity;sid:83672391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809292/; classtype:trojan-activity;sid:83672392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809293/; classtype:trojan-activity;sid:83672393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809286/; classtype:trojan-activity;sid:83672386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809287/; classtype:trojan-activity;sid:83672387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"185.105.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809288/; classtype:trojan-activity;sid:83672388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.5.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809285/; classtype:trojan-activity;sid:83672385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.251.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809284/; classtype:trojan-activity;sid:83672384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.62.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809283/; classtype:trojan-activity;sid:83672383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809282/; classtype:trojan-activity;sid:83672382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.242.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809281/; classtype:trojan-activity;sid:83672381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.120.10.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809280/; classtype:trojan-activity;sid:83672380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0x86_64"; depth:19; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809277/; classtype:trojan-activity;sid:83672377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0i686"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809278/; classtype:trojan-activity;sid:83672378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0spc"; depth:16; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809279/; classtype:trojan-activity;sid:83672379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.7.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809276/; classtype:trojan-activity;sid:83672376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.198.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809275/; classtype:trojan-activity;sid:83672375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.89.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809274/; classtype:trojan-activity;sid:83672374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0sh4"; depth:16; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809266/; classtype:trojan-activity;sid:83672366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0ppc"; depth:16; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809267/; classtype:trojan-activity;sid:83672367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm"; depth:16; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809268/; classtype:trojan-activity;sid:83672368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm4"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809269/; classtype:trojan-activity;sid:83672369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arc"; depth:16; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809270/; classtype:trojan-activity;sid:83672370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm6"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809271/; classtype:trojan-activity;sid:83672371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0m68k"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809272/; classtype:trojan-activity;sid:83672372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0i586"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809273/; classtype:trojan-activity;sid:83672373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0mpsl"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809264/; classtype:trojan-activity;sid:83672364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm5"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809265/; classtype:trojan-activity;sid:83672365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.171.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809260/; classtype:trojan-activity;sid:83672360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.51.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809259/; classtype:trojan-activity;sid:83672359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm"; depth:16; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809252/; classtype:trojan-activity;sid:83672352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0spc"; depth:16; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809253/; classtype:trojan-activity;sid:83672353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm7"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809254/; classtype:trojan-activity;sid:83672354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0i586"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809255/; classtype:trojan-activity;sid:83672355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0x86"; depth:16; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809256/; classtype:trojan-activity;sid:83672356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0x86_64"; depth:19; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809257/; classtype:trojan-activity;sid:83672357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0i686"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809258/; classtype:trojan-activity;sid:83672358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0sh4"; depth:16; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809250/; classtype:trojan-activity;sid:83672350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm4"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809251/; classtype:trojan-activity;sid:83672351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0mips"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809245/; classtype:trojan-activity;sid:83672345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0ppc"; depth:16; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809246/; classtype:trojan-activity;sid:83672346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm5"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809247/; classtype:trojan-activity;sid:83672347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm6"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809248/; classtype:trojan-activity;sid:83672348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0mpsl"; depth:17; endswith; nocase; http.host; content:"80.66.79.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809249/; classtype:trojan-activity;sid:83672349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.115.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809244/; classtype:trojan-activity;sid:83672344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0mips"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809243/; classtype:trojan-activity;sid:83672343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x1h52djdta0o"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809241/; classtype:trojan-activity;sid:83672341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xvahkax9ahh8"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809242/; classtype:trojan-activity;sid:83672342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.180.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809240/; classtype:trojan-activity;sid:83672340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.16.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809239/; classtype:trojan-activity;sid:83672339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809238/; classtype:trojan-activity;sid:83672338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.69.79.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.255.164.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.52.34.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809233/; classtype:trojan-activity;sid:83672333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.95.35.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809234/; classtype:trojan-activity;sid:83672334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.132.95.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809235/; classtype:trojan-activity;sid:83672335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.239.105.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809231/; classtype:trojan-activity;sid:83672331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.131.240.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809232/; classtype:trojan-activity;sid:83672332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.175.223.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.211.197.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.221.36.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809229/; classtype:trojan-activity;sid:83672329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.39.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809230/; classtype:trojan-activity;sid:83672330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.151.92.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809222/; classtype:trojan-activity;sid:83672322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.81.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809223/; classtype:trojan-activity;sid:83672323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.100.241.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809224/; classtype:trojan-activity;sid:83672324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.60.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.244.169.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.200.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809220/; classtype:trojan-activity;sid:83672320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.9.192.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809221/; classtype:trojan-activity;sid:83672321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.193.70.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809214/; classtype:trojan-activity;sid:83672314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.136.69.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809215/; classtype:trojan-activity;sid:83672315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.101.214.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809216/; classtype:trojan-activity;sid:83672316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.163.132.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809217/; classtype:trojan-activity;sid:83672317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.115.107.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809218/; classtype:trojan-activity;sid:83672318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.98.68.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809219/; classtype:trojan-activity;sid:83672319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.33.225.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809207/; classtype:trojan-activity;sid:83672307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.211.8.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.93.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.240.103.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809210/; classtype:trojan-activity;sid:83672310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.23.24.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809211/; classtype:trojan-activity;sid:83672311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809212/; classtype:trojan-activity;sid:83672312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.232.19.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809213/; classtype:trojan-activity;sid:83672313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.95.186.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.235.21.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809205/; classtype:trojan-activity;sid:83672305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.21.19.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809206/; classtype:trojan-activity;sid:83672306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.174.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809200/; classtype:trojan-activity;sid:83672300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.102.53.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809201/; classtype:trojan-activity;sid:83672301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.4.124.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.122.96.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.106.221.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809195/; classtype:trojan-activity;sid:83672295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"23.228.143.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809196/; classtype:trojan-activity;sid:83672296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.37.39.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809197/; classtype:trojan-activity;sid:83672297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.62.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809198/; classtype:trojan-activity;sid:83672298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.202.63.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809199/; classtype:trojan-activity;sid:83672299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.36.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809188/; classtype:trojan-activity;sid:83672288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.62.237.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809189/; classtype:trojan-activity;sid:83672289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.71.69.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809190/; classtype:trojan-activity;sid:83672290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.195.197.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809191/; classtype:trojan-activity;sid:83672291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.143.195.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809192/; classtype:trojan-activity;sid:83672292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.89.188.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.126.238.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809194/; classtype:trojan-activity;sid:83672294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.186.22.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809180/; classtype:trojan-activity;sid:83672280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.16.161.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809181/; classtype:trojan-activity;sid:83672281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.114.109.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809182/; classtype:trojan-activity;sid:83672282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.179.233.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809183/; classtype:trojan-activity;sid:83672283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.254.223.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809184/; classtype:trojan-activity;sid:83672284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.202.174.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809185/; classtype:trojan-activity;sid:83672285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.165.172.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809186/; classtype:trojan-activity;sid:83672286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.193.118.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809187/; classtype:trojan-activity;sid:83672287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.25.148.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809176/; classtype:trojan-activity;sid:83672276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.54.121.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809177/; classtype:trojan-activity;sid:83672277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.110.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809178/; classtype:trojan-activity;sid:83672278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.124.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809179/; classtype:trojan-activity;sid:83672279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.215.61.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"172.115.66.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809174/; classtype:trojan-activity;sid:83672274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.119.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809175/; classtype:trojan-activity;sid:83672275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.174.238.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809168/; classtype:trojan-activity;sid:83672268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"153.19.169.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809169/; classtype:trojan-activity;sid:83672269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.50.146.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809170/; classtype:trojan-activity;sid:83672270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"64.140.99.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809171/; classtype:trojan-activity;sid:83672271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.240.193.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809172/; classtype:trojan-activity;sid:83672272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.142.158.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809164/; classtype:trojan-activity;sid:83672264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.165.55.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809165/; classtype:trojan-activity;sid:83672265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.251.89.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809166/; classtype:trojan-activity;sid:83672266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.65.45.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.18.28.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809163/; classtype:trojan-activity;sid:83672263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.42.201.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.204.141.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809159/; classtype:trojan-activity;sid:83672259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.101.191.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809160/; classtype:trojan-activity;sid:83672260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.46.197.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809161/; classtype:trojan-activity;sid:83672261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.180.17.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809152/; classtype:trojan-activity;sid:83672252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.105.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809153/; classtype:trojan-activity;sid:83672253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.179.25.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809154/; classtype:trojan-activity;sid:83672254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.5.152.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809155/; classtype:trojan-activity;sid:83672255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.237.242.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809156/; classtype:trojan-activity;sid:83672256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.251.49.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809157/; classtype:trojan-activity;sid:83672257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.34.22.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809142/; classtype:trojan-activity;sid:83672242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.130.70.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809143/; classtype:trojan-activity;sid:83672243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809144/; classtype:trojan-activity;sid:83672244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.5.6.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809145/; classtype:trojan-activity;sid:83672245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"208.89.168.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809146/; classtype:trojan-activity;sid:83672246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.70.125.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809147/; classtype:trojan-activity;sid:83672247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.132.227.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809148/; classtype:trojan-activity;sid:83672248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.65.15.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.153.61.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809150/; classtype:trojan-activity;sid:83672250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.218.160.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809151/; classtype:trojan-activity;sid:83672251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.249.178.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809137/; classtype:trojan-activity;sid:83672237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.242.97.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809138/; classtype:trojan-activity;sid:83672238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.98.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809139/; classtype:trojan-activity;sid:83672239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.53.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.223.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809141/; classtype:trojan-activity;sid:83672241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.47.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.172.187.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809131/; classtype:trojan-activity;sid:83672231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.106.131.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809133/; classtype:trojan-activity;sid:83672233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.195.27.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809134/; classtype:trojan-activity;sid:83672234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809135/; classtype:trojan-activity;sid:83672235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.114.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809127/; classtype:trojan-activity;sid:83672227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.32.86.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.71.131.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809129/; classtype:trojan-activity;sid:83672229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.207.209.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809121/; classtype:trojan-activity;sid:83672221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.193.97.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809122/; classtype:trojan-activity;sid:83672222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.254.255.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"76.125.14.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809124/; classtype:trojan-activity;sid:83672224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.182.90.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809125/; classtype:trojan-activity;sid:83672225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.74.144.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809126/; classtype:trojan-activity;sid:83672226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.94.29.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.38.60.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809116/; classtype:trojan-activity;sid:83672216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.193.120.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.235.189.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809118/; classtype:trojan-activity;sid:83672218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.11.95.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809119/; classtype:trojan-activity;sid:83672219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.83.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.50.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.120.211.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809108/; classtype:trojan-activity;sid:83672208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.195.141.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809109/; classtype:trojan-activity;sid:83672209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.199.146.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809110/; classtype:trojan-activity;sid:83672210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.97.202.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809111/; classtype:trojan-activity;sid:83672211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.214.56.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809112/; classtype:trojan-activity;sid:83672212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.43.201.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809113/; classtype:trojan-activity;sid:83672213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.64.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809114/; classtype:trojan-activity;sid:83672214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.87.236.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809102/; classtype:trojan-activity;sid:83672202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"165.23.92.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809103/; classtype:trojan-activity;sid:83672203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.241.232.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809104/; classtype:trojan-activity;sid:83672204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.7.153.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809105/; classtype:trojan-activity;sid:83672205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.155.192.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809106/; classtype:trojan-activity;sid:83672206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.165.120.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809097/; classtype:trojan-activity;sid:83672197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.150.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809098/; classtype:trojan-activity;sid:83672198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.56.164.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809099/; classtype:trojan-activity;sid:83672199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.42.121.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809100/; classtype:trojan-activity;sid:83672200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.227.66.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809101/; classtype:trojan-activity;sid:83672201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.185.20.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809092/; classtype:trojan-activity;sid:83672192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"74.64.40.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809093/; classtype:trojan-activity;sid:83672193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.113.225.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809094/; classtype:trojan-activity;sid:83672194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.151.82.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809095/; classtype:trojan-activity;sid:83672195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.228.29.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809096/; classtype:trojan-activity;sid:83672196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.200.63.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.169.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809085/; classtype:trojan-activity;sid:83672185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.183.115.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809086/; classtype:trojan-activity;sid:83672186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"107.1.105.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809087/; classtype:trojan-activity;sid:83672187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.165.112.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809088/; classtype:trojan-activity;sid:83672188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.251.5.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.16.75.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809090/; classtype:trojan-activity;sid:83672190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.200.72.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.78.36.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809080/; classtype:trojan-activity;sid:83672180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.165.21.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809081/; classtype:trojan-activity;sid:83672181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.115.107.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809082/; classtype:trojan-activity;sid:83672182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.112.37.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809083/; classtype:trojan-activity;sid:83672183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.156.169.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809069/; classtype:trojan-activity;sid:83672169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.103.250.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809070/; classtype:trojan-activity;sid:83672170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.158.175.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809071/; classtype:trojan-activity;sid:83672171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.243.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809072/; classtype:trojan-activity;sid:83672172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.28.58.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.169.216.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809074/; classtype:trojan-activity;sid:83672174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.112.153.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809075/; classtype:trojan-activity;sid:83672175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.176.138.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809076/; classtype:trojan-activity;sid:83672176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.248.56.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.26.142.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809078/; classtype:trojan-activity;sid:83672178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.38.70.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809079/; classtype:trojan-activity;sid:83672179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.207.209.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809063/; classtype:trojan-activity;sid:83672163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.18.28.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809064/; classtype:trojan-activity;sid:83672164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.156.143.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809065/; classtype:trojan-activity;sid:83672165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.85.163.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809066/; classtype:trojan-activity;sid:83672166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.17.118.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809067/; classtype:trojan-activity;sid:83672167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"100.2.73.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809068/; classtype:trojan-activity;sid:83672168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.181.0.146"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809059/; classtype:trojan-activity;sid:83672159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.203.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809060/; classtype:trojan-activity;sid:83672160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.158.121.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809061/; classtype:trojan-activity;sid:83672161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.207.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809062/; classtype:trojan-activity;sid:83672162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.183.71.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809055/; classtype:trojan-activity;sid:83672155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.240.37.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809056/; classtype:trojan-activity;sid:83672156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.199.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809057/; classtype:trojan-activity;sid:83672157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.69.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809058/; classtype:trojan-activity;sid:83672158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.225.18.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809053/; classtype:trojan-activity;sid:83672153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.222.45.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809054/; classtype:trojan-activity;sid:83672154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.6.184.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809051/; classtype:trojan-activity;sid:83672151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.117.11.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809052/; classtype:trojan-activity;sid:83672152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809050/; classtype:trojan-activity;sid:83672150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.249.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809049/; classtype:trojan-activity;sid:83672149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.7.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809048/; classtype:trojan-activity;sid:83672148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.105.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809047/; classtype:trojan-activity;sid:83672147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.46.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809046/; classtype:trojan-activity;sid:83672146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.2.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809045/; classtype:trojan-activity;sid:83672145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.245.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809043/; classtype:trojan-activity;sid:83672143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.238.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809044/; classtype:trojan-activity;sid:83672144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.187.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809042/; classtype:trojan-activity;sid:83672142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.88.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809041/; classtype:trojan-activity;sid:83672141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.88.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809040/; classtype:trojan-activity;sid:83672140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.32.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809039/; classtype:trojan-activity;sid:83672139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.18.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809037/; classtype:trojan-activity;sid:83672137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.245.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809038/; classtype:trojan-activity;sid:83672138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.2.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809036/; classtype:trojan-activity;sid:83672136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.114.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809035/; classtype:trojan-activity;sid:83672135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.60.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809034/; classtype:trojan-activity;sid:83672134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.249.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809033/; classtype:trojan-activity;sid:83672133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.60.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809031/; classtype:trojan-activity;sid:83672131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809032/; classtype:trojan-activity;sid:83672132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.126.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809030/; classtype:trojan-activity;sid:83672130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.46.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809029/; classtype:trojan-activity;sid:83672129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0arm7"; depth:17; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809028/; classtype:trojan-activity;sid:83672128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.190.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809026/; classtype:trojan-activity;sid:83672126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.238.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809027/; classtype:trojan-activity;sid:83672127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.105.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809024/; classtype:trojan-activity;sid:83672124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.55.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809025/; classtype:trojan-activity;sid:83672125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.158.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809023/; classtype:trojan-activity;sid:83672123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.32.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809022/; classtype:trojan-activity;sid:83672122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.56.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809021/; classtype:trojan-activity;sid:83672121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.15.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809020/; classtype:trojan-activity;sid:83672120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.247.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809019/; classtype:trojan-activity;sid:83672119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.66.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809018/; classtype:trojan-activity;sid:83672118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.69.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809017/; classtype:trojan-activity;sid:83672117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809016/; classtype:trojan-activity;sid:83672116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.185.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809014/; classtype:trojan-activity;sid:83672114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809015/; classtype:trojan-activity;sid:83672115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.238.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809013/; classtype:trojan-activity;sid:83672113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.124.5.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809012/; classtype:trojan-activity;sid:83672112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.36.80.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809010/; classtype:trojan-activity;sid:83672110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.29.19.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809011/; classtype:trojan-activity;sid:83672111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"64.140.100.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809006/; classtype:trojan-activity;sid:83672106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"96.92.116.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809007/; classtype:trojan-activity;sid:83672107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.28.160.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809008/; classtype:trojan-activity;sid:83672108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.207.249.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809009/; classtype:trojan-activity;sid:83672109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.205.37.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809001/; classtype:trojan-activity;sid:83672101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.255.78.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809002/; classtype:trojan-activity;sid:83672102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.70.237.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809003/; classtype:trojan-activity;sid:83672103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"165.165.183.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809004/; classtype:trojan-activity;sid:83672104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.227.118.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809005/; classtype:trojan-activity;sid:83672105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"141.105.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808999/; classtype:trojan-activity;sid:83672099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.13.143.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809000/; classtype:trojan-activity;sid:83672100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.72.31.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808994/; classtype:trojan-activity;sid:83672094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.202.121.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808995/; classtype:trojan-activity;sid:83672095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.73.164.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808996/; classtype:trojan-activity;sid:83672096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.102.18.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808997/; classtype:trojan-activity;sid:83672097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.242.108.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808998/; classtype:trojan-activity;sid:83672098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.18.148.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808988/; classtype:trojan-activity;sid:83672088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.239.218.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808989/; classtype:trojan-activity;sid:83672089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.122.180.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808990/; classtype:trojan-activity;sid:83672090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.70.115.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808991/; classtype:trojan-activity;sid:83672091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.68.233.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808992/; classtype:trojan-activity;sid:83672092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.18.145.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808993/; classtype:trojan-activity;sid:83672093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.212.51.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808984/; classtype:trojan-activity;sid:83672084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.28.11.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.228.135.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.61.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808987/; classtype:trojan-activity;sid:83672087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.237.253.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808978/; classtype:trojan-activity;sid:83672078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.181.38.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808979/; classtype:trojan-activity;sid:83672079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.61.246.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808980/; classtype:trojan-activity;sid:83672080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.154.131.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.31.135.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808982/; classtype:trojan-activity;sid:83672082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.126.176.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808983/; classtype:trojan-activity;sid:83672083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.237.157.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808972/; classtype:trojan-activity;sid:83672072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.19.174.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.186.156.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808974/; classtype:trojan-activity;sid:83672074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.184.84.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808975/; classtype:trojan-activity;sid:83672075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.184.188.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808976/; classtype:trojan-activity;sid:83672076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.68.79.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808977/; classtype:trojan-activity;sid:83672077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.92.229.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808971/; classtype:trojan-activity;sid:83672071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.102.53.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808961/; classtype:trojan-activity;sid:83672061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.170.251.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808962/; classtype:trojan-activity;sid:83672062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.69.88.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808963/; classtype:trojan-activity;sid:83672063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.57.183.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808964/; classtype:trojan-activity;sid:83672064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.77.150.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808965/; classtype:trojan-activity;sid:83672065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.210.50.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.57.33.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.105.79.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808968/; classtype:trojan-activity;sid:83672068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.102.53.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808969/; classtype:trojan-activity;sid:83672069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.192.78.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808970/; classtype:trojan-activity;sid:83672070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.208.68.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808954/; classtype:trojan-activity;sid:83672054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.105.159.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808955/; classtype:trojan-activity;sid:83672055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.158.204.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808956/; classtype:trojan-activity;sid:83672056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.157.212.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.126.170.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808958/; classtype:trojan-activity;sid:83672058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.4.29.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808959/; classtype:trojan-activity;sid:83672059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.101.239.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808960/; classtype:trojan-activity;sid:83672060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.4.147.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.223.44.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808952/; classtype:trojan-activity;sid:83672052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.174.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808953/; classtype:trojan-activity;sid:83672053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.210.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.242.148.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808949/; classtype:trojan-activity;sid:83672049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.252.167.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808950/; classtype:trojan-activity;sid:83672050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.139.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.1.93.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808940/; classtype:trojan-activity;sid:83672040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.146.107.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808941/; classtype:trojan-activity;sid:83672041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.73.22.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808942/; classtype:trojan-activity;sid:83672042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.238.118.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808943/; classtype:trojan-activity;sid:83672043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.7.160.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808944/; classtype:trojan-activity;sid:83672044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.49.214.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808945/; classtype:trojan-activity;sid:83672045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.121.161.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808946/; classtype:trojan-activity;sid:83672046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.245.112.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.60.207.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808930/; classtype:trojan-activity;sid:83672030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.208.145.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808931/; classtype:trojan-activity;sid:83672031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.241.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808932/; classtype:trojan-activity;sid:83672032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.101.81.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.65.50.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808934/; classtype:trojan-activity;sid:83672034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.227.118.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.18.223.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808936/; classtype:trojan-activity;sid:83672036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.234.203.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808937/; classtype:trojan-activity;sid:83672037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.108.106.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808938/; classtype:trojan-activity;sid:83672038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.188.254.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808939/; classtype:trojan-activity;sid:83672039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.234.218.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808923/; classtype:trojan-activity;sid:83672023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.162.113.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.219.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808925/; classtype:trojan-activity;sid:83672025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.253.241.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808926/; classtype:trojan-activity;sid:83672026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.70.245.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808927/; classtype:trojan-activity;sid:83672027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.116.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.175.138.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808915/; classtype:trojan-activity;sid:83672015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.209.164.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808916/; classtype:trojan-activity;sid:83672016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.70.215.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808917/; classtype:trojan-activity;sid:83672017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.50.7.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808918/; classtype:trojan-activity;sid:83672018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.127.60.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808919/; classtype:trojan-activity;sid:83672019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.115.232.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808920/; classtype:trojan-activity;sid:83672020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.175.189.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808921/; classtype:trojan-activity;sid:83672021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.40.97.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808922/; classtype:trojan-activity;sid:83672022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.201.7.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808913/; classtype:trojan-activity;sid:83672013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.123.49.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808914/; classtype:trojan-activity;sid:83672014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.151.29.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808906/; classtype:trojan-activity;sid:83672006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.84.212.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.128.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808908/; classtype:trojan-activity;sid:83672008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.188.215.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808909/; classtype:trojan-activity;sid:83672009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.154.135.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.74.128.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808911/; classtype:trojan-activity;sid:83672011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.189.199.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808912/; classtype:trojan-activity;sid:83672012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.85.169.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808901/; classtype:trojan-activity;sid:83672001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.99.201.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808902/; classtype:trojan-activity;sid:83672002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.97.190.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808903/; classtype:trojan-activity;sid:83672003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.220.212.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808904/; classtype:trojan-activity;sid:83672004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.99.218.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808905/; classtype:trojan-activity;sid:83672005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.120.245.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808892/; classtype:trojan-activity;sid:83671992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.169.146.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808893/; classtype:trojan-activity;sid:83671993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.75.218.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808894/; classtype:trojan-activity;sid:83671994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.20.122.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808895/; classtype:trojan-activity;sid:83671995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.247.183.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808896/; classtype:trojan-activity;sid:83671996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.195.160.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808897/; classtype:trojan-activity;sid:83671997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.12.60.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808898/; classtype:trojan-activity;sid:83671998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"70.166.80.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808899/; classtype:trojan-activity;sid:83671999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.64.96.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.193.118.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808889/; classtype:trojan-activity;sid:83671989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.202.245.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808890/; classtype:trojan-activity;sid:83671990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.74.92.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808891/; classtype:trojan-activity;sid:83671991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.51.224.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808887/; classtype:trojan-activity;sid:83671987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.95.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808885/; classtype:trojan-activity;sid:83671985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.6.101.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808886/; classtype:trojan-activity;sid:83671986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808881/; classtype:trojan-activity;sid:83671981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.144.235.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808882/; classtype:trojan-activity;sid:83671982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.171.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808883/; classtype:trojan-activity;sid:83671983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logo.jpg"; depth:9; endswith; nocase; http.host; content:"a0943436.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808884/; classtype:trojan-activity;sid:83671984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.90.124.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808878/; classtype:trojan-activity;sid:83671978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.201.184.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808879/; classtype:trojan-activity;sid:83671979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.48.119.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.61.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.70.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808877/; classtype:trojan-activity;sid:83671977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.201.25.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.16.75.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"96.95.55.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808874/; classtype:trojan-activity;sid:83671974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.218.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808875/; classtype:trojan-activity;sid:83671975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.93.177.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808864/; classtype:trojan-activity;sid:83671964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.215.113.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808865/; classtype:trojan-activity;sid:83671965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.127.49.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808866/; classtype:trojan-activity;sid:83671966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.123.15.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808867/; classtype:trojan-activity;sid:83671967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.130.41.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808868/; classtype:trojan-activity;sid:83671968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.177.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808869/; classtype:trojan-activity;sid:83671969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.52.164.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.21.120.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808871/; classtype:trojan-activity;sid:83671971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.201.136.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808863/; classtype:trojan-activity;sid:83671963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.69.89.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808858/; classtype:trojan-activity;sid:83671958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.245.66.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808859/; classtype:trojan-activity;sid:83671959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"74.64.40.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808860/; classtype:trojan-activity;sid:83671960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.78.118.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808861/; classtype:trojan-activity;sid:83671961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.234.253.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808862/; classtype:trojan-activity;sid:83671962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808849/; classtype:trojan-activity;sid:83671949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.42.113.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808850/; classtype:trojan-activity;sid:83671950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.11.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808851/; classtype:trojan-activity;sid:83671951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.204.177.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808852/; classtype:trojan-activity;sid:83671952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.34.22.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808853/; classtype:trojan-activity;sid:83671953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.44.110.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.12.99.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808855/; classtype:trojan-activity;sid:83671955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.202.9.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808856/; classtype:trojan-activity;sid:83671956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.81.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808857/; classtype:trojan-activity;sid:83671957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.102.53.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808845/; classtype:trojan-activity;sid:83671945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.53.192.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808846/; classtype:trojan-activity;sid:83671946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.62.49.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808847/; classtype:trojan-activity;sid:83671947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.4.139"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808848/; classtype:trojan-activity;sid:83671948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.213.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808841/; classtype:trojan-activity;sid:83671941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.247.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808842/; classtype:trojan-activity;sid:83671942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.250.202.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808843/; classtype:trojan-activity;sid:83671943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.190.191.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808844/; classtype:trojan-activity;sid:83671944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.236.114.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808840/; classtype:trojan-activity;sid:83671940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.4.110.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808832/; classtype:trojan-activity;sid:83671932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.236.113.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808833/; classtype:trojan-activity;sid:83671933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.218.142.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808834/; classtype:trojan-activity;sid:83671934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.93.92.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808835/; classtype:trojan-activity;sid:83671935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.60.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.72.153.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808837/; classtype:trojan-activity;sid:83671937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.133.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808838/; classtype:trojan-activity;sid:83671938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.214.31.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808839/; classtype:trojan-activity;sid:83671939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.228.134.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808822/; classtype:trojan-activity;sid:83671922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.245.10.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.179.41.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808824/; classtype:trojan-activity;sid:83671924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"137.119.38.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808825/; classtype:trojan-activity;sid:83671925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.189.172.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808826/; classtype:trojan-activity;sid:83671926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.177.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.136.151.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808828/; classtype:trojan-activity;sid:83671928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"174.78.254.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.217.100.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808830/; classtype:trojan-activity;sid:83671930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.52.67.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808831/; classtype:trojan-activity;sid:83671931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.165.123.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808821/; classtype:trojan-activity;sid:83671921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.229.82.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808815/; classtype:trojan-activity;sid:83671915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.37.110.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808816/; classtype:trojan-activity;sid:83671916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.123.37.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808817/; classtype:trojan-activity;sid:83671917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.135.100.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808818/; classtype:trojan-activity;sid:83671918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.93.83.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808819/; classtype:trojan-activity;sid:83671919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.112.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808820/; classtype:trojan-activity;sid:83671920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.200.115.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808810/; classtype:trojan-activity;sid:83671910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.255.103.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808811/; classtype:trojan-activity;sid:83671911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.241.214.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808812/; classtype:trojan-activity;sid:83671912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808813/; classtype:trojan-activity;sid:83671913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.154.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.241.113.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808804/; classtype:trojan-activity;sid:83671904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.52.180.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808805/; classtype:trojan-activity;sid:83671905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.98.86.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808806/; classtype:trojan-activity;sid:83671906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.188.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808807/; classtype:trojan-activity;sid:83671907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.92.181.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808808/; classtype:trojan-activity;sid:83671908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.187.151.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.104.223.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808803/; classtype:trojan-activity;sid:83671903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.210.197.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808799/; classtype:trojan-activity;sid:83671899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808800/; classtype:trojan-activity;sid:83671900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.243.216.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808801/; classtype:trojan-activity;sid:83671901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.81.127.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808802/; classtype:trojan-activity;sid:83671902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.104.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808791/; classtype:trojan-activity;sid:83671891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.164.252.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808793/; classtype:trojan-activity;sid:83671893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.122.211.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.107.205.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.129.195.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808796/; classtype:trojan-activity;sid:83671896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.20.51.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808797/; classtype:trojan-activity;sid:83671897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.217.148.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808798/; classtype:trojan-activity;sid:83671898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"71.83.248.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808786/; classtype:trojan-activity;sid:83671886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.170.48.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808787/; classtype:trojan-activity;sid:83671887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.47.209.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808788/; classtype:trojan-activity;sid:83671888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808789/; classtype:trojan-activity;sid:83671889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.36.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808790/; classtype:trojan-activity;sid:83671890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.84.143.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808783/; classtype:trojan-activity;sid:83671883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.171.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808784/; classtype:trojan-activity;sid:83671884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.148.112.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808785/; classtype:trojan-activity;sid:83671885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.242.149.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808777/; classtype:trojan-activity;sid:83671877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.173.163.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808778/; classtype:trojan-activity;sid:83671878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.218.230.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808779/; classtype:trojan-activity;sid:83671879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"173.215.77.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808780/; classtype:trojan-activity;sid:83671880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.120.241.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808781/; classtype:trojan-activity;sid:83671881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.24.131.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808782/; classtype:trojan-activity;sid:83671882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"23.24.191.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808775/; classtype:trojan-activity;sid:83671875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.72.16.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808776/; classtype:trojan-activity;sid:83671876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.16.195.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808769/; classtype:trojan-activity;sid:83671869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.43.34.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808770/; classtype:trojan-activity;sid:83671870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.165.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.224.131.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808772/; classtype:trojan-activity;sid:83671872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.91.150.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808773/; classtype:trojan-activity;sid:83671873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.111.182.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808774/; classtype:trojan-activity;sid:83671874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.202.220.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808760/; classtype:trojan-activity;sid:83671860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.210.198.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808761/; classtype:trojan-activity;sid:83671861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.4.247.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808762/; classtype:trojan-activity;sid:83671862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.46.57.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808763/; classtype:trojan-activity;sid:83671863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.228.95.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808764/; classtype:trojan-activity;sid:83671864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.106.27.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808765/; classtype:trojan-activity;sid:83671865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"153.152.44.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808766/; classtype:trojan-activity;sid:83671866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.139.153.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.65.235.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808768/; classtype:trojan-activity;sid:83671868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.143.124.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808755/; classtype:trojan-activity;sid:83671855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.183.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.160.75.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808757/; classtype:trojan-activity;sid:83671857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.157.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.10.63.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808759/; classtype:trojan-activity;sid:83671859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.174.238.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808752/; classtype:trojan-activity;sid:83671852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808753/; classtype:trojan-activity;sid:83671853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.17.23.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808754/; classtype:trojan-activity;sid:83671854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.175.42.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.75.222.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808747/; classtype:trojan-activity;sid:83671847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.147.93.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808748/; classtype:trojan-activity;sid:83671848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.4.171"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808749/; classtype:trojan-activity;sid:83671849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.150.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808750/; classtype:trojan-activity;sid:83671850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.120.98.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808751/; classtype:trojan-activity;sid:83671851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.51.168.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808741/; classtype:trojan-activity;sid:83671841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.115.101.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808742/; classtype:trojan-activity;sid:83671842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.215.69.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808743/; classtype:trojan-activity;sid:83671843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.84.131.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808744/; classtype:trojan-activity;sid:83671844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.69.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808745/; classtype:trojan-activity;sid:83671845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.141.116.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808732/; classtype:trojan-activity;sid:83671832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.203.245.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808733/; classtype:trojan-activity;sid:83671833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.214.241.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.111.116.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808735/; classtype:trojan-activity;sid:83671835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.110.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808736/; classtype:trojan-activity;sid:83671836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.159.74.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.71.191.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808738/; classtype:trojan-activity;sid:83671838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.197.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.114.97.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808740/; classtype:trojan-activity;sid:83671840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.43.98.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808722/; classtype:trojan-activity;sid:83671822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.118.203.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808723/; classtype:trojan-activity;sid:83671823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.244.120.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808724/; classtype:trojan-activity;sid:83671824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.169.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808725/; classtype:trojan-activity;sid:83671825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.225.175.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808726/; classtype:trojan-activity;sid:83671826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.61.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808727/; classtype:trojan-activity;sid:83671827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.217.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808728/; classtype:trojan-activity;sid:83671828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.192.33.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808729/; classtype:trojan-activity;sid:83671829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"73.190.86.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808730/; classtype:trojan-activity;sid:83671830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.13.221.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808731/; classtype:trojan-activity;sid:83671831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.117.197.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808718/; classtype:trojan-activity;sid:83671818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.150.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808719/; classtype:trojan-activity;sid:83671819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.248.46.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808720/; classtype:trojan-activity;sid:83671820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.93.28.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808721/; classtype:trojan-activity;sid:83671821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.115.3.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808706/; classtype:trojan-activity;sid:83671806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.107.231.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808707/; classtype:trojan-activity;sid:83671807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.17.248.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.52.72.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808709/; classtype:trojan-activity;sid:83671809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.113.124.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.152.23.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808711/; classtype:trojan-activity;sid:83671811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.105.205.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808712/; classtype:trojan-activity;sid:83671812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"12.148.208.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808713/; classtype:trojan-activity;sid:83671813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.75.222.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808714/; classtype:trojan-activity;sid:83671814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.62.179.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.73.121.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808716/; classtype:trojan-activity;sid:83671816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.129.106.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.42.121.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808705/; classtype:trojan-activity;sid:83671805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.123.169.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808699/; classtype:trojan-activity;sid:83671799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.5.200.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808700/; classtype:trojan-activity;sid:83671800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.176.7.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808701/; classtype:trojan-activity;sid:83671801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.38.241.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808702/; classtype:trojan-activity;sid:83671802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.116.219.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808703/; classtype:trojan-activity;sid:83671803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.199.144.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808704/; classtype:trojan-activity;sid:83671804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.110.179.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808698/; classtype:trojan-activity;sid:83671798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.65.205.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808697/; classtype:trojan-activity;sid:83671797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloud/jinx2024.exe"; depth:19; endswith; nocase; http.host; content:"171.115.221.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808695/; classtype:trojan-activity;sid:83671795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloud/zhushen2024.exe"; depth:22; endswith; nocase; http.host; content:"171.115.221.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808696/; classtype:trojan-activity;sid:83671796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloud/111.exe"; depth:14; endswith; nocase; http.host; content:"171.115.221.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808694/; classtype:trojan-activity;sid:83671794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.255.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808693/; classtype:trojan-activity;sid:83671793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.190.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808692/; classtype:trojan-activity;sid:83671792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.114.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808689/; classtype:trojan-activity;sid:83671789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.73.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808690/; classtype:trojan-activity;sid:83671790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.5.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808691/; classtype:trojan-activity;sid:83671791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.216.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808688/; classtype:trojan-activity;sid:83671788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.55.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808687/; classtype:trojan-activity;sid:83671787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xvamfg2ljhs3"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808686/; classtype:trojan-activity;sid:83671786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.78.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808685/; classtype:trojan-activity;sid:83671785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.133.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808684/; classtype:trojan-activity;sid:83671784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloud/111.exe"; depth:14; endswith; nocase; http.host; content:"61.136.164.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808683/; classtype:trojan-activity;sid:83671783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloud/zhushen2024.exe"; depth:22; endswith; nocase; http.host; content:"61.136.164.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808682/; classtype:trojan-activity;sid:83671782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloud/jinx2024.exe"; depth:19; endswith; nocase; http.host; content:"61.136.164.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808681/; classtype:trojan-activity;sid:83671781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.69.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808680/; classtype:trojan-activity;sid:83671780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.255.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808679/; classtype:trojan-activity;sid:83671779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808678/; classtype:trojan-activity;sid:83671778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.56.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808677/; classtype:trojan-activity;sid:83671777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.154.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808676/; classtype:trojan-activity;sid:83671776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab/edun.txt"; depth:12; endswith; nocase; http.host; content:"mhsonsco.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808675/; classtype:trojan-activity;sid:83671775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/766/979/original/new_image_vbs.jpg"; depth:46; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808674/; classtype:trojan-activity;sid:83671774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/766/978/full/new_image_vbs.jpg"; depth:42; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808673/; classtype:trojan-activity;sid:83671773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.7.36.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808672/; classtype:trojan-activity;sid:83671772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.31.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808671/; classtype:trojan-activity;sid:83671771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.137.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808667/; classtype:trojan-activity;sid:83671767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808668/; classtype:trojan-activity;sid:83671768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.81.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808669/; classtype:trojan-activity;sid:83671769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.164.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808670/; classtype:trojan-activity;sid:83671770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/bbqsq"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808666/; classtype:trojan-activity;sid:83671766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.73.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808664/; classtype:trojan-activity;sid:83671764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.78.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808665/; classtype:trojan-activity;sid:83671765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.238.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808663/; classtype:trojan-activity;sid:83671763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.101.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808662/; classtype:trojan-activity;sid:83671762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"98.123.165.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808661/; classtype:trojan-activity;sid:83671761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.120.179.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808659/; classtype:trojan-activity;sid:83671759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"51.33.57.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808660/; classtype:trojan-activity;sid:83671760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.158.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808658/; classtype:trojan-activity;sid:83671758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.212.128.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808656/; classtype:trojan-activity;sid:83671756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.36.165.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808657/; classtype:trojan-activity;sid:83671757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.169.148.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808650/; classtype:trojan-activity;sid:83671750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.40.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808651/; classtype:trojan-activity;sid:83671751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.34.7.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.239.206.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808653/; classtype:trojan-activity;sid:83671753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.86.93.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808654/; classtype:trojan-activity;sid:83671754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.11.128"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808655/; classtype:trojan-activity;sid:83671755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.216.131.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808649/; classtype:trojan-activity;sid:83671749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.20.235.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808648/; classtype:trojan-activity;sid:83671748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.33.34.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808647/; classtype:trojan-activity;sid:83671747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.230.158.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808646/; classtype:trojan-activity;sid:83671746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.43.99.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808645/; classtype:trojan-activity;sid:83671745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.131.244.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.212.109.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808643/; classtype:trojan-activity;sid:83671743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.191.123.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.20.63.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808638/; classtype:trojan-activity;sid:83671738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.23.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808639/; classtype:trojan-activity;sid:83671739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.205.35.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808640/; classtype:trojan-activity;sid:83671740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.74.243.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808641/; classtype:trojan-activity;sid:83671741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.188.145.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808642/; classtype:trojan-activity;sid:83671742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.192.153.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808634/; classtype:trojan-activity;sid:83671734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.135.140.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808635/; classtype:trojan-activity;sid:83671735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.60.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.28.58.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.165.172.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808632/; classtype:trojan-activity;sid:83671732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.92.233.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808633/; classtype:trojan-activity;sid:83671733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"134.255.211.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808629/; classtype:trojan-activity;sid:83671729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.176.137.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.17.9.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808624/; classtype:trojan-activity;sid:83671724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.66.164.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808625/; classtype:trojan-activity;sid:83671725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.92.79.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808626/; classtype:trojan-activity;sid:83671726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.241.57.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808627/; classtype:trojan-activity;sid:83671727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.127.76.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808628/; classtype:trojan-activity;sid:83671728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.99.228.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808621/; classtype:trojan-activity;sid:83671721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.218.139.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808622/; classtype:trojan-activity;sid:83671722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.92.79.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808623/; classtype:trojan-activity;sid:83671723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.4.69.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808616/; classtype:trojan-activity;sid:83671716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.40.49.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808617/; classtype:trojan-activity;sid:83671717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.234.151.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808618/; classtype:trojan-activity;sid:83671718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.101.130.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808619/; classtype:trojan-activity;sid:83671719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"174.7.42.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808620/; classtype:trojan-activity;sid:83671720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.206.74.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808613/; classtype:trojan-activity;sid:83671713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.252.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808614/; classtype:trojan-activity;sid:83671714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.98.13.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808615/; classtype:trojan-activity;sid:83671715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.140.156.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808608/; classtype:trojan-activity;sid:83671708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.120.173.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808609/; classtype:trojan-activity;sid:83671709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.6.74.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.1.241.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808611/; classtype:trojan-activity;sid:83671711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.90.181.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808612/; classtype:trojan-activity;sid:83671712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.218.152.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.188.27.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808604/; classtype:trojan-activity;sid:83671704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.40.54.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808605/; classtype:trojan-activity;sid:83671705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.171.55.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808606/; classtype:trojan-activity;sid:83671706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.93.84.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808607/; classtype:trojan-activity;sid:83671707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.80.244.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.237.112.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808595/; classtype:trojan-activity;sid:83671695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.19.45.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808596/; classtype:trojan-activity;sid:83671696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"140.82.62.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808597/; classtype:trojan-activity;sid:83671697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.93.176.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808598/; classtype:trojan-activity;sid:83671698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.82.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"226.179.249.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808600/; classtype:trojan-activity;sid:83671700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.186.115.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808601/; classtype:trojan-activity;sid:83671701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.188.121.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808602/; classtype:trojan-activity;sid:83671702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.92.79.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808587/; classtype:trojan-activity;sid:83671687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"130.0.219.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808588/; classtype:trojan-activity;sid:83671688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.43.7.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808589/; classtype:trojan-activity;sid:83671689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.70.144.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808590/; classtype:trojan-activity;sid:83671690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.46.38.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808591/; classtype:trojan-activity;sid:83671691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.79.119.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808592/; classtype:trojan-activity;sid:83671692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.23.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808593/; classtype:trojan-activity;sid:83671693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.244.207.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808582/; classtype:trojan-activity;sid:83671682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.23.51.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808583/; classtype:trojan-activity;sid:83671683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.92.72.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808584/; classtype:trojan-activity;sid:83671684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"143.208.36.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808585/; classtype:trojan-activity;sid:83671685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.38.241.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808586/; classtype:trojan-activity;sid:83671686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.11.95.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808579/; classtype:trojan-activity;sid:83671679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.70.198.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808580/; classtype:trojan-activity;sid:83671680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.40.149.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808581/; classtype:trojan-activity;sid:83671681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.69.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.224.98.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808576/; classtype:trojan-activity;sid:83671676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.132.245.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808577/; classtype:trojan-activity;sid:83671677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.76.187.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808578/; classtype:trojan-activity;sid:83671678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.220.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808574/; classtype:trojan-activity;sid:83671674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.218.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808573/; classtype:trojan-activity;sid:83671673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.83.173.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808572/; classtype:trojan-activity;sid:83671672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.60.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808570/; classtype:trojan-activity;sid:83671670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.29.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808571/; classtype:trojan-activity;sid:83671671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.164.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808569/; classtype:trojan-activity;sid:83671669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.201.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808568/; classtype:trojan-activity;sid:83671668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.253.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808567/; classtype:trojan-activity;sid:83671667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.1.157.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808564/; classtype:trojan-activity;sid:83671664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.115.174.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808565/; classtype:trojan-activity;sid:83671665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.41.91.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808566/; classtype:trojan-activity;sid:83671666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.73.242.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808563/; classtype:trojan-activity;sid:83671663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.0.4.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808561/; classtype:trojan-activity;sid:83671661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.7.27.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.184.239.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808553/; classtype:trojan-activity;sid:83671653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.102.58.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808554/; classtype:trojan-activity;sid:83671654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.181.44.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808555/; classtype:trojan-activity;sid:83671655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.218.172.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808556/; classtype:trojan-activity;sid:83671656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.118.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808557/; classtype:trojan-activity;sid:83671657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.20.234.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808558/; classtype:trojan-activity;sid:83671658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.19.74.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808559/; classtype:trojan-activity;sid:83671659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.186.54.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.117.189.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808539/; classtype:trojan-activity;sid:83671639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.142.114.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808540/; classtype:trojan-activity;sid:83671640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.123.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808541/; classtype:trojan-activity;sid:83671641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808542/; classtype:trojan-activity;sid:83671642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.23.194.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808543/; classtype:trojan-activity;sid:83671643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.234.147.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808544/; classtype:trojan-activity;sid:83671644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.189.222.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.141.122.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808546/; classtype:trojan-activity;sid:83671646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.98.156.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808547/; classtype:trojan-activity;sid:83671647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.18.162.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808548/; classtype:trojan-activity;sid:83671648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.101.187.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808549/; classtype:trojan-activity;sid:83671649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.239.22.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808550/; classtype:trojan-activity;sid:83671650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.180.9.57"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.29.147.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808552/; classtype:trojan-activity;sid:83671652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.87.5.2"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.113.155.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808534/; classtype:trojan-activity;sid:83671634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.28.58.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808535/; classtype:trojan-activity;sid:83671635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.254.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808536/; classtype:trojan-activity;sid:83671636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.85.216.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808537/; classtype:trojan-activity;sid:83671637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"107.1.208.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808538/; classtype:trojan-activity;sid:83671638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"76.125.13.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808530/; classtype:trojan-activity;sid:83671630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.114.132.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808531/; classtype:trojan-activity;sid:83671631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.21.192.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808532/; classtype:trojan-activity;sid:83671632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"96.246.156.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808527/; classtype:trojan-activity;sid:83671627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.50.7.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808528/; classtype:trojan-activity;sid:83671628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.135.20.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808529/; classtype:trojan-activity;sid:83671629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.93.53.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808519/; classtype:trojan-activity;sid:83671619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.34.209.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.191.218.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808521/; classtype:trojan-activity;sid:83671621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.140.176.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808522/; classtype:trojan-activity;sid:83671622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.110.151.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808523/; classtype:trojan-activity;sid:83671623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.171.80.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.205.90.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808525/; classtype:trojan-activity;sid:83671625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.186.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808526/; classtype:trojan-activity;sid:83671626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.244.112.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808511/; classtype:trojan-activity;sid:83671611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.198.193.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808512/; classtype:trojan-activity;sid:83671612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.255.103.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808513/; classtype:trojan-activity;sid:83671613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.174.34.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808514/; classtype:trojan-activity;sid:83671614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.229.139.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.159.28.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808516/; classtype:trojan-activity;sid:83671616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.185.49.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808517/; classtype:trojan-activity;sid:83671617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.28.58.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808518/; classtype:trojan-activity;sid:83671618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.81.24.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808503/; classtype:trojan-activity;sid:83671603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.187.82.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.37.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808505/; classtype:trojan-activity;sid:83671605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.78.106.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808506/; classtype:trojan-activity;sid:83671606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.140.36.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808507/; classtype:trojan-activity;sid:83671607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.164.18.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808508/; classtype:trojan-activity;sid:83671608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"98.175.32.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808509/; classtype:trojan-activity;sid:83671609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.238.134.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808510/; classtype:trojan-activity;sid:83671610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.251.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808497/; classtype:trojan-activity;sid:83671597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.150.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808498/; classtype:trojan-activity;sid:83671598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.101.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808499/; classtype:trojan-activity;sid:83671599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.77.14.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808500/; classtype:trojan-activity;sid:83671600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.229.92.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808501/; classtype:trojan-activity;sid:83671601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.111.119.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.209.193.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808493/; classtype:trojan-activity;sid:83671593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.238.231.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808494/; classtype:trojan-activity;sid:83671594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.251.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808495/; classtype:trojan-activity;sid:83671595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.139.249.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.89.178.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808489/; classtype:trojan-activity;sid:83671589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.84.37.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808490/; classtype:trojan-activity;sid:83671590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.124.76.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808491/; classtype:trojan-activity;sid:83671591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.207.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.63.108.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808484/; classtype:trojan-activity;sid:83671584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.19.172.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.199.144.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808486/; classtype:trojan-activity;sid:83671586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.235.185.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808487/; classtype:trojan-activity;sid:83671587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.199.42.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808488/; classtype:trojan-activity;sid:83671588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.92.28.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808481/; classtype:trojan-activity;sid:83671581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.68.161.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808482/; classtype:trojan-activity;sid:83671582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.172.170.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808483/; classtype:trojan-activity;sid:83671583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.69.88.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808475/; classtype:trojan-activity;sid:83671575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.183.45.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808476/; classtype:trojan-activity;sid:83671576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.165.36.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808477/; classtype:trojan-activity;sid:83671577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.42.243.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808478/; classtype:trojan-activity;sid:83671578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.191.143.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808479/; classtype:trojan-activity;sid:83671579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.11.206.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808480/; classtype:trojan-activity;sid:83671580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.144.246.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808465/; classtype:trojan-activity;sid:83671565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.234.218.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808466/; classtype:trojan-activity;sid:83671566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.242.139.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.78.215.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808468/; classtype:trojan-activity;sid:83671568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.12.55.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808469/; classtype:trojan-activity;sid:83671569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"64.140.105.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808470/; classtype:trojan-activity;sid:83671570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.138.44.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808471/; classtype:trojan-activity;sid:83671571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.1.203.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808472/; classtype:trojan-activity;sid:83671572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.247.68.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808473/; classtype:trojan-activity;sid:83671573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.36.68.156"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808474/; classtype:trojan-activity;sid:83671574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.174.82.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808461/; classtype:trojan-activity;sid:83671561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.55.243.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808462/; classtype:trojan-activity;sid:83671562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.55.124.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808463/; classtype:trojan-activity;sid:83671563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.167.196.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808464/; classtype:trojan-activity;sid:83671564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"71.42.105.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808455/; classtype:trojan-activity;sid:83671555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.202.83.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808456/; classtype:trojan-activity;sid:83671556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.17.61.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808457/; classtype:trojan-activity;sid:83671557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.174.143.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808458/; classtype:trojan-activity;sid:83671558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.154.84.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808459/; classtype:trojan-activity;sid:83671559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.4.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808460/; classtype:trojan-activity;sid:83671560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.150.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808453/; classtype:trojan-activity;sid:83671553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.115.156.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808454/; classtype:trojan-activity;sid:83671554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.228.128.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808449/; classtype:trojan-activity;sid:83671549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.38.40.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808450/; classtype:trojan-activity;sid:83671550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.58.83.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808451/; classtype:trojan-activity;sid:83671551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.237.174.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808452/; classtype:trojan-activity;sid:83671552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.176.127.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808446/; classtype:trojan-activity;sid:83671546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.234.218.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808447/; classtype:trojan-activity;sid:83671547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.92.143.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808431/; classtype:trojan-activity;sid:83671531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.200.203.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808432/; classtype:trojan-activity;sid:83671532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.80.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808433/; classtype:trojan-activity;sid:83671533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.237.174.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808434/; classtype:trojan-activity;sid:83671534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.165.200.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808435/; classtype:trojan-activity;sid:83671535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.118.104.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808436/; classtype:trojan-activity;sid:83671536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.208.30.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808437/; classtype:trojan-activity;sid:83671537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.98.138.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808438/; classtype:trojan-activity;sid:83671538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.235.149.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808439/; classtype:trojan-activity;sid:83671539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.180.176.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808440/; classtype:trojan-activity;sid:83671540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.213.235.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808441/; classtype:trojan-activity;sid:83671541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.25.214.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808442/; classtype:trojan-activity;sid:83671542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.0.136.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808443/; classtype:trojan-activity;sid:83671543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.247.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.156.46.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.185.127.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808422/; classtype:trojan-activity;sid:83671522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.213.157.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808423/; classtype:trojan-activity;sid:83671523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.89.199.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.246.214.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808425/; classtype:trojan-activity;sid:83671525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.212.237.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808426/; classtype:trojan-activity;sid:83671526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.116.68.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.54.179.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808428/; classtype:trojan-activity;sid:83671528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.174.152.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808429/; classtype:trojan-activity;sid:83671529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.73.70.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.209.255.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808413/; classtype:trojan-activity;sid:83671513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.71.59.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808414/; classtype:trojan-activity;sid:83671514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.218.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808415/; classtype:trojan-activity;sid:83671515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.119.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.168.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808417/; classtype:trojan-activity;sid:83671517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.216.28.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.182.115.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808419/; classtype:trojan-activity;sid:83671519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.194.25.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808420/; classtype:trojan-activity;sid:83671520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.249.54.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.142.169.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808409/; classtype:trojan-activity;sid:83671509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.38.222.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808410/; classtype:trojan-activity;sid:83671510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.150.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808411/; classtype:trojan-activity;sid:83671511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.245.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808412/; classtype:trojan-activity;sid:83671512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.221.254.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808406/; classtype:trojan-activity;sid:83671506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.16.195.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808407/; classtype:trojan-activity;sid:83671507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.171.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.92.132.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808404/; classtype:trojan-activity;sid:83671504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.59.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808405/; classtype:trojan-activity;sid:83671505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.195.100.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808400/; classtype:trojan-activity;sid:83671500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.242.124.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808401/; classtype:trojan-activity;sid:83671501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"51.182.145.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808402/; classtype:trojan-activity;sid:83671502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.91.96.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808403/; classtype:trojan-activity;sid:83671503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.174.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808389/; classtype:trojan-activity;sid:83671489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"47.50.169.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.211.107.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808391/; classtype:trojan-activity;sid:83671491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.94.100.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808392/; classtype:trojan-activity;sid:83671492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.47.191.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808393/; classtype:trojan-activity;sid:83671493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.150.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808394/; classtype:trojan-activity;sid:83671494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.152.17.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808395/; classtype:trojan-activity;sid:83671495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.240.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808396/; classtype:trojan-activity;sid:83671496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.57.121.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808397/; classtype:trojan-activity;sid:83671497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.194.116.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808398/; classtype:trojan-activity;sid:83671498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.187.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808399/; classtype:trojan-activity;sid:83671499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.230.238.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808375/; classtype:trojan-activity;sid:83671475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.182.214.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808376/; classtype:trojan-activity;sid:83671476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.159.72.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808377/; classtype:trojan-activity;sid:83671477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.128.218.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808378/; classtype:trojan-activity;sid:83671478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.165.192.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808379/; classtype:trojan-activity;sid:83671479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.230.158.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.96.246.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808381/; classtype:trojan-activity;sid:83671481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.26.181.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808382/; classtype:trojan-activity;sid:83671482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.190.76.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808383/; classtype:trojan-activity;sid:83671483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.192.201.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808384/; classtype:trojan-activity;sid:83671484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.245.131.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808385/; classtype:trojan-activity;sid:83671485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.31.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808386/; classtype:trojan-activity;sid:83671486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.70.204.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808387/; classtype:trojan-activity;sid:83671487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.38.171.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808388/; classtype:trojan-activity;sid:83671488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.255.90.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808368/; classtype:trojan-activity;sid:83671468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.80.242.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808369/; classtype:trojan-activity;sid:83671469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.208.99.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808370/; classtype:trojan-activity;sid:83671470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.72.39.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.77.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808372/; classtype:trojan-activity;sid:83671472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.125.163.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"98.103.171.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.170.18.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808364/; classtype:trojan-activity;sid:83671464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.213.157.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808365/; classtype:trojan-activity;sid:83671465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.114.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.188.48.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808367/; classtype:trojan-activity;sid:83671467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.96.71.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808362/; classtype:trojan-activity;sid:83671462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.181.0.61"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808363/; classtype:trojan-activity;sid:83671463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.136.83.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808360/; classtype:trojan-activity;sid:83671460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.39.116.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808361/; classtype:trojan-activity;sid:83671461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.96.94.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808359/; classtype:trojan-activity;sid:83671459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808358/; classtype:trojan-activity;sid:83671458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808356/; classtype:trojan-activity;sid:83671456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64le"; depth:9; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808357/; classtype:trojan-activity;sid:83671457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808355/; classtype:trojan-activity;sid:83671455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808354/; classtype:trojan-activity;sid:83671454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808353/; classtype:trojan-activity;sid:83671453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808352/; classtype:trojan-activity;sid:83671452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808350/; classtype:trojan-activity;sid:83671450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808351/; classtype:trojan-activity;sid:83671451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808349/; classtype:trojan-activity;sid:83671449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808348/; classtype:trojan-activity;sid:83671448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808347/; classtype:trojan-activity;sid:83671447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys/apc_3.sys"; depth:14; endswith; nocase; http.host; content:"82.157.242.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808346/; classtype:trojan-activity;sid:83671446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server.exe"; depth:11; endswith; nocase; http.host; content:"43.226.35.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808345/; classtype:trojan-activity;sid:83671445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys/apc_1.sys"; depth:14; endswith; nocase; http.host; content:"82.157.242.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808343/; classtype:trojan-activity;sid:83671443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchoste.exe"; depth:13; endswith; nocase; http.host; content:"43.226.35.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808344/; classtype:trojan-activity;sid:83671444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys/apc_2.sys"; depth:14; endswith; nocase; http.host; content:"82.157.242.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808342/; classtype:trojan-activity;sid:83671442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:38; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808339/; classtype:trojan-activity;sid:83671439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/explores.exe"; depth:13; endswith; nocase; http.host; content:"43.226.35.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808340/; classtype:trojan-activity;sid:83671440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:38; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808341/; classtype:trojan-activity;sid:83671441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:37; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808338/; classtype:trojan-activity;sid:83671438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:37; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808337/; classtype:trojan-activity;sid:83671437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wormr.exe"; depth:10; endswith; nocase; http.host; content:"103.73.163.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808334/; classtype:trojan-activity;sid:83671434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:38; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808335/; classtype:trojan-activity;sid:83671435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:37; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808336/; classtype:trojan-activity;sid:83671436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:38; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808331/; classtype:trojan-activity;sid:83671431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:38; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808332/; classtype:trojan-activity;sid:83671432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:38; endswith; nocase; http.host; content:"149.88.79.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808333/; classtype:trojan-activity;sid:83671433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fikikpiz/nissrv.exe"; depth:20; endswith; nocase; http.host; content:"159.253.120.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808330/; classtype:trojan-activity;sid:83671430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.144.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808329/; classtype:trojan-activity;sid:83671429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.180.234.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808328/; classtype:trojan-activity;sid:83671428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.233.197.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808327/; classtype:trojan-activity;sid:83671427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.210.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808326/; classtype:trojan-activity;sid:83671426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.125.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808325/; classtype:trojan-activity;sid:83671425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.197.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808322/; classtype:trojan-activity;sid:83671422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.8.35"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808323/; classtype:trojan-activity;sid:83671423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.201.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808324/; classtype:trojan-activity;sid:83671424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.251.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808321/; classtype:trojan-activity;sid:83671421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1ly6wwwx|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"dnftm.sh"; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808320/; classtype:trojan-activity;sid:83671420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.164.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808319/; classtype:trojan-activity;sid:83671419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.64.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808318/; classtype:trojan-activity;sid:83671418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.205.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808317/; classtype:trojan-activity;sid:83671417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.113.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808316/; classtype:trojan-activity;sid:83671416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.118.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808315/; classtype:trojan-activity;sid:83671415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.245.74.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808314/; classtype:trojan-activity;sid:83671414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.172.49.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808313/; classtype:trojan-activity;sid:83671413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.192.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808312/; classtype:trojan-activity;sid:83671412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.54.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808311/; classtype:trojan-activity;sid:83671411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.253.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808310/; classtype:trojan-activity;sid:83671410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"46.229.139.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808293/; classtype:trojan-activity;sid:83671393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808294/; classtype:trojan-activity;sid:83671394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808295/; classtype:trojan-activity;sid:83671395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"78.11.94.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808296/; classtype:trojan-activity;sid:83671396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808297/; classtype:trojan-activity;sid:83671397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.11.94.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808298/; classtype:trojan-activity;sid:83671398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"60.246.119.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808299/; classtype:trojan-activity;sid:83671399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808301/; classtype:trojan-activity;sid:83671401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808302/; classtype:trojan-activity;sid:83671402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808303/; classtype:trojan-activity;sid:83671403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808304/; classtype:trojan-activity;sid:83671404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808305/; classtype:trojan-activity;sid:83671405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808306/; classtype:trojan-activity;sid:83671406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808307/; classtype:trojan-activity;sid:83671407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"102.141.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808308/; classtype:trojan-activity;sid:83671408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808285/; classtype:trojan-activity;sid:83671385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.229.139.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.246.119.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808288/; classtype:trojan-activity;sid:83671388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"103.78.215.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808289/; classtype:trojan-activity;sid:83671389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808290/; classtype:trojan-activity;sid:83671390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808292/; classtype:trojan-activity;sid:83671392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.23.194.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808282/; classtype:trojan-activity;sid:83671382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"78.38.98.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808283/; classtype:trojan-activity;sid:83671383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808271/; classtype:trojan-activity;sid:83671371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808272/; classtype:trojan-activity;sid:83671372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"102.141.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808273/; classtype:trojan-activity;sid:83671373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"109.171.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808274/; classtype:trojan-activity;sid:83671374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"109.171.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808275/; classtype:trojan-activity;sid:83671375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808276/; classtype:trojan-activity;sid:83671376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808277/; classtype:trojan-activity;sid:83671377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808278/; classtype:trojan-activity;sid:83671378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808259/; classtype:trojan-activity;sid:83671359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808260/; classtype:trojan-activity;sid:83671360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808261/; classtype:trojan-activity;sid:83671361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808262/; classtype:trojan-activity;sid:83671362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"78.188.27.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808263/; classtype:trojan-activity;sid:83671363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808264/; classtype:trojan-activity;sid:83671364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808265/; classtype:trojan-activity;sid:83671365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"78.38.98.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808266/; classtype:trojan-activity;sid:83671366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808267/; classtype:trojan-activity;sid:83671367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"78.188.27.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808268/; classtype:trojan-activity;sid:83671368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"67.78.106.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808269/; classtype:trojan-activity;sid:83671369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"31.40.97.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808270/; classtype:trojan-activity;sid:83671370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808258/; classtype:trojan-activity;sid:83671358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808256/; classtype:trojan-activity;sid:83671356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808257/; classtype:trojan-activity;sid:83671357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808253/; classtype:trojan-activity;sid:83671353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808254/; classtype:trojan-activity;sid:83671354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808255/; classtype:trojan-activity;sid:83671355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.11.94.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808230/; classtype:trojan-activity;sid:83671330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808233/; classtype:trojan-activity;sid:83671333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"102.141.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808234/; classtype:trojan-activity;sid:83671334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.188.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808237/; classtype:trojan-activity;sid:83671337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"79.188.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808238/; classtype:trojan-activity;sid:83671338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.246.119.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808239/; classtype:trojan-activity;sid:83671339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.79.233.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808240/; classtype:trojan-activity;sid:83671340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808243/; classtype:trojan-activity;sid:83671343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.78.215.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808245/; classtype:trojan-activity;sid:83671345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"41.79.233.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808246/; classtype:trojan-activity;sid:83671346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808247/; classtype:trojan-activity;sid:83671347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808250/; classtype:trojan-activity;sid:83671350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"78.188.27.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808251/; classtype:trojan-activity;sid:83671351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"67.78.106.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808252/; classtype:trojan-activity;sid:83671352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"109.171.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808225/; classtype:trojan-activity;sid:83671325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808226/; classtype:trojan-activity;sid:83671326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808228/; classtype:trojan-activity;sid:83671328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"78.38.98.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808229/; classtype:trojan-activity;sid:83671329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808216/; classtype:trojan-activity;sid:83671316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.38.98.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808218/; classtype:trojan-activity;sid:83671318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808219/; classtype:trojan-activity;sid:83671319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.40.97.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808220/; classtype:trojan-activity;sid:83671320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808221/; classtype:trojan-activity;sid:83671321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.171.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808222/; classtype:trojan-activity;sid:83671322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"31.40.97.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808223/; classtype:trojan-activity;sid:83671323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.141.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808224/; classtype:trojan-activity;sid:83671324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.188.27.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808214/; classtype:trojan-activity;sid:83671314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808210/; classtype:trojan-activity;sid:83671310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808211/; classtype:trojan-activity;sid:83671311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808212/; classtype:trojan-activity;sid:83671312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808213/; classtype:trojan-activity;sid:83671313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808204/; classtype:trojan-activity;sid:83671304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808205/; classtype:trojan-activity;sid:83671305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808206/; classtype:trojan-activity;sid:83671306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808207/; classtype:trojan-activity;sid:83671307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808208/; classtype:trojan-activity;sid:83671308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808209/; classtype:trojan-activity;sid:83671309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808201/; classtype:trojan-activity;sid:83671301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808202/; classtype:trojan-activity;sid:83671302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808203/; classtype:trojan-activity;sid:83671303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808200/; classtype:trojan-activity;sid:83671300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.78.215.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808199/; classtype:trojan-activity;sid:83671299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808185/; classtype:trojan-activity;sid:83671285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"67.78.106.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808186/; classtype:trojan-activity;sid:83671286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.246.119.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808188/; classtype:trojan-activity;sid:83671288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808190/; classtype:trojan-activity;sid:83671290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808191/; classtype:trojan-activity;sid:83671291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.11.94.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808192/; classtype:trojan-activity;sid:83671292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808193/; classtype:trojan-activity;sid:83671293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.38.98.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808194/; classtype:trojan-activity;sid:83671294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808195/; classtype:trojan-activity;sid:83671295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.23.194.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808197/; classtype:trojan-activity;sid:83671297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"79.188.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808172/; classtype:trojan-activity;sid:83671272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.188.27.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808173/; classtype:trojan-activity;sid:83671273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.40.97.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808174/; classtype:trojan-activity;sid:83671274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.141.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808175/; classtype:trojan-activity;sid:83671275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808176/; classtype:trojan-activity;sid:83671276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"102.141.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808177/; classtype:trojan-activity;sid:83671277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808178/; classtype:trojan-activity;sid:83671278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808179/; classtype:trojan-activity;sid:83671279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.79.233.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808180/; classtype:trojan-activity;sid:83671280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"41.79.233.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808181/; classtype:trojan-activity;sid:83671281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"80.191.184.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808182/; classtype:trojan-activity;sid:83671282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.229.139.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.38.98.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808171/; classtype:trojan-activity;sid:83671271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.188.27.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808169/; classtype:trojan-activity;sid:83671269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.188.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808170/; classtype:trojan-activity;sid:83671270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.189.33.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808166/; classtype:trojan-activity;sid:83671266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808162/; classtype:trojan-activity;sid:83671262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.166.18.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808163/; classtype:trojan-activity;sid:83671263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808164/; classtype:trojan-activity;sid:83671264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.184.228.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808165/; classtype:trojan-activity;sid:83671265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"109.171.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808160/; classtype:trojan-activity;sid:83671260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.171.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808161/; classtype:trojan-activity;sid:83671261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.147.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808159/; classtype:trojan-activity;sid:83671259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.5.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808158/; classtype:trojan-activity;sid:83671258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.7.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808157/; classtype:trojan-activity;sid:83671257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.233.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808156/; classtype:trojan-activity;sid:83671256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.98.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808154/; classtype:trojan-activity;sid:83671254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.196.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808155/; classtype:trojan-activity;sid:83671255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.205.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808153/; classtype:trojan-activity;sid:83671253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbins/chary0x86"; depth:16; endswith; nocase; http.host; content:"leboathp.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808152/; classtype:trojan-activity;sid:83671252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.84.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808151/; classtype:trojan-activity;sid:83671251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.71.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808150/; classtype:trojan-activity;sid:83671250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan.exe"; depth:10; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808149/; classtype:trojan-activity;sid:83671249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan-main.zip"; depth:15; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808148/; classtype:trojan-activity;sid:83671248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.7.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808147/; classtype:trojan-activity;sid:83671247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.189.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808146/; classtype:trojan-activity;sid:83671246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mq_poc1.xml"; depth:12; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808142/; classtype:trojan-activity;sid:83671242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mq_poc.xml"; depth:11; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808143/; classtype:trojan-activity;sid:83671243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pass1.gif%3f.aspx"; depth:18; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808144/; classtype:trojan-activity;sid:83671244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qq.exe"; depth:7; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808145/; classtype:trojan-activity;sid:83671245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp.jpg"; depth:9; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808140/; classtype:trojan-activity;sid:83671240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qiange66.jpg"; depth:13; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808141/; classtype:trojan-activity;sid:83671241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxytool.zip"; depth:14; endswith; nocase; http.host; content:"121.196.200.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808139/; classtype:trojan-activity;sid:83671239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.160.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808138/; classtype:trojan-activity;sid:83671238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.98.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808137/; classtype:trojan-activity;sid:83671237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.241.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808136/; classtype:trojan-activity;sid:83671236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.196.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808135/; classtype:trojan-activity;sid:83671235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.208.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808134/; classtype:trojan-activity;sid:83671234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.196.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808133/; classtype:trojan-activity;sid:83671233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.159.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808132/; classtype:trojan-activity;sid:83671232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.135.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808131/; classtype:trojan-activity;sid:83671231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.8.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808130/; classtype:trojan-activity;sid:83671230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.35.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808129/; classtype:trojan-activity;sid:83671229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.177.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808128/; classtype:trojan-activity;sid:83671228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.26.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808127/; classtype:trojan-activity;sid:83671227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808126/; classtype:trojan-activity;sid:83671226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.93.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808125/; classtype:trojan-activity;sid:83671225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.220.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808124/; classtype:trojan-activity;sid:83671224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.81.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808123/; classtype:trojan-activity;sid:83671223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.149.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808122/; classtype:trojan-activity;sid:83671222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.12.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808121/; classtype:trojan-activity;sid:83671221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.148.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808120/; classtype:trojan-activity;sid:83671220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.182.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808119/; classtype:trojan-activity;sid:83671219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.39.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808118/; classtype:trojan-activity;sid:83671218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.196.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808117/; classtype:trojan-activity;sid:83671217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.128.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808116/; classtype:trojan-activity;sid:83671216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.117.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808115/; classtype:trojan-activity;sid:83671215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.217.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808114/; classtype:trojan-activity;sid:83671214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.12.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808113/; classtype:trojan-activity;sid:83671213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.120.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808111/; classtype:trojan-activity;sid:83671211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.154.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808112/; classtype:trojan-activity;sid:83671212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.113.23.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808110/; classtype:trojan-activity;sid:83671210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.157.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808109/; classtype:trojan-activity;sid:83671209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logs"; depth:5; endswith; nocase; http.host; content:"80.94.92.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808108/; classtype:trojan-activity;sid:83671208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.46.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808107/; classtype:trojan-activity;sid:83671207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.176.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808106/; classtype:trojan-activity;sid:83671206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808105/; classtype:trojan-activity;sid:83671205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.148.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808100/; classtype:trojan-activity;sid:83671200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"mgate.irontele.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808101/; classtype:trojan-activity;sid:83671201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"mgate.irontele.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808102/; classtype:trojan-activity;sid:83671202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"mgate.irontele.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808103/; classtype:trojan-activity;sid:83671203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"mgate.irontele.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808104/; classtype:trojan-activity;sid:83671204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"mgate.irontele.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808099/; classtype:trojan-activity;sid:83671199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.39.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808098/; classtype:trojan-activity;sid:83671198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.213.161.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808097/; classtype:trojan-activity;sid:83671197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.242.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808096/; classtype:trojan-activity;sid:83671196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.1.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808095/; classtype:trojan-activity;sid:83671195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.47.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808094/; classtype:trojan-activity;sid:83671194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808092/; classtype:trojan-activity;sid:83671192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.56.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808093/; classtype:trojan-activity;sid:83671193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"80.94.92.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808091/; classtype:trojan-activity;sid:83671191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808086/; classtype:trojan-activity;sid:83671186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808087/; classtype:trojan-activity;sid:83671187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808088/; classtype:trojan-activity;sid:83671188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808089/; classtype:trojan-activity;sid:83671189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prx"; depth:4; endswith; nocase; http.host; content:"2.57.122.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808090/; classtype:trojan-activity;sid:83671190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808085/; classtype:trojan-activity;sid:83671185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.198.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808084/; classtype:trojan-activity;sid:83671184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.176.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808083/; classtype:trojan-activity;sid:83671183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.73.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808082/; classtype:trojan-activity;sid:83671182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.133.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808081/; classtype:trojan-activity;sid:83671181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.154.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808080/; classtype:trojan-activity;sid:83671180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.229.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808079/; classtype:trojan-activity;sid:83671179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.157.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808078/; classtype:trojan-activity;sid:83671178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.166.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808077/; classtype:trojan-activity;sid:83671177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.36.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808076/; classtype:trojan-activity;sid:83671176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.236.186.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808075/; classtype:trojan-activity;sid:83671175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.56.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808074/; classtype:trojan-activity;sid:83671174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.205.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808073/; classtype:trojan-activity;sid:83671173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.60.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808072/; classtype:trojan-activity;sid:83671172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.158.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808071/; classtype:trojan-activity;sid:83671171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.46.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808070/; classtype:trojan-activity;sid:83671170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.1.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808069/; classtype:trojan-activity;sid:83671169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808068/; classtype:trojan-activity;sid:83671168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808067/; classtype:trojan-activity;sid:83671167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_64"; depth:9; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808064/; classtype:trojan-activity;sid:83671164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_a64"; depth:10; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808065/; classtype:trojan-activity;sid:83671165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_86"; depth:9; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808066/; classtype:trojan-activity;sid:83671166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.73.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808063/; classtype:trojan-activity;sid:83671163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.205.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808062/; classtype:trojan-activity;sid:83671162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.245.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808061/; classtype:trojan-activity;sid:83671161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.81.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808059/; classtype:trojan-activity;sid:83671159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.60.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808060/; classtype:trojan-activity;sid:83671160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.109.73.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808058/; classtype:trojan-activity;sid:83671158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.242.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808056/; classtype:trojan-activity;sid:83671156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.235.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808057/; classtype:trojan-activity;sid:83671157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.162.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808055/; classtype:trojan-activity;sid:83671155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808053/; classtype:trojan-activity;sid:83671153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.104.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808054/; classtype:trojan-activity;sid:83671154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.233.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808052/; classtype:trojan-activity;sid:83671152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808051/; classtype:trojan-activity;sid:83671151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.242.237.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808050/; classtype:trojan-activity;sid:83671150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/good_av"; depth:8; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808049/; classtype:trojan-activity;sid:83671149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell_arm5"; depth:11; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808047/; classtype:trojan-activity;sid:83671147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.227.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808048/; classtype:trojan-activity;sid:83671148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.245.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808046/; classtype:trojan-activity;sid:83671146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.5.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808045/; classtype:trojan-activity;sid:83671145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808044/; classtype:trojan-activity;sid:83671144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_mpel"; depth:11; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808036/; classtype:trojan-activity;sid:83671136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_a7l"; depth:10; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808037/; classtype:trojan-activity;sid:83671137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_p"; depth:8; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808038/; classtype:trojan-activity;sid:83671138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nginx_a5l"; depth:10; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808039/; classtype:trojan-activity;sid:83671139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808040/; classtype:trojan-activity;sid:83671140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808041/; classtype:trojan-activity;sid:83671141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm"; depth:9; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808042/; classtype:trojan-activity;sid:83671142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm7"; depth:10; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808043/; classtype:trojan-activity;sid:83671143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon"; depth:5; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808033/; classtype:trojan-activity;sid:83671133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808034/; classtype:trojan-activity;sid:83671134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main"; depth:5; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808035/; classtype:trojan-activity;sid:83671135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808028/; classtype:trojan-activity;sid:83671128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a2"; depth:3; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808029/; classtype:trojan-activity;sid:83671129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808030/; classtype:trojan-activity;sid:83671130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808031/; classtype:trojan-activity;sid:83671131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"204.93.164.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808032/; classtype:trojan-activity;sid:83671132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.227.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808027/; classtype:trojan-activity;sid:83671127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.233.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808026/; classtype:trojan-activity;sid:83671126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.69.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808025/; classtype:trojan-activity;sid:83671125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.97.94.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808024/; classtype:trojan-activity;sid:83671124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.193.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808023/; classtype:trojan-activity;sid:83671123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808021/; classtype:trojan-activity;sid:83671121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.171.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808022/; classtype:trojan-activity;sid:83671122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808020/; classtype:trojan-activity;sid:83671120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.171.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808019/; classtype:trojan-activity;sid:83671119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808018/; classtype:trojan-activity;sid:83671118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.226.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808017/; classtype:trojan-activity;sid:83671117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.186.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808016/; classtype:trojan-activity;sid:83671116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.82.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808015/; classtype:trojan-activity;sid:83671115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808014/; classtype:trojan-activity;sid:83671114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.218.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808013/; classtype:trojan-activity;sid:83671113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.193.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808012/; classtype:trojan-activity;sid:83671112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.86.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808009/; classtype:trojan-activity;sid:83671109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808010/; classtype:trojan-activity;sid:83671110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.69.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808011/; classtype:trojan-activity;sid:83671111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.64.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808008/; classtype:trojan-activity;sid:83671108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.93.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808007/; classtype:trojan-activity;sid:83671107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.238.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808006/; classtype:trojan-activity;sid:83671106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.86.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808005/; classtype:trojan-activity;sid:83671105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.226.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808004/; classtype:trojan-activity;sid:83671104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.19.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808003/; classtype:trojan-activity;sid:83671103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.34.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808002/; classtype:trojan-activity;sid:83671102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.159.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808001/; classtype:trojan-activity;sid:83671101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.211.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808000/; classtype:trojan-activity;sid:83671100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.240.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807998/; classtype:trojan-activity;sid:83671098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.166.61.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807999/; classtype:trojan-activity;sid:83671099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.93.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807997/; classtype:trojan-activity;sid:83671097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807996/; classtype:trojan-activity;sid:83671096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.252.196.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807995/; classtype:trojan-activity;sid:83671095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.7.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807994/; classtype:trojan-activity;sid:83671094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.95.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807993/; classtype:trojan-activity;sid:83671093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.2.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807992/; classtype:trojan-activity;sid:83671092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.10.91.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807991/; classtype:trojan-activity;sid:83671091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807990/; classtype:trojan-activity;sid:83671090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.19.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807989/; classtype:trojan-activity;sid:83671089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.2.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807988/; classtype:trojan-activity;sid:83671088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.248.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807987/; classtype:trojan-activity;sid:83671087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.254.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807986/; classtype:trojan-activity;sid:83671086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.187.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807985/; classtype:trojan-activity;sid:83671085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.23.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807983/; classtype:trojan-activity;sid:83671083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.107.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807984/; classtype:trojan-activity;sid:83671084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.190.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807982/; classtype:trojan-activity;sid:83671082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jk/ujjdjd.exe"; depth:14; endswith; nocase; http.host; content:"kisanbethak.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807981/; classtype:trojan-activity;sid:83671081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.240.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807980/; classtype:trojan-activity;sid:83671080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807979/; classtype:trojan-activity;sid:83671079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.127.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807978/; classtype:trojan-activity;sid:83671078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.114.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807977/; classtype:trojan-activity;sid:83671077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.114.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807976/; classtype:trojan-activity;sid:83671076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.41.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807975/; classtype:trojan-activity;sid:83671075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.127.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807974/; classtype:trojan-activity;sid:83671074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.107.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807973/; classtype:trojan-activity;sid:83671073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.164.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807972/; classtype:trojan-activity;sid:83671072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.216.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807971/; classtype:trojan-activity;sid:83671071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.232.214.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807970/; classtype:trojan-activity;sid:83671070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.162.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807969/; classtype:trojan-activity;sid:83671069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.41.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807968/; classtype:trojan-activity;sid:83671068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.142.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807967/; classtype:trojan-activity;sid:83671067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.81.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807966/; classtype:trojan-activity;sid:83671066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"45.128.232.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807965/; classtype:trojan-activity;sid:83671065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.81.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807964/; classtype:trojan-activity;sid:83671064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.5.91"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807963/; classtype:trojan-activity;sid:83671063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.242.104.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807962/; classtype:trojan-activity;sid:83671062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.14.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807961/; classtype:trojan-activity;sid:83671061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.172.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807960/; classtype:trojan-activity;sid:83671060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.104.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807959/; classtype:trojan-activity;sid:83671059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807958/; classtype:trojan-activity;sid:83671058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.142.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807957/; classtype:trojan-activity;sid:83671057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.162.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807955/; classtype:trojan-activity;sid:83671055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.7.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807956/; classtype:trojan-activity;sid:83671056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.249.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807954/; classtype:trojan-activity;sid:83671054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.117.15.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807952/; classtype:trojan-activity;sid:83671052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.86.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807953/; classtype:trojan-activity;sid:83671053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.135.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807951/; classtype:trojan-activity;sid:83671051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.5.91"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807950/; classtype:trojan-activity;sid:83671050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.102.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807949/; classtype:trojan-activity;sid:83671049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.126.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807948/; classtype:trojan-activity;sid:83671048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807947/; classtype:trojan-activity;sid:83671047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/active_desktop_launcher.exe"; depth:28; endswith; nocase; http.host; content:"120.46.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807946/; classtype:trojan-activity;sid:83671046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1215033115593146489/1227654461908848731/ghostbane.exe|3f|ex=66293150|7c|26|7c|is=6616bc50|7c|26|7c|hm=ba99a3338483c97f6319a9914dd612c3e9d5e9887f8a58dad78ebc1a58e998c0|7c|26|7c|"; depth:189; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807944/; classtype:trojan-activity;sid:83671044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1189984430291431424/1227598005729886278/clickchartsetup.zip|3f|ex=6628fcbc|7c|26|7c|is=661687bc|7c|26|7c|hm=01ca7c8b5913a83680e4233944895ae62fd5047e8a702651185d9057d2d7f9a1|7c|26|7c|"; depth:195; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807945/; classtype:trojan-activity;sid:83671045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/110.dll"; depth:8; endswith; nocase; http.host; content:"120.46.33.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807942/; classtype:trojan-activity;sid:83671042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=f2dc8284e0a31e9e%21206|7c|26|7c|authkey=!aidy0-gqpekhz6k"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807943/; classtype:trojan-activity;sid:83671043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.151.224.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807941/; classtype:trojan-activity;sid:83671041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.104.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807940/; classtype:trojan-activity;sid:83671040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.9.22.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807939/; classtype:trojan-activity;sid:83671039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.102.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807938/; classtype:trojan-activity;sid:83671038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.134.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807937/; classtype:trojan-activity;sid:83671037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.135.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807936/; classtype:trojan-activity;sid:83671036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.13.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807935/; classtype:trojan-activity;sid:83671035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.226.129.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807934/; classtype:trojan-activity;sid:83671034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.22.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807932/; classtype:trojan-activity;sid:83671032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.178.125.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807933/; classtype:trojan-activity;sid:83671033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.36.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807931/; classtype:trojan-activity;sid:83671031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.60.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807930/; classtype:trojan-activity;sid:83671030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807929/; classtype:trojan-activity;sid:83671029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807927/; classtype:trojan-activity;sid:83671027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807928/; classtype:trojan-activity;sid:83671028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.170.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807926/; classtype:trojan-activity;sid:83671026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807925/; classtype:trojan-activity;sid:83671025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.120.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807924/; classtype:trojan-activity;sid:83671024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rehop090/x326/releases/download/v1.4/x326.exe"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807923/; classtype:trojan-activity;sid:83671023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gqingl31.exe"; depth:13; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807921/; classtype:trojan-activity;sid:83671021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm5/"; depth:13; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807922/; classtype:trojan-activity;sid:83671022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.60.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807920/; classtype:trojan-activity;sid:83671020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.13.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807919/; classtype:trojan-activity;sid:83671019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.66.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807918/; classtype:trojan-activity;sid:83671018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807917/; classtype:trojan-activity;sid:83671017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.39.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807915/; classtype:trojan-activity;sid:83671015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.215.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807916/; classtype:trojan-activity;sid:83671016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807914/; classtype:trojan-activity;sid:83671014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.183.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807913/; classtype:trojan-activity;sid:83671013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.154.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807912/; classtype:trojan-activity;sid:83671012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.186.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807911/; classtype:trojan-activity;sid:83671011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.70.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807910/; classtype:trojan-activity;sid:83671010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.216.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807909/; classtype:trojan-activity;sid:83671009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.84.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807908/; classtype:trojan-activity;sid:83671008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.22.146"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807907/; classtype:trojan-activity;sid:83671007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.214.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807905/; classtype:trojan-activity;sid:83671005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807906/; classtype:trojan-activity;sid:83671006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.128.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807904/; classtype:trojan-activity;sid:83671004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.97.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807903/; classtype:trojan-activity;sid:83671003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.112.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807900/; classtype:trojan-activity;sid:83671000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.23.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807901/; classtype:trojan-activity;sid:83671001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.221.16.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807902/; classtype:trojan-activity;sid:83671002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.181.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807899/; classtype:trojan-activity;sid:83670999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.97.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807898/; classtype:trojan-activity;sid:83670998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.216.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807897/; classtype:trojan-activity;sid:83670997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.9.125.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807896/; classtype:trojan-activity;sid:83670996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.239.39.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807895/; classtype:trojan-activity;sid:83670995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.84.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807894/; classtype:trojan-activity;sid:83670994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.81.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807893/; classtype:trojan-activity;sid:83670993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.214.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807892/; classtype:trojan-activity;sid:83670992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.250.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807891/; classtype:trojan-activity;sid:83670991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.250.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807890/; classtype:trojan-activity;sid:83670990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807888/; classtype:trojan-activity;sid:83670988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.112.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807889/; classtype:trojan-activity;sid:83670989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.241.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807887/; classtype:trojan-activity;sid:83670987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.106.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807886/; classtype:trojan-activity;sid:83670986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.118.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807885/; classtype:trojan-activity;sid:83670985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.180.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807884/; classtype:trojan-activity;sid:83670984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807883/; classtype:trojan-activity;sid:83670983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.187.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807882/; classtype:trojan-activity;sid:83670982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.180.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807881/; classtype:trojan-activity;sid:83670981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.39.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807880/; classtype:trojan-activity;sid:83670980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.195.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807879/; classtype:trojan-activity;sid:83670979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.128.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807878/; classtype:trojan-activity;sid:83670978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.74.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807877/; classtype:trojan-activity;sid:83670977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.196.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807876/; classtype:trojan-activity;sid:83670976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.28.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807875/; classtype:trojan-activity;sid:83670975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.242.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807874/; classtype:trojan-activity;sid:83670974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807873/; classtype:trojan-activity;sid:83670973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.94.141.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807872/; classtype:trojan-activity;sid:83670972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.62.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807871/; classtype:trojan-activity;sid:83670971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.159.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807870/; classtype:trojan-activity;sid:83670970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.241.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807869/; classtype:trojan-activity;sid:83670969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.248.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807868/; classtype:trojan-activity;sid:83670968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.82.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807867/; classtype:trojan-activity;sid:83670967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.98.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807866/; classtype:trojan-activity;sid:83670966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.39.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807865/; classtype:trojan-activity;sid:83670965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807864/; classtype:trojan-activity;sid:83670964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.15.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807863/; classtype:trojan-activity;sid:83670963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.196.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807862/; classtype:trojan-activity;sid:83670962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.235.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807861/; classtype:trojan-activity;sid:83670961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.15.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807859/; classtype:trojan-activity;sid:83670959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.57.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807860/; classtype:trojan-activity;sid:83670960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.183.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807858/; classtype:trojan-activity;sid:83670958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.217.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807857/; classtype:trojan-activity;sid:83670957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.28.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807856/; classtype:trojan-activity;sid:83670956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.206.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807855/; classtype:trojan-activity;sid:83670955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807854/; classtype:trojan-activity;sid:83670954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807853/; classtype:trojan-activity;sid:83670953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"rbo.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807852/; classtype:trojan-activity;sid:83670952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.150.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807851/; classtype:trojan-activity;sid:83670951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807850/; classtype:trojan-activity;sid:83670950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.47.70.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807849/; classtype:trojan-activity;sid:83670949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.245.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807848/; classtype:trojan-activity;sid:83670948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.186.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807847/; classtype:trojan-activity;sid:83670947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.235.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807846/; classtype:trojan-activity;sid:83670946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.247.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807845/; classtype:trojan-activity;sid:83670945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.206.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807844/; classtype:trojan-activity;sid:83670944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.93.106.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807842/; classtype:trojan-activity;sid:83670942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.221.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807843/; classtype:trojan-activity;sid:83670943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807841/; classtype:trojan-activity;sid:83670941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.186.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807840/; classtype:trojan-activity;sid:83670940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.150.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807839/; classtype:trojan-activity;sid:83670939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.129.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807838/; classtype:trojan-activity;sid:83670938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.235.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807837/; classtype:trojan-activity;sid:83670937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.85.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807836/; classtype:trojan-activity;sid:83670936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.2.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807835/; classtype:trojan-activity;sid:83670935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.46.197.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807834/; classtype:trojan-activity;sid:83670934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.245.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807833/; classtype:trojan-activity;sid:83670933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.129.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807832/; classtype:trojan-activity;sid:83670932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.79.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807831/; classtype:trojan-activity;sid:83670931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.247.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807830/; classtype:trojan-activity;sid:83670930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.248.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807829/; classtype:trojan-activity;sid:83670929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.138.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807827/; classtype:trojan-activity;sid:83670927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.70.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807828/; classtype:trojan-activity;sid:83670928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.224.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807825/; classtype:trojan-activity;sid:83670925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.191.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807826/; classtype:trojan-activity;sid:83670926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.85.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807824/; classtype:trojan-activity;sid:83670924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.16.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807823/; classtype:trojan-activity;sid:83670923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.138.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807822/; classtype:trojan-activity;sid:83670922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.40.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807821/; classtype:trojan-activity;sid:83670921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.79.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807820/; classtype:trojan-activity;sid:83670920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807819/; classtype:trojan-activity;sid:83670919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.217.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807818/; classtype:trojan-activity;sid:83670918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.196.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807817/; classtype:trojan-activity;sid:83670917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.73.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807816/; classtype:trojan-activity;sid:83670916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.122.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807815/; classtype:trojan-activity;sid:83670915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.80.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807814/; classtype:trojan-activity;sid:83670914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.240.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807813/; classtype:trojan-activity;sid:83670913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.247.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807812/; classtype:trojan-activity;sid:83670912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.134.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807811/; classtype:trojan-activity;sid:83670911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.170.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807810/; classtype:trojan-activity;sid:83670910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.115.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807809/; classtype:trojan-activity;sid:83670909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.16.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807808/; classtype:trojan-activity;sid:83670908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.13.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807807/; classtype:trojan-activity;sid:83670907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.217.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807806/; classtype:trojan-activity;sid:83670906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.64.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807805/; classtype:trojan-activity;sid:83670905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.170.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807804/; classtype:trojan-activity;sid:83670904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.255.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807803/; classtype:trojan-activity;sid:83670903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.74.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807802/; classtype:trojan-activity;sid:83670902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.8.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807801/; classtype:trojan-activity;sid:83670901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.122.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807800/; classtype:trojan-activity;sid:83670900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807799/; classtype:trojan-activity;sid:83670899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.68.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807798/; classtype:trojan-activity;sid:83670898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.235.101.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807797/; classtype:trojan-activity;sid:83670897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.115.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807795/; classtype:trojan-activity;sid:83670895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.63.196.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807796/; classtype:trojan-activity;sid:83670896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.201.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807794/; classtype:trojan-activity;sid:83670894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.201.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807793/; classtype:trojan-activity;sid:83670893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.13.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807792/; classtype:trojan-activity;sid:83670892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.251.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807791/; classtype:trojan-activity;sid:83670891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.74.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807790/; classtype:trojan-activity;sid:83670890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.8.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807789/; classtype:trojan-activity;sid:83670889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.255.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807788/; classtype:trojan-activity;sid:83670888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.251.5.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807787/; classtype:trojan-activity;sid:83670887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.187.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807786/; classtype:trojan-activity;sid:83670886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.224.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807784/; classtype:trojan-activity;sid:83670884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.206.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807785/; classtype:trojan-activity;sid:83670885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.79.111.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807783/; classtype:trojan-activity;sid:83670883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.170.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807782/; classtype:trojan-activity;sid:83670882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.5.39.184"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807781/; classtype:trojan-activity;sid:83670881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.103.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807778/; classtype:trojan-activity;sid:83670878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.96.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807779/; classtype:trojan-activity;sid:83670879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.141.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807780/; classtype:trojan-activity;sid:83670880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.2.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807777/; classtype:trojan-activity;sid:83670877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x9ruwbc6hcnw"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807776/; classtype:trojan-activity;sid:83670876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xthgoux7ja3i"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807775/; classtype:trojan-activity;sid:83670875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.218.123.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807773/; classtype:trojan-activity;sid:83670873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.82.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807774/; classtype:trojan-activity;sid:83670874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.174.120.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807771/; classtype:trojan-activity;sid:83670871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.57.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807772/; classtype:trojan-activity;sid:83670872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.54.98.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807770/; classtype:trojan-activity;sid:83670870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.113.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807769/; classtype:trojan-activity;sid:83670869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.67.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807768/; classtype:trojan-activity;sid:83670868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.35.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807766/; classtype:trojan-activity;sid:83670866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.155.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807767/; classtype:trojan-activity;sid:83670867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807765/; classtype:trojan-activity;sid:83670865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807764/; classtype:trojan-activity;sid:83670864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.210.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807763/; classtype:trojan-activity;sid:83670863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.64.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807762/; classtype:trojan-activity;sid:83670862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807761/; classtype:trojan-activity;sid:83670861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.103.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807760/; classtype:trojan-activity;sid:83670860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.251.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807759/; classtype:trojan-activity;sid:83670859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x62pbrmlbjuy"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807758/; classtype:trojan-activity;sid:83670858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.130.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807755/; classtype:trojan-activity;sid:83670855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.186.56.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807756/; classtype:trojan-activity;sid:83670856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.39.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807757/; classtype:trojan-activity;sid:83670857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.23.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807754/; classtype:trojan-activity;sid:83670854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.67.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807753/; classtype:trojan-activity;sid:83670853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.208.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807752/; classtype:trojan-activity;sid:83670852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807751/; classtype:trojan-activity;sid:83670851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.65.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807750/; classtype:trojan-activity;sid:83670850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.130.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807749/; classtype:trojan-activity;sid:83670849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.86.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807748/; classtype:trojan-activity;sid:83670848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807747/; classtype:trojan-activity;sid:83670847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.252.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807746/; classtype:trojan-activity;sid:83670846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.23.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807745/; classtype:trojan-activity;sid:83670845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.234.67.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807744/; classtype:trojan-activity;sid:83670844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.86.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807743/; classtype:trojan-activity;sid:83670843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.67.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807742/; classtype:trojan-activity;sid:83670842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807741/; classtype:trojan-activity;sid:83670841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.63.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807740/; classtype:trojan-activity;sid:83670840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.254.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807739/; classtype:trojan-activity;sid:83670839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.225.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807738/; classtype:trojan-activity;sid:83670838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.34.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807736/; classtype:trojan-activity;sid:83670836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.65.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807737/; classtype:trojan-activity;sid:83670837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.9.22.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807735/; classtype:trojan-activity;sid:83670835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.98.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807734/; classtype:trojan-activity;sid:83670834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.84.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807733/; classtype:trojan-activity;sid:83670833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.115.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807731/; classtype:trojan-activity;sid:83670831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"193.234.67.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807732/; classtype:trojan-activity;sid:83670832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807730/; classtype:trojan-activity;sid:83670830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.126.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807729/; classtype:trojan-activity;sid:83670829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.113.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807727/; classtype:trojan-activity;sid:83670827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.254.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807728/; classtype:trojan-activity;sid:83670828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.84.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807726/; classtype:trojan-activity;sid:83670826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.101.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807725/; classtype:trojan-activity;sid:83670825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.27.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807723/; classtype:trojan-activity;sid:83670823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.67.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807724/; classtype:trojan-activity;sid:83670824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.34.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807722/; classtype:trojan-activity;sid:83670822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.1.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807721/; classtype:trojan-activity;sid:83670821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.214.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807720/; classtype:trojan-activity;sid:83670820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.126.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807718/; classtype:trojan-activity;sid:83670818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.98.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807719/; classtype:trojan-activity;sid:83670819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.218.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807717/; classtype:trojan-activity;sid:83670817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.119.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807716/; classtype:trojan-activity;sid:83670816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.40.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807715/; classtype:trojan-activity;sid:83670815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807714/; classtype:trojan-activity;sid:83670814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.223.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807713/; classtype:trojan-activity;sid:83670813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.242.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807712/; classtype:trojan-activity;sid:83670812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.113.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807711/; classtype:trojan-activity;sid:83670811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.115.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807710/; classtype:trojan-activity;sid:83670810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.82.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807709/; classtype:trojan-activity;sid:83670809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.178.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807708/; classtype:trojan-activity;sid:83670808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.213.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807707/; classtype:trojan-activity;sid:83670807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.201.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807706/; classtype:trojan-activity;sid:83670806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.214.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807705/; classtype:trojan-activity;sid:83670805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.76.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807704/; classtype:trojan-activity;sid:83670804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.223.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807703/; classtype:trojan-activity;sid:83670803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807702/; classtype:trojan-activity;sid:83670802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.40.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807701/; classtype:trojan-activity;sid:83670801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xbaq0eizv509"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807700/; classtype:trojan-activity;sid:83670800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.245.74.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807699/; classtype:trojan-activity;sid:83670799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.171.253.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807698/; classtype:trojan-activity;sid:83670798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.119.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807697/; classtype:trojan-activity;sid:83670797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.145.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807696/; classtype:trojan-activity;sid:83670796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.131.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807695/; classtype:trojan-activity;sid:83670795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.233.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807694/; classtype:trojan-activity;sid:83670794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.76.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807693/; classtype:trojan-activity;sid:83670793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.20.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807692/; classtype:trojan-activity;sid:83670792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.155.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807691/; classtype:trojan-activity;sid:83670791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.81.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807690/; classtype:trojan-activity;sid:83670790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.81.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807689/; classtype:trojan-activity;sid:83670789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.131.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807688/; classtype:trojan-activity;sid:83670788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.191.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807687/; classtype:trojan-activity;sid:83670787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.15.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807686/; classtype:trojan-activity;sid:83670786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.48.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807685/; classtype:trojan-activity;sid:83670785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807684/; classtype:trojan-activity;sid:83670784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.81.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807683/; classtype:trojan-activity;sid:83670783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.70.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807682/; classtype:trojan-activity;sid:83670782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.101.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807681/; classtype:trojan-activity;sid:83670781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.81.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807680/; classtype:trojan-activity;sid:83670780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.68.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807679/; classtype:trojan-activity;sid:83670779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.109.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807676/; classtype:trojan-activity;sid:83670776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.85.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807677/; classtype:trojan-activity;sid:83670777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.171.200.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807678/; classtype:trojan-activity;sid:83670778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.58.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807675/; classtype:trojan-activity;sid:83670775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.74.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807673/; classtype:trojan-activity;sid:83670773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.153.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807674/; classtype:trojan-activity;sid:83670774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.151.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807672/; classtype:trojan-activity;sid:83670772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.15.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807671/; classtype:trojan-activity;sid:83670771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.13.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807670/; classtype:trojan-activity;sid:83670770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.149.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807669/; classtype:trojan-activity;sid:83670769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"213.232.235.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807668/; classtype:trojan-activity;sid:83670768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.180.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807667/; classtype:trojan-activity;sid:83670767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"tsk.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807666/; classtype:trojan-activity;sid:83670766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.79.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807665/; classtype:trojan-activity;sid:83670765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.132.130.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807664/; classtype:trojan-activity;sid:83670764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.71.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807663/; classtype:trojan-activity;sid:83670763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/586"; depth:4; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807662/; classtype:trojan-activity;sid:83670762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807661/; classtype:trojan-activity;sid:83670761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807658/; classtype:trojan-activity;sid:83670758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807659/; classtype:trojan-activity;sid:83670759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"45.67.86.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807660/; classtype:trojan-activity;sid:83670760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807653/; classtype:trojan-activity;sid:83670753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.ppc"; depth:9; endswith; nocase; http.host; content:"66.187.7.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807654/; classtype:trojan-activity;sid:83670754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.m68k"; depth:10; endswith; nocase; http.host; content:"66.187.7.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807655/; classtype:trojan-activity;sid:83670755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm6"; depth:10; endswith; nocase; http.host; content:"66.187.7.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807656/; classtype:trojan-activity;sid:83670756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807657/; classtype:trojan-activity;sid:83670757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807650/; classtype:trojan-activity;sid:83670750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807651/; classtype:trojan-activity;sid:83670751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm61"; depth:6; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807652/; classtype:trojan-activity;sid:83670752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807649/; classtype:trojan-activity;sid:83670749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.149.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807648/; classtype:trojan-activity;sid:83670748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.79.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807647/; classtype:trojan-activity;sid:83670747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.71.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807646/; classtype:trojan-activity;sid:83670746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.198.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807645/; classtype:trojan-activity;sid:83670745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xtcs93vhjpyi"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807644/; classtype:trojan-activity;sid:83670744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.253.126.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807643/; classtype:trojan-activity;sid:83670743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.35.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807642/; classtype:trojan-activity;sid:83670742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.180.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807641/; classtype:trojan-activity;sid:83670741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.155.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807639/; classtype:trojan-activity;sid:83670739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.247.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807640/; classtype:trojan-activity;sid:83670740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.230.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807638/; classtype:trojan-activity;sid:83670738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.179.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807637/; classtype:trojan-activity;sid:83670737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.64.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807636/; classtype:trojan-activity;sid:83670736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.127.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807635/; classtype:trojan-activity;sid:83670735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.153.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807634/; classtype:trojan-activity;sid:83670734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.4.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807633/; classtype:trojan-activity;sid:83670733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807632/; classtype:trojan-activity;sid:83670732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.225.249.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807631/; classtype:trojan-activity;sid:83670731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.63.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807630/; classtype:trojan-activity;sid:83670730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.229.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807629/; classtype:trojan-activity;sid:83670729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.110"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807628/; classtype:trojan-activity;sid:83670728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.73.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807627/; classtype:trojan-activity;sid:83670727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.208.180.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807626/; classtype:trojan-activity;sid:83670726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xh9gjpk4z9ch"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807625/; classtype:trojan-activity;sid:83670725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807623/; classtype:trojan-activity;sid:83670723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.124.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807624/; classtype:trojan-activity;sid:83670724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.202.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807622/; classtype:trojan-activity;sid:83670722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.155.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807621/; classtype:trojan-activity;sid:83670721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.87.49.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807620/; classtype:trojan-activity;sid:83670720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.179.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807619/; classtype:trojan-activity;sid:83670719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.28.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807618/; classtype:trojan-activity;sid:83670718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.97.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807617/; classtype:trojan-activity;sid:83670717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.110"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807616/; classtype:trojan-activity;sid:83670716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.4.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807615/; classtype:trojan-activity;sid:83670715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807614/; classtype:trojan-activity;sid:83670714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.87.49.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807613/; classtype:trojan-activity;sid:83670713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.73.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807612/; classtype:trojan-activity;sid:83670712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.202.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807611/; classtype:trojan-activity;sid:83670711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.8.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807609/; classtype:trojan-activity;sid:83670709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.166.86.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807610/; classtype:trojan-activity;sid:83670710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.53.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807608/; classtype:trojan-activity;sid:83670708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807607/; classtype:trojan-activity;sid:83670707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807606/; classtype:trojan-activity;sid:83670706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.189.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807605/; classtype:trojan-activity;sid:83670705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"211.221.10.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807604/; classtype:trojan-activity;sid:83670704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807603/; classtype:trojan-activity;sid:83670703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.76.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807602/; classtype:trojan-activity;sid:83670702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.222.140.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807601/; classtype:trojan-activity;sid:83670701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.72.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807600/; classtype:trojan-activity;sid:83670700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.199.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807599/; classtype:trojan-activity;sid:83670699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.189.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807598/; classtype:trojan-activity;sid:83670698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807597/; classtype:trojan-activity;sid:83670697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.191.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807596/; classtype:trojan-activity;sid:83670696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xt1ma9cxlycc"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807595/; classtype:trojan-activity;sid:83670695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.76.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807594/; classtype:trojan-activity;sid:83670694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.84.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807593/; classtype:trojan-activity;sid:83670693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.208.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807592/; classtype:trojan-activity;sid:83670692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.81.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807591/; classtype:trojan-activity;sid:83670691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.72.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807590/; classtype:trojan-activity;sid:83670690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.223.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807589/; classtype:trojan-activity;sid:83670689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.108.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807588/; classtype:trojan-activity;sid:83670688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.189.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807587/; classtype:trojan-activity;sid:83670687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.79.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807586/; classtype:trojan-activity;sid:83670686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.147.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807585/; classtype:trojan-activity;sid:83670685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.54.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807584/; classtype:trojan-activity;sid:83670684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.205.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807582/; classtype:trojan-activity;sid:83670682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.38.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807583/; classtype:trojan-activity;sid:83670683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.6.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807581/; classtype:trojan-activity;sid:83670681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.9.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807580/; classtype:trojan-activity;sid:83670680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.87.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807579/; classtype:trojan-activity;sid:83670679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.188.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807578/; classtype:trojan-activity;sid:83670678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.226.170.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807577/; classtype:trojan-activity;sid:83670677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.65.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807576/; classtype:trojan-activity;sid:83670676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807575/; classtype:trojan-activity;sid:83670675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.233.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807574/; classtype:trojan-activity;sid:83670674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/1.jpg"; depth:13; endswith; nocase; http.host; content:"ra-ftp.ru"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807573/; classtype:trojan-activity;sid:83670673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.89.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807572/; classtype:trojan-activity;sid:83670672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.34.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807571/; classtype:trojan-activity;sid:83670671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.81.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807570/; classtype:trojan-activity;sid:83670670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.123.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807569/; classtype:trojan-activity;sid:83670669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.26.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807568/; classtype:trojan-activity;sid:83670668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.16.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807567/; classtype:trojan-activity;sid:83670667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807566/; classtype:trojan-activity;sid:83670666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.174.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807565/; classtype:trojan-activity;sid:83670665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.79.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807564/; classtype:trojan-activity;sid:83670664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.147.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807563/; classtype:trojan-activity;sid:83670663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.16.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807562/; classtype:trojan-activity;sid:83670662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"hga.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807561/; classtype:trojan-activity;sid:83670661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.224.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807560/; classtype:trojan-activity;sid:83670660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.60.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807559/; classtype:trojan-activity;sid:83670659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.89.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807558/; classtype:trojan-activity;sid:83670658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.253.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807557/; classtype:trojan-activity;sid:83670657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.34.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807556/; classtype:trojan-activity;sid:83670656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.123.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807555/; classtype:trojan-activity;sid:83670655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807554/; classtype:trojan-activity;sid:83670654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.226.48.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807553/; classtype:trojan-activity;sid:83670653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807552/; classtype:trojan-activity;sid:83670652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.238.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807551/; classtype:trojan-activity;sid:83670651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.146.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807550/; classtype:trojan-activity;sid:83670650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.244.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807549/; classtype:trojan-activity;sid:83670649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.155.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807548/; classtype:trojan-activity;sid:83670648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.224.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807547/; classtype:trojan-activity;sid:83670647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.254.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807546/; classtype:trojan-activity;sid:83670646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.153.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807545/; classtype:trojan-activity;sid:83670645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.69.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807544/; classtype:trojan-activity;sid:83670644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.155.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807543/; classtype:trojan-activity;sid:83670643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807542/; classtype:trojan-activity;sid:83670642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.145.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807541/; classtype:trojan-activity;sid:83670641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.199.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807540/; classtype:trojan-activity;sid:83670640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.238.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807539/; classtype:trojan-activity;sid:83670639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.99.201.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807537/; classtype:trojan-activity;sid:83670637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.84.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807538/; classtype:trojan-activity;sid:83670638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.244.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807536/; classtype:trojan-activity;sid:83670636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.254.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807535/; classtype:trojan-activity;sid:83670635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app.txt"; depth:8; endswith; nocase; http.host; content:"care-onboard.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807534/; classtype:trojan-activity;sid:83670634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.49.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807533/; classtype:trojan-activity;sid:83670633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.152.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807532/; classtype:trojan-activity;sid:83670632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.235.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807531/; classtype:trojan-activity;sid:83670631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.94.0.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807530/; classtype:trojan-activity;sid:83670630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.92.82.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807529/; classtype:trojan-activity;sid:83670629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.22.243.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807528/; classtype:trojan-activity;sid:83670628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.13.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807526/; classtype:trojan-activity;sid:83670626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807527/; classtype:trojan-activity;sid:83670627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.209.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807525/; classtype:trojan-activity;sid:83670625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.29.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807523/; classtype:trojan-activity;sid:83670623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.145.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807524/; classtype:trojan-activity;sid:83670624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807522/; classtype:trojan-activity;sid:83670622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.251.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807521/; classtype:trojan-activity;sid:83670621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.199.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807520/; classtype:trojan-activity;sid:83670620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.243.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807519/; classtype:trojan-activity;sid:83670619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.158.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807518/; classtype:trojan-activity;sid:83670618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.15.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807517/; classtype:trojan-activity;sid:83670617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.236.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807516/; classtype:trojan-activity;sid:83670616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.188.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807515/; classtype:trojan-activity;sid:83670615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.121.87.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807514/; classtype:trojan-activity;sid:83670614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jihe.sh"; depth:8; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807513/; classtype:trojan-activity;sid:83670613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.209.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807512/; classtype:trojan-activity;sid:83670612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.251.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807511/; classtype:trojan-activity;sid:83670611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.247.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807510/; classtype:trojan-activity;sid:83670610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.73.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807509/; classtype:trojan-activity;sid:83670609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807508/; classtype:trojan-activity;sid:83670608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jack5tr.sh"; depth:11; endswith; nocase; http.host; content:"193.37.58.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807506/; classtype:trojan-activity;sid:83670606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807507/; classtype:trojan-activity;sid:83670607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.29.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807505/; classtype:trojan-activity;sid:83670605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807503/; classtype:trojan-activity;sid:83670603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.98.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807504/; classtype:trojan-activity;sid:83670604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jack5tr.sh"; depth:11; endswith; nocase; http.host; content:"192.54.57.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807502/; classtype:trojan-activity;sid:83670602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jack5tr.sh"; depth:11; endswith; nocase; http.host; content:"188.119.103.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807501/; classtype:trojan-activity;sid:83670601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807500/; classtype:trojan-activity;sid:83670600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sliver"; depth:7; endswith; nocase; http.host; content:"198.46.143.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807499/; classtype:trojan-activity;sid:83670599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"198.46.143.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807498/; classtype:trojan-activity;sid:83670598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.238.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807497/; classtype:trojan-activity;sid:83670597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.194.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807495/; classtype:trojan-activity;sid:83670595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.100.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807496/; classtype:trojan-activity;sid:83670596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kill"; depth:5; endswith; nocase; http.host; content:"2.57.122.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807494/; classtype:trojan-activity;sid:83670594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ping"; depth:5; endswith; nocase; http.host; content:"2.57.122.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user"; depth:5; endswith; nocase; http.host; content:"2.57.122.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807493/; classtype:trojan-activity;sid:83670593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/watchdog"; depth:9; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807487/; classtype:trojan-activity;sid:83670587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807488/; classtype:trojan-activity;sid:83670588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807489/; classtype:trojan-activity;sid:83670589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807490/; classtype:trojan-activity;sid:83670590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807491/; classtype:trojan-activity;sid:83670591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807481/; classtype:trojan-activity;sid:83670581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807482/; classtype:trojan-activity;sid:83670582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807483/; classtype:trojan-activity;sid:83670583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807484/; classtype:trojan-activity;sid:83670584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807485/; classtype:trojan-activity;sid:83670585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807486/; classtype:trojan-activity;sid:83670586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807477/; classtype:trojan-activity;sid:83670577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807478/; classtype:trojan-activity;sid:83670578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807479/; classtype:trojan-activity;sid:83670579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807480/; classtype:trojan-activity;sid:83670580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807475/; classtype:trojan-activity;sid:83670575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807476/; classtype:trojan-activity;sid:83670576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807469/; classtype:trojan-activity;sid:83670569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807470/; classtype:trojan-activity;sid:83670570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"45.13.227.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807471/; classtype:trojan-activity;sid:83670571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807472/; classtype:trojan-activity;sid:83670572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807473/; classtype:trojan-activity;sid:83670573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"154.9.235.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807474/; classtype:trojan-activity;sid:83670574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.101.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807468/; classtype:trojan-activity;sid:83670568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.145.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807467/; classtype:trojan-activity;sid:83670567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.89.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807466/; classtype:trojan-activity;sid:83670566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.28.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807465/; classtype:trojan-activity;sid:83670565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.228.235.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807464/; classtype:trojan-activity;sid:83670564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.223.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807463/; classtype:trojan-activity;sid:83670563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.145.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807462/; classtype:trojan-activity;sid:83670562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/archivomx/9ovuiyrshgdsjhf658ytsjhgy86gsjhfsyt6shfs.html"; depth:56; endswith; nocase; http.host; content:"236.94.74.97.host.secureserver.net"; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807461/; classtype:trojan-activity;sid:83670561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.87.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807460/; classtype:trojan-activity;sid:83670560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.121.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807459/; classtype:trojan-activity;sid:83670559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.227.238.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807458/; classtype:trojan-activity;sid:83670558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xr54nyzdyyxe"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807457/; classtype:trojan-activity;sid:83670557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.216.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807455/; classtype:trojan-activity;sid:83670555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.23.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807456/; classtype:trojan-activity;sid:83670556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.41.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807454/; classtype:trojan-activity;sid:83670554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.246.126.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807453/; classtype:trojan-activity;sid:83670553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.183.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807452/; classtype:trojan-activity;sid:83670552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.16.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807451/; classtype:trojan-activity;sid:83670551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xf9obzbykks2"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807450/; classtype:trojan-activity;sid:83670550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.170.49.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807449/; classtype:trojan-activity;sid:83670549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghazismyotonia.exe"; depth:19; endswith; nocase; http.host; content:"185.149.146.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807448/; classtype:trojan-activity;sid:83670548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.94.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807447/; classtype:trojan-activity;sid:83670547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.175.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807446/; classtype:trojan-activity;sid:83670546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.61.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807444/; classtype:trojan-activity;sid:83670544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weohnamy/nissrv.exe"; depth:20; endswith; nocase; http.host; content:"159.253.120.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807445/; classtype:trojan-activity;sid:83670545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.221.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807443/; classtype:trojan-activity;sid:83670543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brute"; depth:6; endswith; nocase; http.host; content:"80.94.92.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807442/; classtype:trojan-activity;sid:83670542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.22.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807441/; classtype:trojan-activity;sid:83670541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.103.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807439/; classtype:trojan-activity;sid:83670539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.41.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807440/; classtype:trojan-activity;sid:83670540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.sh"; depth:5; endswith; nocase; http.host; content:"80.94.92.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807437/; classtype:trojan-activity;sid:83670537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epic"; depth:5; endswith; nocase; http.host; content:"80.94.92.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807438/; classtype:trojan-activity;sid:83670538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.131.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807436/; classtype:trojan-activity;sid:83670536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.60.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807435/; classtype:trojan-activity;sid:83670535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/zyzaycyz"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807433/; classtype:trojan-activity;sid:83670533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.247.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807434/; classtype:trojan-activity;sid:83670534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.66.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807432/; classtype:trojan-activity;sid:83670532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.250.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807431/; classtype:trojan-activity;sid:83670531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.179.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807430/; classtype:trojan-activity;sid:83670530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.134.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807429/; classtype:trojan-activity;sid:83670529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xn09eshy"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807428/; classtype:trojan-activity;sid:83670528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.69.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807427/; classtype:trojan-activity;sid:83670527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/tsbzq9yt"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807424/; classtype:trojan-activity;sid:83670524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/rkeugmue"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807425/; classtype:trojan-activity;sid:83670525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.210.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807426/; classtype:trojan-activity;sid:83670526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.94.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807423/; classtype:trojan-activity;sid:83670523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.103.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807422/; classtype:trojan-activity;sid:83670522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/mkvtrmlg"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807421/; classtype:trojan-activity;sid:83670521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.60.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807420/; classtype:trojan-activity;sid:83670520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/hqqlkx16"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807419/; classtype:trojan-activity;sid:83670519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.208.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807418/; classtype:trojan-activity;sid:83670518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/bxydurna"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807417/; classtype:trojan-activity;sid:83670517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807416/; classtype:trojan-activity;sid:83670516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.124.29.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807414/; classtype:trojan-activity;sid:83670514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807415/; classtype:trojan-activity;sid:83670515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.39.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807413/; classtype:trojan-activity;sid:83670513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/30362lq5"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807412/; classtype:trojan-activity;sid:83670512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807406/; classtype:trojan-activity;sid:83670506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807407/; classtype:trojan-activity;sid:83670507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807408/; classtype:trojan-activity;sid:83670508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807409/; classtype:trojan-activity;sid:83670509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807410/; classtype:trojan-activity;sid:83670510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807411/; classtype:trojan-activity;sid:83670511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807401/; classtype:trojan-activity;sid:83670501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807402/; classtype:trojan-activity;sid:83670502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807403/; classtype:trojan-activity;sid:83670503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807404/; classtype:trojan-activity;sid:83670504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807405/; classtype:trojan-activity;sid:83670505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.89.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807400/; classtype:trojan-activity;sid:83670500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.69.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807399/; classtype:trojan-activity;sid:83670499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.86.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807398/; classtype:trojan-activity;sid:83670498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.240.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807397/; classtype:trojan-activity;sid:83670497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.38.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807396/; classtype:trojan-activity;sid:83670496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/jetpack/json-endpoints/jetpack/hays_compiled_documents.zip"; depth:78; endswith; nocase; http.host; content:"felizcity.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807395/; classtype:trojan-activity;sid:83670495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/cards/660a48f3ed8f660125aa4d31/attachments/6615472237acc15ca27cb4ad/download/58888885.exe"; depth:92; endswith; nocase; http.host; content:"trello.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807394/; classtype:trojan-activity;sid:83670494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.86.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807393/; classtype:trojan-activity;sid:83670493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.174.100.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807392/; classtype:trojan-activity;sid:83670492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.223.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807391/; classtype:trojan-activity;sid:83670491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.7.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807390/; classtype:trojan-activity;sid:83670490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.206.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807388/; classtype:trojan-activity;sid:83670488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.39.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807389/; classtype:trojan-activity;sid:83670489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.196.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807387/; classtype:trojan-activity;sid:83670487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.176.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807386/; classtype:trojan-activity;sid:83670486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.210.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807385/; classtype:trojan-activity;sid:83670485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.183.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807384/; classtype:trojan-activity;sid:83670484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807383/; classtype:trojan-activity;sid:83670483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.131.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807382/; classtype:trojan-activity;sid:83670482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.46.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807381/; classtype:trojan-activity;sid:83670481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.111.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807380/; classtype:trojan-activity;sid:83670480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.199.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807379/; classtype:trojan-activity;sid:83670479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.206.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807378/; classtype:trojan-activity;sid:83670478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.183.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807377/; classtype:trojan-activity;sid:83670477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.23.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807376/; classtype:trojan-activity;sid:83670476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.210.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807375/; classtype:trojan-activity;sid:83670475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.176.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807374/; classtype:trojan-activity;sid:83670474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.13.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807373/; classtype:trojan-activity;sid:83670473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.92.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807372/; classtype:trojan-activity;sid:83670472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.129.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807370/; classtype:trojan-activity;sid:83670470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807371/; classtype:trojan-activity;sid:83670471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.122.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807369/; classtype:trojan-activity;sid:83670469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.171.200.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807367/; classtype:trojan-activity;sid:83670467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.203.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807368/; classtype:trojan-activity;sid:83670468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.13.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807366/; classtype:trojan-activity;sid:83670466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.59.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807365/; classtype:trojan-activity;sid:83670465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807364/; classtype:trojan-activity;sid:83670464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.10.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807363/; classtype:trojan-activity;sid:83670463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.224.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807362/; classtype:trojan-activity;sid:83670462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.111.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807361/; classtype:trojan-activity;sid:83670461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.99.23"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807360/; classtype:trojan-activity;sid:83670460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.64.85.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807359/; classtype:trojan-activity;sid:83670459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.60.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807358/; classtype:trojan-activity;sid:83670458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.50.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807357/; classtype:trojan-activity;sid:83670457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.121.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807356/; classtype:trojan-activity;sid:83670456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.112.39.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807355/; classtype:trojan-activity;sid:83670455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.225.211.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807354/; classtype:trojan-activity;sid:83670454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.46.7"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807353/; classtype:trojan-activity;sid:83670453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.92.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807352/; classtype:trojan-activity;sid:83670452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.188.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807351/; classtype:trojan-activity;sid:83670451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.176.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807349/; classtype:trojan-activity;sid:83670449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.241"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807350/; classtype:trojan-activity;sid:83670450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.100.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807347/; classtype:trojan-activity;sid:83670447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.247.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807348/; classtype:trojan-activity;sid:83670448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.217.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807346/; classtype:trojan-activity;sid:83670446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.248.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807344/; classtype:trojan-activity;sid:83670444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.237.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807345/; classtype:trojan-activity;sid:83670445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.46.7"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807343/; classtype:trojan-activity;sid:83670443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.43.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807342/; classtype:trojan-activity;sid:83670442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.36.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807341/; classtype:trojan-activity;sid:83670441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.60.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807340/; classtype:trojan-activity;sid:83670440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.145.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807339/; classtype:trojan-activity;sid:83670439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807338/; classtype:trojan-activity;sid:83670438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.158.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807337/; classtype:trojan-activity;sid:83670437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.239.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807336/; classtype:trojan-activity;sid:83670436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.134.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807334/; classtype:trojan-activity;sid:83670434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.144.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807335/; classtype:trojan-activity;sid:83670435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.225.211.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807332/; classtype:trojan-activity;sid:83670432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.202.197.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807333/; classtype:trojan-activity;sid:83670433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.190.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807331/; classtype:trojan-activity;sid:83670431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.219.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807330/; classtype:trojan-activity;sid:83670430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.158.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807329/; classtype:trojan-activity;sid:83670429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.52.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807328/; classtype:trojan-activity;sid:83670428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.23.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807327/; classtype:trojan-activity;sid:83670427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.144.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807324/; classtype:trojan-activity;sid:83670424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.247.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807325/; classtype:trojan-activity;sid:83670425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.15.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807326/; classtype:trojan-activity;sid:83670426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.237.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807323/; classtype:trojan-activity;sid:83670423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.36.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807322/; classtype:trojan-activity;sid:83670422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.183.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807321/; classtype:trojan-activity;sid:83670421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.35.92.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807320/; classtype:trojan-activity;sid:83670420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.38.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807319/; classtype:trojan-activity;sid:83670419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.202.197.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807318/; classtype:trojan-activity;sid:83670418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.109.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807317/; classtype:trojan-activity;sid:83670417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.134.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807314/; classtype:trojan-activity;sid:83670414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.49.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807315/; classtype:trojan-activity;sid:83670415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807316/; classtype:trojan-activity;sid:83670416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.32.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807313/; classtype:trojan-activity;sid:83670413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.49.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807312/; classtype:trojan-activity;sid:83670412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.250.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807311/; classtype:trojan-activity;sid:83670411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.239.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807310/; classtype:trojan-activity;sid:83670410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.183.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807309/; classtype:trojan-activity;sid:83670409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.202.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807308/; classtype:trojan-activity;sid:83670408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807307/; classtype:trojan-activity;sid:83670407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1227555885748977715/1227556716325900348/trustlauncher.rar|3f|ex=6628d648|7c|26|7c|is=66166148|7c|26|7c|hm=e3b79c18630023c6900ca7e307a1c8416193c480a6f3ba76bbccc973fde5b58b|7c|26|7c|"; depth:193; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807306/; classtype:trojan-activity;sid:83670406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.165.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807304/; classtype:trojan-activity;sid:83670404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.38.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807305/; classtype:trojan-activity;sid:83670405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.109.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807303/; classtype:trojan-activity;sid:83670403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.100.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807302/; classtype:trojan-activity;sid:83670402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.254.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807301/; classtype:trojan-activity;sid:83670401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/http.txt"; depth:9; endswith; nocase; http.host; content:"193.93.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807300/; classtype:trojan-activity;sid:83670400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.162.70.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807299/; classtype:trojan-activity;sid:83670399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.73.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807297/; classtype:trojan-activity;sid:83670397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.250.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807298/; classtype:trojan-activity;sid:83670398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.35.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807296/; classtype:trojan-activity;sid:83670396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.43.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807295/; classtype:trojan-activity;sid:83670395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.239.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807294/; classtype:trojan-activity;sid:83670394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.97.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807293/; classtype:trojan-activity;sid:83670393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807290/; classtype:trojan-activity;sid:83670390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807291/; classtype:trojan-activity;sid:83670391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807292/; classtype:trojan-activity;sid:83670392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807286/; classtype:trojan-activity;sid:83670386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807287/; classtype:trojan-activity;sid:83670387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807288/; classtype:trojan-activity;sid:83670388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807289/; classtype:trojan-activity;sid:83670389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807284/; classtype:trojan-activity;sid:83670384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807285/; classtype:trojan-activity;sid:83670385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807282/; classtype:trojan-activity;sid:83670382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"jswl.vipsf888.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807283/; classtype:trojan-activity;sid:83670383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.106.91.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807280/; classtype:trojan-activity;sid:83670380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/letluczia3zbt0eizrj2g/eni1rpftfkmewe1.img|3f|rlkey=41dw4d9jeenq5tiisf2fl47ms|7c|26|7c|dl=1"; depth:98; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807281/; classtype:trojan-activity;sid:83670381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.191.246.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807279/; classtype:trojan-activity;sid:83670379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.90.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807278/; classtype:trojan-activity;sid:83670378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.175.31.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807277/; classtype:trojan-activity;sid:83670377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.21.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807276/; classtype:trojan-activity;sid:83670376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807275/; classtype:trojan-activity;sid:83670375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logo.jpg"; depth:9; endswith; nocase; http.host; content:"a0943368.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807274/; classtype:trojan-activity;sid:83670374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807273/; classtype:trojan-activity;sid:83670373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807270/; classtype:trojan-activity;sid:83670370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807271/; classtype:trojan-activity;sid:83670371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807272/; classtype:trojan-activity;sid:83670372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807266/; classtype:trojan-activity;sid:83670366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807267/; classtype:trojan-activity;sid:83670367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807268/; classtype:trojan-activity;sid:83670368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807269/; classtype:trojan-activity;sid:83670369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807263/; classtype:trojan-activity;sid:83670363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807264/; classtype:trojan-activity;sid:83670364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807265/; classtype:trojan-activity;sid:83670365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807262/; classtype:trojan-activity;sid:83670362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807259/; classtype:trojan-activity;sid:83670359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807260/; classtype:trojan-activity;sid:83670360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807261/; classtype:trojan-activity;sid:83670361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807252/; classtype:trojan-activity;sid:83670352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807253/; classtype:trojan-activity;sid:83670353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807254/; classtype:trojan-activity;sid:83670354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807255/; classtype:trojan-activity;sid:83670355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807256/; classtype:trojan-activity;sid:83670356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807257/; classtype:trojan-activity;sid:83670357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"14.225.219.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807258/; classtype:trojan-activity;sid:83670358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.160.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807251/; classtype:trojan-activity;sid:83670351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.43.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807250/; classtype:trojan-activity;sid:83670350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.254.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807249/; classtype:trojan-activity;sid:83670349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.87.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807248/; classtype:trojan-activity;sid:83670348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.214.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807247/; classtype:trojan-activity;sid:83670347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.162.70.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807246/; classtype:trojan-activity;sid:83670346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.47.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807245/; classtype:trojan-activity;sid:83670345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.113.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807244/; classtype:trojan-activity;sid:83670344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.82.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807243/; classtype:trojan-activity;sid:83670343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.202.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807242/; classtype:trojan-activity;sid:83670342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.155.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807241/; classtype:trojan-activity;sid:83670341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.21.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807240/; classtype:trojan-activity;sid:83670340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.97.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807239/; classtype:trojan-activity;sid:83670339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807237/; classtype:trojan-activity;sid:83670337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.89.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807238/; classtype:trojan-activity;sid:83670338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"104.234.204.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807236/; classtype:trojan-activity;sid:83670336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.190.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807235/; classtype:trojan-activity;sid:83670335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips.nn"; depth:13; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807225/; classtype:trojan-activity;sid:83670325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64.nn"; depth:15; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807226/; classtype:trojan-activity;sid:83670326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc.nn"; depth:12; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807227/; classtype:trojan-activity;sid:83670327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl.nn"; depth:13; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807228/; classtype:trojan-activity;sid:83670328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm.nn"; depth:12; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807229/; classtype:trojan-activity;sid:83670329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc.nn"; depth:12; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807230/; classtype:trojan-activity;sid:83670330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_32.nn"; depth:15; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807231/; classtype:trojan-activity;sid:83670331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k.nn"; depth:13; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807232/; classtype:trojan-activity;sid:83670332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4.nn"; depth:12; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807233/; classtype:trojan-activity;sid:83670333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7.nn"; depth:13; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807234/; classtype:trojan-activity;sid:83670334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.155.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807224/; classtype:trojan-activity;sid:83670324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.zip"; depth:9; endswith; nocase; http.host; content:"128.199.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807223/; classtype:trojan-activity;sid:83670323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.194.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807222/; classtype:trojan-activity;sid:83670322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807211/; classtype:trojan-activity;sid:83670311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807212/; classtype:trojan-activity;sid:83670312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807213/; classtype:trojan-activity;sid:83670313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807214/; classtype:trojan-activity;sid:83670314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807215/; classtype:trojan-activity;sid:83670315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807216/; classtype:trojan-activity;sid:83670316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807217/; classtype:trojan-activity;sid:83670317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807218/; classtype:trojan-activity;sid:83670318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807219/; classtype:trojan-activity;sid:83670319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807220/; classtype:trojan-activity;sid:83670320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"162.214.103.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807221/; classtype:trojan-activity;sid:83670321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.47.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807210/; classtype:trojan-activity;sid:83670310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.214.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807209/; classtype:trojan-activity;sid:83670309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807203/; classtype:trojan-activity;sid:83670303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807204/; classtype:trojan-activity;sid:83670304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.240.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807205/; classtype:trojan-activity;sid:83670305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807206/; classtype:trojan-activity;sid:83670306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807207/; classtype:trojan-activity;sid:83670307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807208/; classtype:trojan-activity;sid:83670308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807197/; classtype:trojan-activity;sid:83670297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807198/; classtype:trojan-activity;sid:83670298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807199/; classtype:trojan-activity;sid:83670299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807200/; classtype:trojan-activity;sid:83670300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807201/; classtype:trojan-activity;sid:83670301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"162.214.103.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807202/; classtype:trojan-activity;sid:83670302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807196/; classtype:trojan-activity;sid:83670296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.190.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807195/; classtype:trojan-activity;sid:83670295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.221.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807194/; classtype:trojan-activity;sid:83670294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.106.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807193/; classtype:trojan-activity;sid:83670293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.202.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807192/; classtype:trojan-activity;sid:83670292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.12.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807191/; classtype:trojan-activity;sid:83670291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.7.208.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807190/; classtype:trojan-activity;sid:83670290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.143.18.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807189/; classtype:trojan-activity;sid:83670289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.47.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807188/; classtype:trojan-activity;sid:83670288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.20.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807187/; classtype:trojan-activity;sid:83670287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807186/; classtype:trojan-activity;sid:83670286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.212.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807185/; classtype:trojan-activity;sid:83670285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.181.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807182/; classtype:trojan-activity;sid:83670282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.220.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807183/; classtype:trojan-activity;sid:83670283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.240.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807184/; classtype:trojan-activity;sid:83670284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.236.187.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807181/; classtype:trojan-activity;sid:83670281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.201.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807180/; classtype:trojan-activity;sid:83670280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.194.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807179/; classtype:trojan-activity;sid:83670279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.6.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807178/; classtype:trojan-activity;sid:83670278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdtzx.scr"; depth:10; endswith; nocase; http.host; content:"covid19help.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807177/; classtype:trojan-activity;sid:83670277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.84.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807176/; classtype:trojan-activity;sid:83670276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.176.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807175/; classtype:trojan-activity;sid:83670275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.12.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807174/; classtype:trojan-activity;sid:83670274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.143.18.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807173/; classtype:trojan-activity;sid:83670273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.24.241"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807172/; classtype:trojan-activity;sid:83670272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.201.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807171/; classtype:trojan-activity;sid:83670271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.236.187.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807170/; classtype:trojan-activity;sid:83670270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.38.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807169/; classtype:trojan-activity;sid:83670269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.211.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807168/; classtype:trojan-activity;sid:83670268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.208.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807167/; classtype:trojan-activity;sid:83670267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.158.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807166/; classtype:trojan-activity;sid:83670266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tesgs.exe"; depth:10; endswith; nocase; http.host; content:"185.196.8.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807164/; classtype:trojan-activity;sid:83670264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.36.175.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807165/; classtype:trojan-activity;sid:83670265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807163/; classtype:trojan-activity;sid:83670263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.13.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807162/; classtype:trojan-activity;sid:83670262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.54.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807160/; classtype:trojan-activity;sid:83670260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.233.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807161/; classtype:trojan-activity;sid:83670261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/java.jpg"; depth:9; endswith; nocase; http.host; content:"80.94.92.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807159/; classtype:trojan-activity;sid:83670259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.252.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807158/; classtype:trojan-activity;sid:83670258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.mpsl"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807151/; classtype:trojan-activity;sid:83670251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.arm5"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807152/; classtype:trojan-activity;sid:83670252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.m68k"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807153/; classtype:trojan-activity;sid:83670253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.arm6"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807154/; classtype:trojan-activity;sid:83670254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.x86"; depth:14; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807155/; classtype:trojan-activity;sid:83670255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.sh4"; depth:14; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807156/; classtype:trojan-activity;sid:83670256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.arm"; depth:14; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807157/; classtype:trojan-activity;sid:83670257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.ppc"; depth:14; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807148/; classtype:trojan-activity;sid:83670248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.arm7"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807149/; classtype:trojan-activity;sid:83670249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nine.mips"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807150/; classtype:trojan-activity;sid:83670250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.94.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807147/; classtype:trojan-activity;sid:83670247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.191.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807146/; classtype:trojan-activity;sid:83670246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.211.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807145/; classtype:trojan-activity;sid:83670245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.173.96.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807144/; classtype:trojan-activity;sid:83670244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.22.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807143/; classtype:trojan-activity;sid:83670243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.38.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807141/; classtype:trojan-activity;sid:83670241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.36.175.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807142/; classtype:trojan-activity;sid:83670242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.230.185.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807140/; classtype:trojan-activity;sid:83670240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.203.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807139/; classtype:trojan-activity;sid:83670239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.92.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807138/; classtype:trojan-activity;sid:83670238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.176.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807137/; classtype:trojan-activity;sid:83670237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.91.82.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807136/; classtype:trojan-activity;sid:83670236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.252.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807135/; classtype:trojan-activity;sid:83670235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.212.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807134/; classtype:trojan-activity;sid:83670234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.72.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807133/; classtype:trojan-activity;sid:83670233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.130.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807132/; classtype:trojan-activity;sid:83670232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pass"; depth:5; endswith; nocase; http.host; content:"80.94.92.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807130/; classtype:trojan-activity;sid:83670230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.141.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807131/; classtype:trojan-activity;sid:83670231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.74.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807127/; classtype:trojan-activity;sid:83670227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.233.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807128/; classtype:trojan-activity;sid:83670228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.36.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807129/; classtype:trojan-activity;sid:83670229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.81.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807126/; classtype:trojan-activity;sid:83670226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5|3f|ddos"; depth:13; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807125/; classtype:trojan-activity;sid:83670225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.26.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807124/; classtype:trojan-activity;sid:83670224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.108.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807123/; classtype:trojan-activity;sid:83670223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.80.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807122/; classtype:trojan-activity;sid:83670222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.208.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807121/; classtype:trojan-activity;sid:83670221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sex.sh"; depth:7; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807120/; classtype:trojan-activity;sid:83670220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807117/; classtype:trojan-activity;sid:83670217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807118/; classtype:trojan-activity;sid:83670218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807119/; classtype:trojan-activity;sid:83670219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co"; depth:3; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807112/; classtype:trojan-activity;sid:83670212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm61"; depth:6; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807113/; classtype:trojan-activity;sid:83670213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc"; depth:3; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807114/; classtype:trojan-activity;sid:83670214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dss"; depth:4; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807115/; classtype:trojan-activity;sid:83670215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807116/; classtype:trojan-activity;sid:83670216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807107/; classtype:trojan-activity;sid:83670207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807108/; classtype:trojan-activity;sid:83670208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/586"; depth:4; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807109/; classtype:trojan-activity;sid:83670209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807110/; classtype:trojan-activity;sid:83670210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"rubiconviewer.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807111/; classtype:trojan-activity;sid:83670211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.91.82.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807106/; classtype:trojan-activity;sid:83670206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.92.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807105/; classtype:trojan-activity;sid:83670205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807099/; classtype:trojan-activity;sid:83670199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807100/; classtype:trojan-activity;sid:83670200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807101/; classtype:trojan-activity;sid:83670201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807102/; classtype:trojan-activity;sid:83670202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807103/; classtype:trojan-activity;sid:83670203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807104/; classtype:trojan-activity;sid:83670204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807097/; classtype:trojan-activity;sid:83670197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807098/; classtype:trojan-activity;sid:83670198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807094/; classtype:trojan-activity;sid:83670194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807095/; classtype:trojan-activity;sid:83670195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807096/; classtype:trojan-activity;sid:83670196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"zhudaji.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807093/; classtype:trojan-activity;sid:83670193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.203.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807092/; classtype:trojan-activity;sid:83670192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weednet"; depth:8; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807085/; classtype:trojan-activity;sid:83670185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ballnet"; depth:8; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807086/; classtype:trojan-activity;sid:83670186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dicknet"; depth:8; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807087/; classtype:trojan-activity;sid:83670187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807088/; classtype:trojan-activity;sid:83670188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swatnet"; depth:8; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807089/; classtype:trojan-activity;sid:83670189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unet"; depth:5; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807090/; classtype:trojan-activity;sid:83670190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cracknet"; depth:9; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807091/; classtype:trojan-activity;sid:83670191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fucknet"; depth:8; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807079/; classtype:trojan-activity;sid:83670179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/queernet"; depth:9; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807080/; classtype:trojan-activity;sid:83670180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gaynet"; depth:7; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807081/; classtype:trojan-activity;sid:83670181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net"; depth:4; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807082/; classtype:trojan-activity;sid:83670182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet"; depth:7; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807083/; classtype:trojan-activity;sid:83670183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cock"; depth:5; endswith; nocase; http.host; content:"emv1.ib-comm-gateway.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807084/; classtype:trojan-activity;sid:83670184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.225.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807078/; classtype:trojan-activity;sid:83670178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net"; depth:4; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807070/; classtype:trojan-activity;sid:83670170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cock"; depth:5; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807071/; classtype:trojan-activity;sid:83670171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/queernet"; depth:9; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807072/; classtype:trojan-activity;sid:83670172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dicknet"; depth:8; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807073/; classtype:trojan-activity;sid:83670173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weednet"; depth:8; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807074/; classtype:trojan-activity;sid:83670174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fucknet"; depth:8; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807075/; classtype:trojan-activity;sid:83670175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cracknet"; depth:9; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807076/; classtype:trojan-activity;sid:83670176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unet"; depth:5; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807077/; classtype:trojan-activity;sid:83670177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swatnet"; depth:8; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807068/; classtype:trojan-activity;sid:83670168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ballnet"; depth:8; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807069/; classtype:trojan-activity;sid:83670169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gaynet"; depth:7; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807066/; classtype:trojan-activity;sid:83670166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet"; depth:7; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807067/; classtype:trojan-activity;sid:83670167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yougay"; depth:7; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807065/; classtype:trojan-activity;sid:83670165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807064/; classtype:trojan-activity;sid:83670164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.44.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807063/; classtype:trojan-activity;sid:83670163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.37.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807062/; classtype:trojan-activity;sid:83670162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.138.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807061/; classtype:trojan-activity;sid:83670161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807059/; classtype:trojan-activity;sid:83670159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.56.148.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807060/; classtype:trojan-activity;sid:83670160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.108.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807058/; classtype:trojan-activity;sid:83670158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.157.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807057/; classtype:trojan-activity;sid:83670157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sh"; depth:5; endswith; nocase; http.host; content:"107.172.214.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807056/; classtype:trojan-activity;sid:83670156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miner.sh"; depth:9; endswith; nocase; http.host; content:"194.156.98.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807054/; classtype:trojan-activity;sid:83670154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.112.39.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807055/; classtype:trojan-activity;sid:83670155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"107.172.214.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807053/; classtype:trojan-activity;sid:83670153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.56.148.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807052/; classtype:trojan-activity;sid:83670152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.255.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807050/; classtype:trojan-activity;sid:83670150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.247.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807051/; classtype:trojan-activity;sid:83670151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.236.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807049/; classtype:trojan-activity;sid:83670149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxzx/arm"; depth:9; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807047/; classtype:trojan-activity;sid:83670147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxzx/arm5"; depth:10; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807048/; classtype:trojan-activity;sid:83670148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxzx/arm6"; depth:10; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807041/; classtype:trojan-activity;sid:83670141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxzx/arm7"; depth:10; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807042/; classtype:trojan-activity;sid:83670142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticmpsl"; depth:16; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807043/; classtype:trojan-activity;sid:83670143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxzx/i686"; depth:10; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807044/; classtype:trojan-activity;sid:83670144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxzx/i586"; depth:10; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807045/; classtype:trojan-activity;sid:83670145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxzx/mips"; depth:10; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807046/; classtype:trojan-activity;sid:83670146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxzx/mipsel"; depth:12; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807038/; classtype:trojan-activity;sid:83670138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticarm5"; depth:16; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807039/; classtype:trojan-activity;sid:83670139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticarm64"; depth:17; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807040/; classtype:trojan-activity;sid:83670140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticm68k"; depth:16; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807037/; classtype:trojan-activity;sid:83670137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticsh4"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807027/; classtype:trojan-activity;sid:83670127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/statici686"; depth:16; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807028/; classtype:trojan-activity;sid:83670128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticmips"; depth:16; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807029/; classtype:trojan-activity;sid:83670129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticx86"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807030/; classtype:trojan-activity;sid:83670130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticarm"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807031/; classtype:trojan-activity;sid:83670131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticspc"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807032/; classtype:trojan-activity;sid:83670132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticarc"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807033/; classtype:trojan-activity;sid:83670133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticarm7"; depth:16; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807034/; classtype:trojan-activity;sid:83670134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticppc"; depth:15; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807035/; classtype:trojan-activity;sid:83670135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/staticarm6"; depth:16; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807036/; classtype:trojan-activity;sid:83670136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nigger.sh"; depth:10; endswith; nocase; http.host; content:"91.92.242.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807026/; classtype:trojan-activity;sid:83670126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807023/; classtype:trojan-activity;sid:83670123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matrixexp.sh"; depth:13; endswith; nocase; http.host; content:"42.96.15.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807024/; classtype:trojan-activity;sid:83670124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nig.sh"; depth:7; endswith; nocase; http.host; content:"91.92.250.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807025/; classtype:trojan-activity;sid:83670125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infectedn.sh"; depth:13; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807014/; classtype:trojan-activity;sid:83670114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"45.148.244.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807015/; classtype:trojan-activity;sid:83670115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807016/; classtype:trojan-activity;sid:83670116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807017/; classtype:trojan-activity;sid:83670117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807018/; classtype:trojan-activity;sid:83670118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807019/; classtype:trojan-activity;sid:83670119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807020/; classtype:trojan-activity;sid:83670120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807021/; classtype:trojan-activity;sid:83670121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"179.43.168.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807022/; classtype:trojan-activity;sid:83670122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807003/; classtype:trojan-activity;sid:83670103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807004/; classtype:trojan-activity;sid:83670104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807005/; classtype:trojan-activity;sid:83670105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sinfull.sh"; depth:11; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807006/; classtype:trojan-activity;sid:83670106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"185.216.70.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807007/; classtype:trojan-activity;sid:83670107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807008/; classtype:trojan-activity;sid:83670108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807009/; classtype:trojan-activity;sid:83670109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807010/; classtype:trojan-activity;sid:83670110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"147.78.103.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807011/; classtype:trojan-activity;sid:83670111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807012/; classtype:trojan-activity;sid:83670112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"93.123.85.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807013/; classtype:trojan-activity;sid:83670113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.172.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807002/; classtype:trojan-activity;sid:83670102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.13.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807001/; classtype:trojan-activity;sid:83670101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.247.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807000/; classtype:trojan-activity;sid:83670100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.185.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806999/; classtype:trojan-activity;sid:83670099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.251.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806998/; classtype:trojan-activity;sid:83670098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.121.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806997/; classtype:trojan-activity;sid:83670097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.209.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806995/; classtype:trojan-activity;sid:83670095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.11.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806996/; classtype:trojan-activity;sid:83670096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806992/; classtype:trojan-activity;sid:83670092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806993/; classtype:trojan-activity;sid:83670093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806994/; classtype:trojan-activity;sid:83670094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806991/; classtype:trojan-activity;sid:83670091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806988/; classtype:trojan-activity;sid:83670088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806989/; classtype:trojan-activity;sid:83670089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806990/; classtype:trojan-activity;sid:83670090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806985/; classtype:trojan-activity;sid:83670085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806986/; classtype:trojan-activity;sid:83670086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806987/; classtype:trojan-activity;sid:83670087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"2.58.95.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806984/; classtype:trojan-activity;sid:83670084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/key"; depth:4; endswith; nocase; http.host; content:"2.57.122.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806983/; classtype:trojan-activity;sid:83670083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806975/; classtype:trojan-activity;sid:83670075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806976/; classtype:trojan-activity;sid:83670076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806977/; classtype:trojan-activity;sid:83670077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806978/; classtype:trojan-activity;sid:83670078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806979/; classtype:trojan-activity;sid:83670079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bm%5d"; depth:8; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806980/; classtype:trojan-activity;sid:83670080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm6"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806981/; classtype:trojan-activity;sid:83670081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806982/; classtype:trojan-activity;sid:83670082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806974/; classtype:trojan-activity;sid:83670074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806968/; classtype:trojan-activity;sid:83670068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806969/; classtype:trojan-activity;sid:83670069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806970/; classtype:trojan-activity;sid:83670070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806971/; classtype:trojan-activity;sid:83670071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806972/; classtype:trojan-activity;sid:83670072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"166.88.61.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806973/; classtype:trojan-activity;sid:83670073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806967/; classtype:trojan-activity;sid:83670067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806964/; classtype:trojan-activity;sid:83670064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.mpsl"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806965/; classtype:trojan-activity;sid:83670065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806966/; classtype:trojan-activity;sid:83670066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.i686"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806954/; classtype:trojan-activity;sid:83670054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm5"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806955/; classtype:trojan-activity;sid:83670055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806956/; classtype:trojan-activity;sid:83670056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806957/; classtype:trojan-activity;sid:83670057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806958/; classtype:trojan-activity;sid:83670058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.sparc"; depth:12; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806959/; classtype:trojan-activity;sid:83670059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.x86"; depth:10; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806960/; classtype:trojan-activity;sid:83670060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.mips"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806961/; classtype:trojan-activity;sid:83670061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.sh4"; depth:10; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806962/; classtype:trojan-activity;sid:83670062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm7"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806963/; classtype:trojan-activity;sid:83670063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806947/; classtype:trojan-activity;sid:83670047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.ppc"; depth:10; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806948/; classtype:trojan-activity;sid:83670048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm4"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806949/; classtype:trojan-activity;sid:83670049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.i586"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806950/; classtype:trojan-activity;sid:83670050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806951/; classtype:trojan-activity;sid:83670051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.m68k"; depth:11; endswith; nocase; http.host; content:"38.89.76.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806952/; classtype:trojan-activity;sid:83670052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806953/; classtype:trojan-activity;sid:83670053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806945/; classtype:trojan-activity;sid:83670045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"199.195.249.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806946/; classtype:trojan-activity;sid:83670046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.236.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806944/; classtype:trojan-activity;sid:83670044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.172.69.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806943/; classtype:trojan-activity;sid:83670043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.189.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806942/; classtype:trojan-activity;sid:83670042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.120.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806941/; classtype:trojan-activity;sid:83670041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.39.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806940/; classtype:trojan-activity;sid:83670040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806939/; classtype:trojan-activity;sid:83670039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.33.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806938/; classtype:trojan-activity;sid:83670038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806937/; classtype:trojan-activity;sid:83670037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.251.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806936/; classtype:trojan-activity;sid:83670036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.209.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806935/; classtype:trojan-activity;sid:83670035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.11.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806934/; classtype:trojan-activity;sid:83670034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.45.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806933/; classtype:trojan-activity;sid:83670033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.47.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806931/; classtype:trojan-activity;sid:83670031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.50.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806932/; classtype:trojan-activity;sid:83670032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.142.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806930/; classtype:trojan-activity;sid:83670030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.42.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806928/; classtype:trojan-activity;sid:83670028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.180.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806929/; classtype:trojan-activity;sid:83670029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.248.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806927/; classtype:trojan-activity;sid:83670027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.150.241.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806924/; classtype:trojan-activity;sid:83670024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.224.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806925/; classtype:trojan-activity;sid:83670025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806926/; classtype:trojan-activity;sid:83670026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.111.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806923/; classtype:trojan-activity;sid:83670023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.191.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806922/; classtype:trojan-activity;sid:83670022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806921/; classtype:trojan-activity;sid:83670021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.212.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806920/; classtype:trojan-activity;sid:83670020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.219.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806919/; classtype:trojan-activity;sid:83670019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.241.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806918/; classtype:trojan-activity;sid:83670018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/batushka/inte.exe"; depth:18; endswith; nocase; http.host; content:"guatemalacayerealestate.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806916/; classtype:trojan-activity;sid:83670016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.49.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806917/; classtype:trojan-activity;sid:83670017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.226.154.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806914/; classtype:trojan-activity;sid:83670014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.219.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806915/; classtype:trojan-activity;sid:83670015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.37.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806913/; classtype:trojan-activity;sid:83670013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.39.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806912/; classtype:trojan-activity;sid:83670012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.209.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806911/; classtype:trojan-activity;sid:83670011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.78.67.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806910/; classtype:trojan-activity;sid:83670010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.189.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806909/; classtype:trojan-activity;sid:83670009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806908/; classtype:trojan-activity;sid:83670008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.159.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806907/; classtype:trojan-activity;sid:83670007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.161.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806906/; classtype:trojan-activity;sid:83670006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file_premium/z5mjf8l9iucbxw3/rz_laun_v_6.37.zip/file"; depth:53; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806905/; classtype:trojan-activity;sid:83670005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/trustlauncher.rar"; depth:23; endswith; nocase; http.host; content:"alebtechnologie.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806904/; classtype:trojan-activity;sid:83670004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adobe_setup.zip"; depth:16; endswith; nocase; http.host; content:"adobetools.ucoz.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806902/; classtype:trojan-activity;sid:83670002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1132464740040454247/1227119202087997450/deushack_pass_123.rar|3f|ex=66273ed0|7c|26|7c|is=6614c9d0|7c|26|7c|hm=64376be8d78c77738a835d617548e20c2286ed4f512fd1080b555d94a9b6306d|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806900/; classtype:trojan-activity;sid:83670000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1quojns2gd14xigipnfz-zzcvyn6bfrun"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806901/; classtype:trojan-activity;sid:83670001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/kebab_ext_v2.zip"; depth:23; endswith; nocase; http.host; content:"kebabcheats.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806897/; classtype:trojan-activity;sid:83669997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1223619319896739930/1224905718864281640/fixer.zip|3f|ex=661f3159|7c|26|7c|is=660cbc59|7c|26|7c|hm=f84a1f3b406731ded9693fbd05c93d9477300661bef054a2b776d5f892ff334a|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806898/; classtype:trojan-activity;sid:83669998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1217092741394337893/1223998175770050692/fix.zip|3f|ex=66251ea1|7c|26|7c|is=6612a9a1|7c|26|7c|hm=2df98ca6acfe3b9a03d233303ea9fa24fcccfc2c9741a2bd777142481c1e1815|7c|26|7c|"; depth:183; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806899/; classtype:trojan-activity;sid:83669999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1217092741394337893/1227343713710379029/x86.zip|3f|ex=66280fe8|7c|26|7c|is=66159ae8|7c|26|7c|hm=251438dc2db7074a43c327857128dde7c8694177c5f5b2c7cf5587f5de64e75c|7c|26|7c|"; depth:183; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806896/; classtype:trojan-activity;sid:83669996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12785910120909.zip"; depth:19; endswith; nocase; http.host; content:"www.comerciojobsinformativo.is-into-cartoons.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806895/; classtype:trojan-activity;sid:83669995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806894/; classtype:trojan-activity;sid:83669994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.226.154.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806893/; classtype:trojan-activity;sid:83669993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.159.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806892/; classtype:trojan-activity;sid:83669992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.11.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806890/; classtype:trojan-activity;sid:83669990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.79.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806891/; classtype:trojan-activity;sid:83669991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.2.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806889/; classtype:trojan-activity;sid:83669989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.209.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806887/; classtype:trojan-activity;sid:83669987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.78.67.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806888/; classtype:trojan-activity;sid:83669988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.101.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806886/; classtype:trojan-activity;sid:83669986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.66.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806885/; classtype:trojan-activity;sid:83669985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"188.150.231.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806884/; classtype:trojan-activity;sid:83669984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.131.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806882/; classtype:trojan-activity;sid:83669982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.214.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806883/; classtype:trojan-activity;sid:83669983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806881/; classtype:trojan-activity;sid:83669981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.130.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806880/; classtype:trojan-activity;sid:83669980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.142.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806878/; classtype:trojan-activity;sid:83669978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.227.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806879/; classtype:trojan-activity;sid:83669979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806877/; classtype:trojan-activity;sid:83669977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.117.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806876/; classtype:trojan-activity;sid:83669976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806875/; classtype:trojan-activity;sid:83669975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.94.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806873/; classtype:trojan-activity;sid:83669973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.79.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806874/; classtype:trojan-activity;sid:83669974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806872/; classtype:trojan-activity;sid:83669972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.214.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806871/; classtype:trojan-activity;sid:83669971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806870/; classtype:trojan-activity;sid:83669970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.9.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806869/; classtype:trojan-activity;sid:83669969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806868/; classtype:trojan-activity;sid:83669968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.142.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806867/; classtype:trojan-activity;sid:83669967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.95.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806866/; classtype:trojan-activity;sid:83669966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.130.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806865/; classtype:trojan-activity;sid:83669965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806864/; classtype:trojan-activity;sid:83669964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.227.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806863/; classtype:trojan-activity;sid:83669963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.108.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806861/; classtype:trojan-activity;sid:83669961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.25.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806862/; classtype:trojan-activity;sid:83669962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.94.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806860/; classtype:trojan-activity;sid:83669960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806859/; classtype:trojan-activity;sid:83669959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806858/; classtype:trojan-activity;sid:83669958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/negra/vegan.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806857/; classtype:trojan-activity;sid:83669957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cost/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806856/; classtype:trojan-activity;sid:83669956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/kjk/kj/heisbestgirlieeverseeninmylifeiwanttokissherbadlytheniwillfuckherbadlysheismywife___ilovehertrulyfromtheheartsheismygirllover.doc"; depth:143; endswith; nocase; http.host; content:"192.3.95.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806855/; classtype:trojan-activity;sid:83669955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.79.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806854/; classtype:trojan-activity;sid:83669954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806853/; classtype:trojan-activity;sid:83669953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.45.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806852/; classtype:trojan-activity;sid:83669952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.230.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806851/; classtype:trojan-activity;sid:83669951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.94.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806850/; classtype:trojan-activity;sid:83669950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.169.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806848/; classtype:trojan-activity;sid:83669948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.5.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806849/; classtype:trojan-activity;sid:83669949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.116.149.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806847/; classtype:trojan-activity;sid:83669947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.166"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806846/; classtype:trojan-activity;sid:83669946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.209.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806845/; classtype:trojan-activity;sid:83669945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806844/; classtype:trojan-activity;sid:83669944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.68.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806843/; classtype:trojan-activity;sid:83669943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.112.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806842/; classtype:trojan-activity;sid:83669942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.127.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806841/; classtype:trojan-activity;sid:83669941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.45.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806840/; classtype:trojan-activity;sid:83669940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.58.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806839/; classtype:trojan-activity;sid:83669939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.116.149.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806838/; classtype:trojan-activity;sid:83669938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.66.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806837/; classtype:trojan-activity;sid:83669937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.209.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806836/; classtype:trojan-activity;sid:83669936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.151.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806835/; classtype:trojan-activity;sid:83669935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.138.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806834/; classtype:trojan-activity;sid:83669934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806833/; classtype:trojan-activity;sid:83669933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.181.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806832/; classtype:trojan-activity;sid:83669932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.127.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806831/; classtype:trojan-activity;sid:83669931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.89.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806830/; classtype:trojan-activity;sid:83669930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.3.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806829/; classtype:trojan-activity;sid:83669929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.124.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806828/; classtype:trojan-activity;sid:83669928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.208.56.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806827/; classtype:trojan-activity;sid:83669927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.151.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806826/; classtype:trojan-activity;sid:83669926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.108.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806825/; classtype:trojan-activity;sid:83669925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.225.1"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806824/; classtype:trojan-activity;sid:83669924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.130.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806823/; classtype:trojan-activity;sid:83669923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"90.63.155.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806822/; classtype:trojan-activity;sid:83669922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.113.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806821/; classtype:trojan-activity;sid:83669921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.202.91.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806820/; classtype:trojan-activity;sid:83669920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.14.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806819/; classtype:trojan-activity;sid:83669919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.183.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806818/; classtype:trojan-activity;sid:83669918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.29.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806817/; classtype:trojan-activity;sid:83669917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.21.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806816/; classtype:trojan-activity;sid:83669916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.95.224.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806815/; classtype:trojan-activity;sid:83669915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.240.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806814/; classtype:trojan-activity;sid:83669914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.191.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806813/; classtype:trojan-activity;sid:83669913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.148.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806812/; classtype:trojan-activity;sid:83669912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.75.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806811/; classtype:trojan-activity;sid:83669911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.148.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806810/; classtype:trojan-activity;sid:83669910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.25.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806809/; classtype:trojan-activity;sid:83669909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.89.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806808/; classtype:trojan-activity;sid:83669908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.9.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806807/; classtype:trojan-activity;sid:83669907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.27.34.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806806/; classtype:trojan-activity;sid:83669906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.114.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806805/; classtype:trojan-activity;sid:83669905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.241.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806803/; classtype:trojan-activity;sid:83669903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.134.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806804/; classtype:trojan-activity;sid:83669904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.252.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806802/; classtype:trojan-activity;sid:83669902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.190.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806801/; classtype:trojan-activity;sid:83669901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.35.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806800/; classtype:trojan-activity;sid:83669900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.39.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806799/; classtype:trojan-activity;sid:83669899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.14.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806798/; classtype:trojan-activity;sid:83669898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.116.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806797/; classtype:trojan-activity;sid:83669897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lets.exe"; depth:9; endswith; nocase; http.host; content:"154.23.178.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806796/; classtype:trojan-activity;sid:83669896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.20.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806794/; classtype:trojan-activity;sid:83669894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.13.1.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806795/; classtype:trojan-activity;sid:83669895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.22.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806793/; classtype:trojan-activity;sid:83669893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.222.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806792/; classtype:trojan-activity;sid:83669892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.82.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806790/; classtype:trojan-activity;sid:83669890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.149.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806791/; classtype:trojan-activity;sid:83669891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.241.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806789/; classtype:trojan-activity;sid:83669889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806788/; classtype:trojan-activity;sid:83669888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.85.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806786/; classtype:trojan-activity;sid:83669886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.116.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806787/; classtype:trojan-activity;sid:83669887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.190.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806785/; classtype:trojan-activity;sid:83669885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.2.49"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806784/; classtype:trojan-activity;sid:83669884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.252.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806783/; classtype:trojan-activity;sid:83669883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.39.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806782/; classtype:trojan-activity;sid:83669882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806781/; classtype:trojan-activity;sid:83669881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.138.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806779/; classtype:trojan-activity;sid:83669879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.44.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806780/; classtype:trojan-activity;sid:83669880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.41.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806778/; classtype:trojan-activity;sid:83669878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.218.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806777/; classtype:trojan-activity;sid:83669877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.142.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806775/; classtype:trojan-activity;sid:83669875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.210.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806776/; classtype:trojan-activity;sid:83669876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.9.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806774/; classtype:trojan-activity;sid:83669874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.248.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806773/; classtype:trojan-activity;sid:83669873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.243.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806772/; classtype:trojan-activity;sid:83669872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.82.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806771/; classtype:trojan-activity;sid:83669871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.29.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806769/; classtype:trojan-activity;sid:83669869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806770/; classtype:trojan-activity;sid:83669870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.20.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806768/; classtype:trojan-activity;sid:83669868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.149.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806767/; classtype:trojan-activity;sid:83669867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806765/; classtype:trojan-activity;sid:83669865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806766/; classtype:trojan-activity;sid:83669866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.209.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806764/; classtype:trojan-activity;sid:83669864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.206.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806763/; classtype:trojan-activity;sid:83669863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.226.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806761/; classtype:trojan-activity;sid:83669861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.2.49"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806762/; classtype:trojan-activity;sid:83669862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.153.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806759/; classtype:trojan-activity;sid:83669859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806760/; classtype:trojan-activity;sid:83669860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806758/; classtype:trojan-activity;sid:83669858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.23.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806757/; classtype:trojan-activity;sid:83669857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.4.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806756/; classtype:trojan-activity;sid:83669856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.147.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806755/; classtype:trojan-activity;sid:83669855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.55.13.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806754/; classtype:trojan-activity;sid:83669854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.243.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806753/; classtype:trojan-activity;sid:83669853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.248.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806752/; classtype:trojan-activity;sid:83669852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.81.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806751/; classtype:trojan-activity;sid:83669851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.221.214.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806749/; classtype:trojan-activity;sid:83669849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.58.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806750/; classtype:trojan-activity;sid:83669850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.20.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806748/; classtype:trojan-activity;sid:83669848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.41.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806747/; classtype:trojan-activity;sid:83669847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.32.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806746/; classtype:trojan-activity;sid:83669846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.217.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806745/; classtype:trojan-activity;sid:83669845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.89.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806744/; classtype:trojan-activity;sid:83669844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.64.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806743/; classtype:trojan-activity;sid:83669843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.226.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806742/; classtype:trojan-activity;sid:83669842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"pbf.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806740/; classtype:trojan-activity;sid:83669840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"75.32.190.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806741/; classtype:trojan-activity;sid:83669841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.127.189.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806737/; classtype:trojan-activity;sid:83669837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806738/; classtype:trojan-activity;sid:83669838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.104.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806739/; classtype:trojan-activity;sid:83669839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806736/; classtype:trojan-activity;sid:83669836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.254.248.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806735/; classtype:trojan-activity;sid:83669835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.217.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806734/; classtype:trojan-activity;sid:83669834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.176.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806733/; classtype:trojan-activity;sid:83669833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.108.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806732/; classtype:trojan-activity;sid:83669832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.i586"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806731/; classtype:trojan-activity;sid:83669831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806725/; classtype:trojan-activity;sid:83669825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806726/; classtype:trojan-activity;sid:83669826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806727/; classtype:trojan-activity;sid:83669827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806728/; classtype:trojan-activity;sid:83669828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806729/; classtype:trojan-activity;sid:83669829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806730/; classtype:trojan-activity;sid:83669830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806717/; classtype:trojan-activity;sid:83669817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806718/; classtype:trojan-activity;sid:83669818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806719/; classtype:trojan-activity;sid:83669819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806720/; classtype:trojan-activity;sid:83669820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.i686"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806721/; classtype:trojan-activity;sid:83669821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm7"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806722/; classtype:trojan-activity;sid:83669822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm4"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806723/; classtype:trojan-activity;sid:83669823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806724/; classtype:trojan-activity;sid:83669824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm5"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806714/; classtype:trojan-activity;sid:83669814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.sparc"; depth:12; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806715/; classtype:trojan-activity;sid:83669815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.mips"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806716/; classtype:trojan-activity;sid:83669816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806712/; classtype:trojan-activity;sid:83669812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.ppc"; depth:10; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806713/; classtype:trojan-activity;sid:83669813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlarm5"; depth:14; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806705/; classtype:trojan-activity;sid:83669805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.m68k"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806706/; classtype:trojan-activity;sid:83669806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlarm6"; depth:14; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806707/; classtype:trojan-activity;sid:83669807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806708/; classtype:trojan-activity;sid:83669808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.x86"; depth:10; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806709/; classtype:trojan-activity;sid:83669809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806710/; classtype:trojan-activity;sid:83669810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806711/; classtype:trojan-activity;sid:83669811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlppc"; depth:13; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806696/; classtype:trojan-activity;sid:83669796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlm68k"; depth:14; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806697/; classtype:trojan-activity;sid:83669797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlx86"; depth:13; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806698/; classtype:trojan-activity;sid:83669798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlsh4"; depth:13; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806699/; classtype:trojan-activity;sid:83669799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlmpsl"; depth:14; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806700/; classtype:trojan-activity;sid:83669800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlspc"; depth:13; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806701/; classtype:trojan-activity;sid:83669801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlarm"; depth:13; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806702/; classtype:trojan-activity;sid:83669802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlarm7"; depth:14; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806703/; classtype:trojan-activity;sid:83669803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lawlmips"; depth:14; endswith; nocase; http.host; content:"205.185.121.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806704/; classtype:trojan-activity;sid:83669804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.mpsl"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806694/; classtype:trojan-activity;sid:83669794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.sh4"; depth:10; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806695/; classtype:trojan-activity;sid:83669795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806691/; classtype:trojan-activity;sid:83669791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806692/; classtype:trojan-activity;sid:83669792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806693/; classtype:trojan-activity;sid:83669793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806689/; classtype:trojan-activity;sid:83669789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"188.119.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806690/; classtype:trojan-activity;sid:83669790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm6"; depth:11; endswith; nocase; http.host; content:"192.54.57.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806687/; classtype:trojan-activity;sid:83669787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"45.128.232.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806688/; classtype:trojan-activity;sid:83669788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.198.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806686/; classtype:trojan-activity;sid:83669786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.21.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806685/; classtype:trojan-activity;sid:83669785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806684/; classtype:trojan-activity;sid:83669784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.57.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806683/; classtype:trojan-activity;sid:83669783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.153.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806682/; classtype:trojan-activity;sid:83669782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.64.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806681/; classtype:trojan-activity;sid:83669781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.177.103.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806680/; classtype:trojan-activity;sid:83669780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.16.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806679/; classtype:trojan-activity;sid:83669779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806678/; classtype:trojan-activity;sid:83669778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.79.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806677/; classtype:trojan-activity;sid:83669777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.101.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806675/; classtype:trojan-activity;sid:83669775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.71.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806676/; classtype:trojan-activity;sid:83669776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.240.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806674/; classtype:trojan-activity;sid:83669774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806673/; classtype:trojan-activity;sid:83669773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.57.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806672/; classtype:trojan-activity;sid:83669772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.108.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806671/; classtype:trojan-activity;sid:83669771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.198.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806670/; classtype:trojan-activity;sid:83669770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.21.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806669/; classtype:trojan-activity;sid:83669769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806668/; classtype:trojan-activity;sid:83669768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.179.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806667/; classtype:trojan-activity;sid:83669767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.26.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806666/; classtype:trojan-activity;sid:83669766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.72.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806665/; classtype:trojan-activity;sid:83669765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.190.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806664/; classtype:trojan-activity;sid:83669764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.195.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806663/; classtype:trojan-activity;sid:83669763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.50.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806662/; classtype:trojan-activity;sid:83669762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.174.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806661/; classtype:trojan-activity;sid:83669761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.195.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806660/; classtype:trojan-activity;sid:83669760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.164.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806659/; classtype:trojan-activity;sid:83669759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.26.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806658/; classtype:trojan-activity;sid:83669758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.127.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806656/; classtype:trojan-activity;sid:83669756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.85.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806657/; classtype:trojan-activity;sid:83669757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.73.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806655/; classtype:trojan-activity;sid:83669755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.111.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806654/; classtype:trojan-activity;sid:83669754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.95.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806653/; classtype:trojan-activity;sid:83669753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.179.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806652/; classtype:trojan-activity;sid:83669752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.177.103.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806651/; classtype:trojan-activity;sid:83669751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.136.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806650/; classtype:trojan-activity;sid:83669750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.91.248.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806649/; classtype:trojan-activity;sid:83669749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.50.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806648/; classtype:trojan-activity;sid:83669748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.99.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806647/; classtype:trojan-activity;sid:83669747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.208.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806646/; classtype:trojan-activity;sid:83669746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.186.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806645/; classtype:trojan-activity;sid:83669745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.147.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806644/; classtype:trojan-activity;sid:83669744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.45.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806642/; classtype:trojan-activity;sid:83669742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.116.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806643/; classtype:trojan-activity;sid:83669743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.186.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806640/; classtype:trojan-activity;sid:83669740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.136.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806641/; classtype:trojan-activity;sid:83669741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.122.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806639/; classtype:trojan-activity;sid:83669739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.227.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806638/; classtype:trojan-activity;sid:83669738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.208.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806637/; classtype:trojan-activity;sid:83669737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.85.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806636/; classtype:trojan-activity;sid:83669736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.53.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806635/; classtype:trojan-activity;sid:83669735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.95.228.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806634/; classtype:trojan-activity;sid:83669734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.116.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806633/; classtype:trojan-activity;sid:83669733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.45.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806632/; classtype:trojan-activity;sid:83669732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"38.6.224.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806631/; classtype:trojan-activity;sid:83669731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.146.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806630/; classtype:trojan-activity;sid:83669730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.168.238.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806629/; classtype:trojan-activity;sid:83669729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.206.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806628/; classtype:trojan-activity;sid:83669728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.85.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806627/; classtype:trojan-activity;sid:83669727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.122.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806626/; classtype:trojan-activity;sid:83669726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.227.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806625/; classtype:trojan-activity;sid:83669725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806624/; classtype:trojan-activity;sid:83669724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.181.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806623/; classtype:trojan-activity;sid:83669723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.17.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806622/; classtype:trojan-activity;sid:83669722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xdtrg9nznzzb"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806621/; classtype:trojan-activity;sid:83669721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.148.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806620/; classtype:trojan-activity;sid:83669720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.81.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806619/; classtype:trojan-activity;sid:83669719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.134.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806618/; classtype:trojan-activity;sid:83669718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.23.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806617/; classtype:trojan-activity;sid:83669717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.253.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806616/; classtype:trojan-activity;sid:83669716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xw8okxlront6"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806615/; classtype:trojan-activity;sid:83669715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.176.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806613/; classtype:trojan-activity;sid:83669713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.78.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806614/; classtype:trojan-activity;sid:83669714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.112.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806612/; classtype:trojan-activity;sid:83669712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.60.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806611/; classtype:trojan-activity;sid:83669711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.134.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806610/; classtype:trojan-activity;sid:83669710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.28.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806609/; classtype:trojan-activity;sid:83669709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.150.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806608/; classtype:trojan-activity;sid:83669708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"wpda.loans.fishingreelinvestments.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806607/; classtype:trojan-activity;sid:83669707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.33.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806606/; classtype:trojan-activity;sid:83669706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.17.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806605/; classtype:trojan-activity;sid:83669705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.43.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806604/; classtype:trojan-activity;sid:83669704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.20.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806603/; classtype:trojan-activity;sid:83669703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.249.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806602/; classtype:trojan-activity;sid:83669702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.140.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806601/; classtype:trojan-activity;sid:83669701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.191.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806600/; classtype:trojan-activity;sid:83669700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.78.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806599/; classtype:trojan-activity;sid:83669699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.35.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806598/; classtype:trojan-activity;sid:83669698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.25.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806597/; classtype:trojan-activity;sid:83669697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.150.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806596/; classtype:trojan-activity;sid:83669696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.40.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806595/; classtype:trojan-activity;sid:83669695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.20.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806594/; classtype:trojan-activity;sid:83669694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.236.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806593/; classtype:trojan-activity;sid:83669693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.16.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806592/; classtype:trojan-activity;sid:83669692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.190.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806591/; classtype:trojan-activity;sid:83669691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.183.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806590/; classtype:trojan-activity;sid:83669690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.70.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806589/; classtype:trojan-activity;sid:83669689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lets.exe"; depth:9; endswith; nocase; http.host; content:"154.23.178.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806588/; classtype:trojan-activity;sid:83669688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lets.exe"; depth:9; endswith; nocase; http.host; content:"38.181.35.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806586/; classtype:trojan-activity;sid:83669686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lets.exe"; depth:9; endswith; nocase; http.host; content:"154.23.178.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806587/; classtype:trojan-activity;sid:83669687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.212.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806585/; classtype:trojan-activity;sid:83669685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.10.115.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806584/; classtype:trojan-activity;sid:83669684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.116.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806583/; classtype:trojan-activity;sid:83669683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.46.197.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806582/; classtype:trojan-activity;sid:83669682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.190.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806581/; classtype:trojan-activity;sid:83669681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.249.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806580/; classtype:trojan-activity;sid:83669680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.43.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806579/; classtype:trojan-activity;sid:83669679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.40.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806578/; classtype:trojan-activity;sid:83669678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.217.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806577/; classtype:trojan-activity;sid:83669677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.179.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806576/; classtype:trojan-activity;sid:83669676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.41.27.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806575/; classtype:trojan-activity;sid:83669675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.181.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806574/; classtype:trojan-activity;sid:83669674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.236.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806571/; classtype:trojan-activity;sid:83669671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.59.174.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806572/; classtype:trojan-activity;sid:83669672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.120.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806573/; classtype:trojan-activity;sid:83669673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"esdbz.loans.fishingreelinvestments.com"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806570/; classtype:trojan-activity;sid:83669670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.190.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806568/; classtype:trojan-activity;sid:83669668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806569/; classtype:trojan-activity;sid:83669669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.46.197.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806567/; classtype:trojan-activity;sid:83669667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.7.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806566/; classtype:trojan-activity;sid:83669666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.217.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806565/; classtype:trojan-activity;sid:83669665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.236.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806564/; classtype:trojan-activity;sid:83669664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.29.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806563/; classtype:trojan-activity;sid:83669663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.20.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806562/; classtype:trojan-activity;sid:83669662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.225.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806561/; classtype:trojan-activity;sid:83669661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.252.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806560/; classtype:trojan-activity;sid:83669660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.246.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806559/; classtype:trojan-activity;sid:83669659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.16.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806558/; classtype:trojan-activity;sid:83669658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.86.71.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806557/; classtype:trojan-activity;sid:83669657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.186.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806556/; classtype:trojan-activity;sid:83669656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"172.90.128.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806555/; classtype:trojan-activity;sid:83669655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.49.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806554/; classtype:trojan-activity;sid:83669654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.134.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806553/; classtype:trojan-activity;sid:83669653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.225.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806552/; classtype:trojan-activity;sid:83669652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.220.163.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806551/; classtype:trojan-activity;sid:83669651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.192.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806550/; classtype:trojan-activity;sid:83669650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.127.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806549/; classtype:trojan-activity;sid:83669649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.80.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806548/; classtype:trojan-activity;sid:83669648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.64.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806547/; classtype:trojan-activity;sid:83669647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.93.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806546/; classtype:trojan-activity;sid:83669646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.26.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806545/; classtype:trojan-activity;sid:83669645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.186.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806544/; classtype:trojan-activity;sid:83669644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.134.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806543/; classtype:trojan-activity;sid:83669643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"68.212.242.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806542/; classtype:trojan-activity;sid:83669642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xtsclvuddpyo"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806541/; classtype:trojan-activity;sid:83669641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.26.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806540/; classtype:trojan-activity;sid:83669640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.156.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806539/; classtype:trojan-activity;sid:83669639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.24.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806538/; classtype:trojan-activity;sid:83669638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.192.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806537/; classtype:trojan-activity;sid:83669637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.116.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806536/; classtype:trojan-activity;sid:83669636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.254.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806535/; classtype:trojan-activity;sid:83669635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.39.197.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806534/; classtype:trojan-activity;sid:83669634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.45.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806532/; classtype:trojan-activity;sid:83669632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.234.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806533/; classtype:trojan-activity;sid:83669633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.80.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806531/; classtype:trojan-activity;sid:83669631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.166.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806530/; classtype:trojan-activity;sid:83669630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.249.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806529/; classtype:trojan-activity;sid:83669629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"77.221.137.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806528/; classtype:trojan-activity;sid:83669628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"138.36.239.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806527/; classtype:trojan-activity;sid:83669627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sinfull"; depth:16; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806522/; classtype:trojan-activity;sid:83669622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/586"; depth:4; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806523/; classtype:trojan-activity;sid:83669623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sinfull"; depth:16; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806524/; classtype:trojan-activity;sid:83669624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sinfull"; depth:16; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806525/; classtype:trojan-activity;sid:83669625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sinfull"; depth:16; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806514/; classtype:trojan-activity;sid:83669614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sinfull"; depth:15; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806515/; classtype:trojan-activity;sid:83669615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sinfull"; depth:16; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806516/; classtype:trojan-activity;sid:83669616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806517/; classtype:trojan-activity;sid:83669617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806518/; classtype:trojan-activity;sid:83669618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806519/; classtype:trojan-activity;sid:83669619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806520/; classtype:trojan-activity;sid:83669620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sinfull"; depth:16; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806521/; classtype:trojan-activity;sid:83669621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sinfull"; depth:15; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806507/; classtype:trojan-activity;sid:83669607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806508/; classtype:trojan-activity;sid:83669608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sinfull"; depth:15; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806509/; classtype:trojan-activity;sid:83669609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sinfull"; depth:15; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806510/; classtype:trojan-activity;sid:83669610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806511/; classtype:trojan-activity;sid:83669611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm61"; depth:6; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806512/; classtype:trojan-activity;sid:83669612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"107.172.18.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806504/; classtype:trojan-activity;sid:83669604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sinfull"; depth:16; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806505/; classtype:trojan-activity;sid:83669605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"37.221.65.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806506/; classtype:trojan-activity;sid:83669606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sinfull"; depth:16; endswith; nocase; http.host; content:"91.92.240.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806502/; classtype:trojan-activity;sid:83669602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.170.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806499/; classtype:trojan-activity;sid:83669599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.186.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806498/; classtype:trojan-activity;sid:83669598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.58.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806497/; classtype:trojan-activity;sid:83669597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.166.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806496/; classtype:trojan-activity;sid:83669596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.122.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806495/; classtype:trojan-activity;sid:83669595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.235.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806494/; classtype:trojan-activity;sid:83669594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806493/; classtype:trojan-activity;sid:83669593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.247.130.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806492/; classtype:trojan-activity;sid:83669592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.4.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806491/; classtype:trojan-activity;sid:83669591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.61.103.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806489/; classtype:trojan-activity;sid:83669589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.2.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806490/; classtype:trojan-activity;sid:83669590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.156.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806488/; classtype:trojan-activity;sid:83669588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.89.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806487/; classtype:trojan-activity;sid:83669587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.232.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806486/; classtype:trojan-activity;sid:83669586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.103.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806485/; classtype:trojan-activity;sid:83669585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.122.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806484/; classtype:trojan-activity;sid:83669584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.39.197.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806483/; classtype:trojan-activity;sid:83669583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806482/; classtype:trojan-activity;sid:83669582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.58.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806481/; classtype:trojan-activity;sid:83669581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.254.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806480/; classtype:trojan-activity;sid:83669580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.234.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806479/; classtype:trojan-activity;sid:83669579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.249.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806478/; classtype:trojan-activity;sid:83669578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.45.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806477/; classtype:trojan-activity;sid:83669577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.248.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806476/; classtype:trojan-activity;sid:83669576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.166.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806475/; classtype:trojan-activity;sid:83669575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.186.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806473/; classtype:trojan-activity;sid:83669573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.83.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806474/; classtype:trojan-activity;sid:83669574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"iyi.loans.fishingreelinvestments.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806472/; classtype:trojan-activity;sid:83669572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.211.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806471/; classtype:trojan-activity;sid:83669571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.211.210.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806468/; classtype:trojan-activity;sid:83669568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.238.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806469/; classtype:trojan-activity;sid:83669569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.234.201.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806470/; classtype:trojan-activity;sid:83669570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.217.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806467/; classtype:trojan-activity;sid:83669567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.67.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806466/; classtype:trojan-activity;sid:83669566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.191.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806465/; classtype:trojan-activity;sid:83669565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xb1ah11cd2vy"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806464/; classtype:trojan-activity;sid:83669564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.181.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806463/; classtype:trojan-activity;sid:83669563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.23.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806462/; classtype:trojan-activity;sid:83669562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.23.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806460/; classtype:trojan-activity;sid:83669560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.217.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806461/; classtype:trojan-activity;sid:83669561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806459/; classtype:trojan-activity;sid:83669559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.191.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806458/; classtype:trojan-activity;sid:83669558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.80.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806457/; classtype:trojan-activity;sid:83669557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.174.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806456/; classtype:trojan-activity;sid:83669556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.116.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806455/; classtype:trojan-activity;sid:83669555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.232.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806454/; classtype:trojan-activity;sid:83669554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.23.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806453/; classtype:trojan-activity;sid:83669553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.27.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806452/; classtype:trojan-activity;sid:83669552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806451/; classtype:trojan-activity;sid:83669551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xde47duigzdh"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806450/; classtype:trojan-activity;sid:83669550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.1.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806449/; classtype:trojan-activity;sid:83669549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.249.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806446/; classtype:trojan-activity;sid:83669546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.11.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806447/; classtype:trojan-activity;sid:83669547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.53.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806448/; classtype:trojan-activity;sid:83669548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.48.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806445/; classtype:trojan-activity;sid:83669545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806444/; classtype:trojan-activity;sid:83669544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.50.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806443/; classtype:trojan-activity;sid:83669543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.21.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806442/; classtype:trojan-activity;sid:83669542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.168.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806441/; classtype:trojan-activity;sid:83669541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.27.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806440/; classtype:trojan-activity;sid:83669540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.34.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806439/; classtype:trojan-activity;sid:83669539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.60.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806438/; classtype:trojan-activity;sid:83669538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.78.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806437/; classtype:trojan-activity;sid:83669537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.48.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806436/; classtype:trojan-activity;sid:83669536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.168.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806435/; classtype:trojan-activity;sid:83669535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.3.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806434/; classtype:trojan-activity;sid:83669534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.78.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806433/; classtype:trojan-activity;sid:83669533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x7cweib9bhep"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806432/; classtype:trojan-activity;sid:83669532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.103.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806431/; classtype:trojan-activity;sid:83669531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.4.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806430/; classtype:trojan-activity;sid:83669530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.64.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806429/; classtype:trojan-activity;sid:83669529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.252.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806428/; classtype:trojan-activity;sid:83669528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806427/; classtype:trojan-activity;sid:83669527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.251.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806426/; classtype:trojan-activity;sid:83669526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.29.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806425/; classtype:trojan-activity;sid:83669525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806424/; classtype:trojan-activity;sid:83669524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.0.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806422/; classtype:trojan-activity;sid:83669522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.129.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806423/; classtype:trojan-activity;sid:83669523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.61.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806421/; classtype:trojan-activity;sid:83669521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.181.2.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806420/; classtype:trojan-activity;sid:83669520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.47.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806419/; classtype:trojan-activity;sid:83669519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.3.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806418/; classtype:trojan-activity;sid:83669518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x5gjuymvl7m2"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806417/; classtype:trojan-activity;sid:83669517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.230.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806416/; classtype:trojan-activity;sid:83669516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.47.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806415/; classtype:trojan-activity;sid:83669515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.55.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806414/; classtype:trojan-activity;sid:83669514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.64.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806413/; classtype:trojan-activity;sid:83669513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.229.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806412/; classtype:trojan-activity;sid:83669512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806411/; classtype:trojan-activity;sid:83669511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.181.2.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806410/; classtype:trojan-activity;sid:83669510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.45.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806408/; classtype:trojan-activity;sid:83669508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.137.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806409/; classtype:trojan-activity;sid:83669509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.114.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806407/; classtype:trojan-activity;sid:83669507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1hb1vko3nhj3lowxhwfzakzjdf3lmz_2c"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806406/; classtype:trojan-activity;sid:83669506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806405/; classtype:trojan-activity;sid:83669505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.ppc"; depth:16; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806397/; classtype:trojan-activity;sid:83669497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.spc"; depth:16; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806398/; classtype:trojan-activity;sid:83669498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.sh4"; depth:16; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806399/; classtype:trojan-activity;sid:83669499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boat.arm7"; depth:10; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806400/; classtype:trojan-activity;sid:83669500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bruh.mpsl"; depth:10; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806401/; classtype:trojan-activity;sid:83669501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.m68k"; depth:17; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806402/; classtype:trojan-activity;sid:83669502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.x86"; depth:11; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806403/; classtype:trojan-activity;sid:83669503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet"; depth:7; endswith; nocase; http.host; content:"103.188.244.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806404/; classtype:trojan-activity;sid:83669504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806396/; classtype:trojan-activity;sid:83669496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.55.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806395/; classtype:trojan-activity;sid:83669495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.46.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806394/; classtype:trojan-activity;sid:83669494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klounada.exe"; depth:13; endswith; nocase; http.host; content:"roundcube.custommarinesvcs.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806393/; classtype:trojan-activity;sid:83669493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.144.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806392/; classtype:trojan-activity;sid:83669492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.47.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806391/; classtype:trojan-activity;sid:83669491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.198.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806390/; classtype:trojan-activity;sid:83669490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.41.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806389/; classtype:trojan-activity;sid:83669489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.239.60.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806388/; classtype:trojan-activity;sid:83669488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.76.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806387/; classtype:trojan-activity;sid:83669487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.246.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806386/; classtype:trojan-activity;sid:83669486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.34.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806385/; classtype:trojan-activity;sid:83669485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.105.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806384/; classtype:trojan-activity;sid:83669484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.29.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806383/; classtype:trojan-activity;sid:83669483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.189.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806382/; classtype:trojan-activity;sid:83669482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.48.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806381/; classtype:trojan-activity;sid:83669481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.46.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806380/; classtype:trojan-activity;sid:83669480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.117.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806379/; classtype:trojan-activity;sid:83669479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.105.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806378/; classtype:trojan-activity;sid:83669478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.183.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806377/; classtype:trojan-activity;sid:83669477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.38.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806376/; classtype:trojan-activity;sid:83669476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.198.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806375/; classtype:trojan-activity;sid:83669475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.16.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806374/; classtype:trojan-activity;sid:83669474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.21.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806373/; classtype:trojan-activity;sid:83669473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xrmat80dlhcr"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806372/; classtype:trojan-activity;sid:83669472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xnk8fpm1trny"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806371/; classtype:trojan-activity;sid:83669471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.179.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806370/; classtype:trojan-activity;sid:83669470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.5.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806369/; classtype:trojan-activity;sid:83669469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.51.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806368/; classtype:trojan-activity;sid:83669468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.54.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806367/; classtype:trojan-activity;sid:83669467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.214.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806366/; classtype:trojan-activity;sid:83669466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.59.119.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806365/; classtype:trojan-activity;sid:83669465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.16.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806364/; classtype:trojan-activity;sid:83669464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.44.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806363/; classtype:trojan-activity;sid:83669463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.38.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806362/; classtype:trojan-activity;sid:83669462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.66.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806361/; classtype:trojan-activity;sid:83669461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.152.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806360/; classtype:trojan-activity;sid:83669460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/l.sh"; depth:10; endswith; nocase; http.host; content:"45.95.146.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806359/; classtype:trojan-activity;sid:83669459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.51.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806358/; classtype:trojan-activity;sid:83669458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.21.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806357/; classtype:trojan-activity;sid:83669457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.63.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806355/; classtype:trojan-activity;sid:83669455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.249.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806356/; classtype:trojan-activity;sid:83669456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.27.35.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806354/; classtype:trojan-activity;sid:83669454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806353/; classtype:trojan-activity;sid:83669453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.98.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806352/; classtype:trojan-activity;sid:83669452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806351/; classtype:trojan-activity;sid:83669451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.152.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806350/; classtype:trojan-activity;sid:83669450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x5c0nbtb9z0g"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806349/; classtype:trojan-activity;sid:83669449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sql.zip"; depth:8; endswith; nocase; http.host; content:"23.81.41.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806348/; classtype:trojan-activity;sid:83669448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsinfo"; depth:9; endswith; nocase; http.host; content:"23.81.41.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806344/; classtype:trojan-activity;sid:83669444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.72.111.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806345/; classtype:trojan-activity;sid:83669445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"23.81.41.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806346/; classtype:trojan-activity;sid:83669446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.171.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806347/; classtype:trojan-activity;sid:83669447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.3.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806343/; classtype:trojan-activity;sid:83669443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wavelength54/topu/downloads/was.ps1"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806342/; classtype:trojan-activity;sid:83669442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.spc"; depth:53; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806340/; classtype:trojan-activity;sid:83669440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.arm"; depth:53; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806341/; classtype:trojan-activity;sid:83669441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806339/; classtype:trojan-activity;sid:83669439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.115.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806338/; classtype:trojan-activity;sid:83669438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806337/; classtype:trojan-activity;sid:83669437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.exe"; depth:8; endswith; nocase; http.host; content:"123.207.219.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806336/; classtype:trojan-activity;sid:83669436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv8"; depth:6; endswith; nocase; http.host; content:"123.207.219.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806334/; classtype:trojan-activity;sid:83669434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux86"; depth:8; endswith; nocase; http.host; content:"123.207.219.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806335/; classtype:trojan-activity;sid:83669435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux64"; depth:8; endswith; nocase; http.host; content:"123.207.219.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806333/; classtype:trojan-activity;sid:83669433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"123.207.219.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806331/; classtype:trojan-activity;sid:83669431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7"; depth:6; endswith; nocase; http.host; content:"123.207.219.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806332/; classtype:trojan-activity;sid:83669432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.109.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806330/; classtype:trojan-activity;sid:83669430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.121.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806329/; classtype:trojan-activity;sid:83669429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.199.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806328/; classtype:trojan-activity;sid:83669428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.58.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806327/; classtype:trojan-activity;sid:83669427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806326/; classtype:trojan-activity;sid:83669426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-freebsd-386"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806324/; classtype:trojan-activity;sid:83669424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-netbsd-386"; depth:17; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806325/; classtype:trojan-activity;sid:83669425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-freebsd-amd64"; depth:20; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806323/; classtype:trojan-activity;sid:83669423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-netbsd-amd64"; depth:19; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806322/; classtype:trojan-activity;sid:83669422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-armv7"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806318/; classtype:trojan-activity;sid:83669418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-mips64"; depth:19; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806319/; classtype:trojan-activity;sid:83669419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-openbsd-arm"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806320/; classtype:trojan-activity;sid:83669420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-openbsd-amd64"; depth:20; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806321/; classtype:trojan-activity;sid:83669421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-arm64"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806312/; classtype:trojan-activity;sid:83669412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-armv6"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806313/; classtype:trojan-activity;sid:83669413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-darwin-arm64"; depth:19; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806314/; classtype:trojan-activity;sid:83669414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-386"; depth:16; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806315/; classtype:trojan-activity;sid:83669415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-freebsd-arm"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806316/; classtype:trojan-activity;sid:83669416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-ppc64le"; depth:20; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806317/; classtype:trojan-activity;sid:83669417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-dragonfly-amd64"; depth:22; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806311/; classtype:trojan-activity;sid:83669411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-mipsle"; depth:19; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806310/; classtype:trojan-activity;sid:83669410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-netbsd-arm"; depth:17; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806309/; classtype:trojan-activity;sid:83669409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-ppc64"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806307/; classtype:trojan-activity;sid:83669407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-mips64le"; depth:21; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806308/; classtype:trojan-activity;sid:83669408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-mips"; depth:17; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806301/; classtype:trojan-activity;sid:83669401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-arm"; depth:16; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806302/; classtype:trojan-activity;sid:83669402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-amd64"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806303/; classtype:trojan-activity;sid:83669403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-linux-armv5"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806304/; classtype:trojan-activity;sid:83669404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-darwin-amd64"; depth:19; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806305/; classtype:trojan-activity;sid:83669405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsh-openbsd-386"; depth:18; endswith; nocase; http.host; content:"89.190.156.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806306/; classtype:trojan-activity;sid:83669406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.12.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806300/; classtype:trojan-activity;sid:83669400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.211.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806299/; classtype:trojan-activity;sid:83669399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"169.239.130.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806298/; classtype:trojan-activity;sid:83669398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.215.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806297/; classtype:trojan-activity;sid:83669397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.240.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806296/; classtype:trojan-activity;sid:83669396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.157.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806295/; classtype:trojan-activity;sid:83669395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.109.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806294/; classtype:trojan-activity;sid:83669394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xmeqeiwjg404"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806293/; classtype:trojan-activity;sid:83669393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-mips"; depth:13; endswith; nocase; http.host; content:"179.43.168.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806292/; classtype:trojan-activity;sid:83669392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.18.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806290/; classtype:trojan-activity;sid:83669390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.104.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806291/; classtype:trojan-activity;sid:83669391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.117.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806289/; classtype:trojan-activity;sid:83669389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.187.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806288/; classtype:trojan-activity;sid:83669388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.205.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806287/; classtype:trojan-activity;sid:83669387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.235.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806286/; classtype:trojan-activity;sid:83669386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.214.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806285/; classtype:trojan-activity;sid:83669385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.255.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806284/; classtype:trojan-activity;sid:83669384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.114.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806283/; classtype:trojan-activity;sid:83669383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.84.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806282/; classtype:trojan-activity;sid:83669382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.15.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806281/; classtype:trojan-activity;sid:83669381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.136.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806280/; classtype:trojan-activity;sid:83669380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.62.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806279/; classtype:trojan-activity;sid:83669379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.txt"; depth:6; endswith; nocase; http.host; content:"169.239.130.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806278/; classtype:trojan-activity;sid:83669378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.x86"; depth:16; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806275/; classtype:trojan-activity;sid:83669375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.mips"; depth:54; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806276/; classtype:trojan-activity;sid:83669376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.mips"; depth:17; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806277/; classtype:trojan-activity;sid:83669377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806273/; classtype:trojan-activity;sid:83669373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86"; depth:53; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806274/; classtype:trojan-activity;sid:83669374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.arm6"; depth:54; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806271/; classtype:trojan-activity;sid:83669371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806272/; classtype:trojan-activity;sid:83669372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806268/; classtype:trojan-activity;sid:83669368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.arm7"; depth:54; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806269/; classtype:trojan-activity;sid:83669369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806270/; classtype:trojan-activity;sid:83669370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-mipsel"; depth:15; endswith; nocase; http.host; content:"179.43.168.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806264/; classtype:trojan-activity;sid:83669364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arms7"; depth:6; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806265/; classtype:trojan-activity;sid:83669365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i568"; depth:5; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806266/; classtype:trojan-activity;sid:83669366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.arm7"; depth:17; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806267/; classtype:trojan-activity;sid:83669367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.m68k"; depth:54; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806262/; classtype:trojan-activity;sid:83669362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.arm6"; depth:17; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806263/; classtype:trojan-activity;sid:83669363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806255/; classtype:trojan-activity;sid:83669355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.arm5"; depth:54; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806256/; classtype:trojan-activity;sid:83669356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806257/; classtype:trojan-activity;sid:83669357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.arm"; depth:16; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806258/; classtype:trojan-activity;sid:83669358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806259/; classtype:trojan-activity;sid:83669359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806260/; classtype:trojan-activity;sid:83669360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"23.94.148.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806261/; classtype:trojan-activity;sid:83669361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.ppc"; depth:53; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806253/; classtype:trojan-activity;sid:83669353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.mpsl"; depth:54; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806254/; classtype:trojan-activity;sid:83669354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x32"; depth:4; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806249/; classtype:trojan-activity;sid:83669349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s"; depth:2; endswith; nocase; http.host; content:"45.95.146.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806250/; classtype:trojan-activity;sid:83669350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.arm5"; depth:17; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806251/; classtype:trojan-activity;sid:83669351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.sh4"; depth:53; endswith; nocase; http.host; content:"185.216.70.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806252/; classtype:trojan-activity;sid:83669352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mkwasz.mpsl"; depth:17; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806248/; classtype:trojan-activity;sid:83669348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.157.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806247/; classtype:trojan-activity;sid:83669347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.74.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806246/; classtype:trojan-activity;sid:83669346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.24.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806245/; classtype:trojan-activity;sid:83669345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.62.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806244/; classtype:trojan-activity;sid:83669344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.150.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806243/; classtype:trojan-activity;sid:83669343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.117.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806242/; classtype:trojan-activity;sid:83669342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.121.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806241/; classtype:trojan-activity;sid:83669341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.216.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806239/; classtype:trojan-activity;sid:83669339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.15.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806240/; classtype:trojan-activity;sid:83669340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.215.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806238/; classtype:trojan-activity;sid:83669338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.134.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806237/; classtype:trojan-activity;sid:83669337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.205.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806236/; classtype:trojan-activity;sid:83669336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/386/kthreadrm"; depth:14; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806225/; classtype:trojan-activity;sid:83669325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm64/kthreadrm"; depth:16; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806226/; classtype:trojan-activity;sid:83669326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64le/kthreadrm"; depth:18; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806227/; classtype:trojan-activity;sid:83669327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips/kthreadrm"; depth:15; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806228/; classtype:trojan-activity;sid:83669328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64/kthreadrm"; depth:16; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806229/; classtype:trojan-activity;sid:83669329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm/kthreadrm"; depth:14; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806230/; classtype:trojan-activity;sid:83669330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l/kthreadrm"; depth:17; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806231/; classtype:trojan-activity;sid:83669331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64/kthreadrm"; depth:16; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806232/; classtype:trojan-activity;sid:83669332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64le/kthreadrm"; depth:19; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806233/; classtype:trojan-activity;sid:83669333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64/kthreadrm"; depth:17; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806234/; classtype:trojan-activity;sid:83669334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64/kthreadrm"; depth:17; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806235/; classtype:trojan-activity;sid:83669335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsle/kthreadrm"; depth:17; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806224/; classtype:trojan-activity;sid:83669324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.18.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806223/; classtype:trojan-activity;sid:83669323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.24.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806222/; classtype:trojan-activity;sid:83669322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.235.158.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806220/; classtype:trojan-activity;sid:83669320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.60.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806221/; classtype:trojan-activity;sid:83669321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.150.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806219/; classtype:trojan-activity;sid:83669319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806218/; classtype:trojan-activity;sid:83669318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/386/rls"; depth:8; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806217/; classtype:trojan-activity;sid:83669317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.238.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806216/; classtype:trojan-activity;sid:83669316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.171.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806215/; classtype:trojan-activity;sid:83669315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win/svhostrm.exe"; depth:17; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806213/; classtype:trojan-activity;sid:83669313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64/rld"; depth:11; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806214/; classtype:trojan-activity;sid:83669314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.226.154.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806212/; classtype:trojan-activity;sid:83669312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.34.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806211/; classtype:trojan-activity;sid:83669311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.58.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806210/; classtype:trojan-activity;sid:83669310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64/rls"; depth:10; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806207/; classtype:trojan-activity;sid:83669307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l/rls"; depth:11; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806208/; classtype:trojan-activity;sid:83669308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm64/rls"; depth:10; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806209/; classtype:trojan-activity;sid:83669309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s390x/rls"; depth:10; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806206/; classtype:trojan-activity;sid:83669306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.26.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806205/; classtype:trojan-activity;sid:83669305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.56.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806204/; classtype:trojan-activity;sid:83669304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.11.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806203/; classtype:trojan-activity;sid:83669303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.52.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806202/; classtype:trojan-activity;sid:83669302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806200/; classtype:trojan-activity;sid:83669300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806201/; classtype:trojan-activity;sid:83669301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/trustlauncher.rar"; depth:23; endswith; nocase; http.host; content:"exitussolution.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806199/; classtype:trojan-activity;sid:83669299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.12.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806197/; classtype:trojan-activity;sid:83669297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m0804t/wininit.exe"; depth:19; endswith; nocase; http.host; content:"192.3.95.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806198/; classtype:trojan-activity;sid:83669298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/kjk/weareverybeautifulgirlsxygirlwantokissmeharderthanbeforetogetmeback___sheisverybeeautifulgirlforme.doc"; depth:113; endswith; nocase; http.host; content:"192.3.95.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806196/; classtype:trojan-activity;sid:83669296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806195/; classtype:trojan-activity;sid:83669295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.180.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806194/; classtype:trojan-activity;sid:83669294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806193/; classtype:trojan-activity;sid:83669293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806192/; classtype:trojan-activity;sid:83669292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806190/; classtype:trojan-activity;sid:83669290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806191/; classtype:trojan-activity;sid:83669291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.12.206.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806189/; classtype:trojan-activity;sid:83669289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.43.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806188/; classtype:trojan-activity;sid:83669288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.217.151.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806186/; classtype:trojan-activity;sid:83669286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.196.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806187/; classtype:trojan-activity;sid:83669287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/cards/660a48f3ed8f660125aa4d31/attachments/66153df02cfa1d750cac2cfc/download/cccc.exe"; depth:88; endswith; nocase; http.host; content:"trello.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806185/; classtype:trojan-activity;sid:83669285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig.git"; depth:16; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806183/; classtype:trojan-activity;sid:83669283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.2.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806184/; classtype:trojan-activity;sid:83669284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.22.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806182/; classtype:trojan-activity;sid:83669282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806181/; classtype:trojan-activity;sid:83669281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.111.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806180/; classtype:trojan-activity;sid:83669280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.235.158.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806179/; classtype:trojan-activity;sid:83669279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.8.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806178/; classtype:trojan-activity;sid:83669278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xvonqe15fxnp"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806177/; classtype:trojan-activity;sid:83669277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.22.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806176/; classtype:trojan-activity;sid:83669276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806175/; classtype:trojan-activity;sid:83669275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.12.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806174/; classtype:trojan-activity;sid:83669274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.214.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806173/; classtype:trojan-activity;sid:83669273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.189.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806172/; classtype:trojan-activity;sid:83669272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.56.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806171/; classtype:trojan-activity;sid:83669271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806169/; classtype:trojan-activity;sid:83669269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806170/; classtype:trojan-activity;sid:83669270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.2.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806168/; classtype:trojan-activity;sid:83669268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.109.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806167/; classtype:trojan-activity;sid:83669267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.150"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806166/; classtype:trojan-activity;sid:83669266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"2.57.122.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806165/; classtype:trojan-activity;sid:83669265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806164/; classtype:trojan-activity;sid:83669264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.196.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806162/; classtype:trojan-activity;sid:83669262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.33.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806163/; classtype:trojan-activity;sid:83669263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"qevbw.loans.fishingreelinvestments.com"; depth:38; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806161/; classtype:trojan-activity;sid:83669261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"rdyqq.places.creeksidehuntingpreserve.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806160/; classtype:trojan-activity;sid:83669260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.76.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806159/; classtype:trojan-activity;sid:83669259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806158/; classtype:trojan-activity;sid:83669258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mardin47"; depth:9; endswith; nocase; http.host; content:"45.131.111.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806157/; classtype:trojan-activity;sid:83669257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.22.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806156/; classtype:trojan-activity;sid:83669256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.arm4"; depth:11; endswith; nocase; http.host; content:"91.92.252.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806154/; classtype:trojan-activity;sid:83669254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.ppc"; depth:10; endswith; nocase; http.host; content:"91.92.252.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806155/; classtype:trojan-activity;sid:83669255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.arm5"; depth:11; endswith; nocase; http.host; content:"91.92.252.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806148/; classtype:trojan-activity;sid:83669248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.arm6"; depth:11; endswith; nocase; http.host; content:"91.92.252.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806149/; classtype:trojan-activity;sid:83669249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.sparc"; depth:12; endswith; nocase; http.host; content:"91.92.252.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806150/; classtype:trojan-activity;sid:83669250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.mips"; depth:11; endswith; nocase; http.host; content:"91.92.252.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806151/; classtype:trojan-activity;sid:83669251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.x86"; depth:10; endswith; nocase; http.host; content:"91.92.252.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806152/; classtype:trojan-activity;sid:83669252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.mpsl"; depth:11; endswith; nocase; http.host; content:"91.92.252.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806153/; classtype:trojan-activity;sid:83669253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.245.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806146/; classtype:trojan-activity;sid:83669246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.189.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806147/; classtype:trojan-activity;sid:83669247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.214.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806145/; classtype:trojan-activity;sid:83669245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.217.151.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806143/; classtype:trojan-activity;sid:83669243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.175.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806144/; classtype:trojan-activity;sid:83669244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.105.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806142/; classtype:trojan-activity;sid:83669242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.134.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806141/; classtype:trojan-activity;sid:83669241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.21.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806140/; classtype:trojan-activity;sid:83669240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.11.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806139/; classtype:trojan-activity;sid:83669239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.105.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806138/; classtype:trojan-activity;sid:83669238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.109.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806137/; classtype:trojan-activity;sid:83669237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.38.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806136/; classtype:trojan-activity;sid:83669236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.130.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806135/; classtype:trojan-activity;sid:83669235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.11.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806134/; classtype:trojan-activity;sid:83669234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.45.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806133/; classtype:trojan-activity;sid:83669233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.212.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806132/; classtype:trojan-activity;sid:83669232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.33.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806131/; classtype:trojan-activity;sid:83669231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.178.147.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806130/; classtype:trojan-activity;sid:83669230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app.txt"; depth:8; endswith; nocase; http.host; content:"care-onboard.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806129/; classtype:trojan-activity;sid:83669229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.253.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806127/; classtype:trojan-activity;sid:83669227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.118.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806128/; classtype:trojan-activity;sid:83669228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.91.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806126/; classtype:trojan-activity;sid:83669226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logo5.jpg"; depth:10; endswith; nocase; http.host; content:"a0942874.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806125/; classtype:trojan-activity;sid:83669225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.175.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806124/; classtype:trojan-activity;sid:83669224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.0.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806123/; classtype:trojan-activity;sid:83669223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.126.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806122/; classtype:trojan-activity;sid:83669222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5ba4-tl%5d"; depth:12; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806119/; classtype:trojan-activity;sid:83669219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bi5%5d"; depth:9; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806120/; classtype:trojan-activity;sid:83669220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bx86%5d"; depth:10; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806121/; classtype:trojan-activity;sid:83669221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5ba5%5d"; depth:9; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806112/; classtype:trojan-activity;sid:83669212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bm68%5d"; depth:10; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806113/; classtype:trojan-activity;sid:83669213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5ba6%5d"; depth:9; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806114/; classtype:trojan-activity;sid:83669214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bppc%5d"; depth:10; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806115/; classtype:trojan-activity;sid:83669215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bsh%5d"; depth:9; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806116/; classtype:trojan-activity;sid:83669216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bms%5d"; depth:9; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806117/; classtype:trojan-activity;sid:83669217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bi6%5d"; depth:9; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806118/; classtype:trojan-activity;sid:83669218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bi4%5d"; depth:9; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806110/; classtype:trojan-activity;sid:83669210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bm64%5d"; depth:10; endswith; nocase; http.host; content:"91.92.253.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806111/; classtype:trojan-activity;sid:83669211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806109/; classtype:trojan-activity;sid:83669209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsle/rls"; depth:11; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806108/; classtype:trojan-activity;sid:83669208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64/rls"; depth:11; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806105/; classtype:trojan-activity;sid:83669205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64/rls"; depth:11; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806106/; classtype:trojan-activity;sid:83669206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64le/rls"; depth:13; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806107/; classtype:trojan-activity;sid:83669207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64/rls"; depth:10; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806101/; classtype:trojan-activity;sid:83669201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips/rls"; depth:9; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806102/; classtype:trojan-activity;sid:83669202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm/rls"; depth:8; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806103/; classtype:trojan-activity;sid:83669203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64le/rls"; depth:12; endswith; nocase; http.host; content:"91.92.251.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806104/; classtype:trojan-activity;sid:83669204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806100/; classtype:trojan-activity;sid:83669200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.133.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806097/; classtype:trojan-activity;sid:83669197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.141.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806098/; classtype:trojan-activity;sid:83669198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806099/; classtype:trojan-activity;sid:83669199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806095/; classtype:trojan-activity;sid:83669195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806096/; classtype:trojan-activity;sid:83669196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806093/; classtype:trojan-activity;sid:83669193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806094/; classtype:trojan-activity;sid:83669194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806091/; classtype:trojan-activity;sid:83669191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"91.92.252.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806092/; classtype:trojan-activity;sid:83669192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsdjcn3khs/plugins/clip64.dll"; depth:30; endswith; nocase; http.host; content:"atillapro.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806090/; classtype:trojan-activity;sid:83669190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5ef781521e8cfba/nss3.dll"; depth:26; endswith; nocase; http.host; content:"93.123.39.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806089/; classtype:trojan-activity;sid:83669189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5ef781521e8cfba/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"93.123.39.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806083/; classtype:trojan-activity;sid:83669183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5ef781521e8cfba/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"93.123.39.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806084/; classtype:trojan-activity;sid:83669184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5ef781521e8cfba/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"93.123.39.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806085/; classtype:trojan-activity;sid:83669185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5ef781521e8cfba/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"93.123.39.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806086/; classtype:trojan-activity;sid:83669186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsdjcn3khs/plugins/cred64.dll"; depth:30; endswith; nocase; http.host; content:"atillapro.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806087/; classtype:trojan-activity;sid:83669187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5ef781521e8cfba/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"93.123.39.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806088/; classtype:trojan-activity;sid:83669188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5ef781521e8cfba/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"93.123.39.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806082/; classtype:trojan-activity;sid:83669182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.230.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806081/; classtype:trojan-activity;sid:83669181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.36.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806080/; classtype:trojan-activity;sid:83669180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.173.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806079/; classtype:trojan-activity;sid:83669179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.96.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806078/; classtype:trojan-activity;sid:83669178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.236.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806077/; classtype:trojan-activity;sid:83669177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806076/; classtype:trojan-activity;sid:83669176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.5.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806075/; classtype:trojan-activity;sid:83669175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806074/; classtype:trojan-activity;sid:83669174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806073/; classtype:trojan-activity;sid:83669173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806072/; classtype:trojan-activity;sid:83669172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806071/; classtype:trojan-activity;sid:83669171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_aarch64"; depth:14; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806070/; classtype:trojan-activity;sid:83669170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806069/; classtype:trojan-activity;sid:83669169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806068/; classtype:trojan-activity;sid:83669168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806067/; classtype:trojan-activity;sid:83669167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806066/; classtype:trojan-activity;sid:83669166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806065/; classtype:trojan-activity;sid:83669165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"137.220.202.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806064/; classtype:trojan-activity;sid:83669164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.6.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806063/; classtype:trojan-activity;sid:83669163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.90.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806062/; classtype:trojan-activity;sid:83669162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.52.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806060/; classtype:trojan-activity;sid:83669160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806061/; classtype:trojan-activity;sid:83669161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.251.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806059/; classtype:trojan-activity;sid:83669159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806058/; classtype:trojan-activity;sid:83669158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.36.175.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806057/; classtype:trojan-activity;sid:83669157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.212.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806056/; classtype:trojan-activity;sid:83669156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.151.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806055/; classtype:trojan-activity;sid:83669155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.6.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806054/; classtype:trojan-activity;sid:83669154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.0.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806053/; classtype:trojan-activity;sid:83669153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.141.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806052/; classtype:trojan-activity;sid:83669152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.145.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806051/; classtype:trojan-activity;sid:83669151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806050/; classtype:trojan-activity;sid:83669150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806048/; classtype:trojan-activity;sid:83669148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806049/; classtype:trojan-activity;sid:83669149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806039/; classtype:trojan-activity;sid:83669139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806040/; classtype:trojan-activity;sid:83669140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806041/; classtype:trojan-activity;sid:83669141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806042/; classtype:trojan-activity;sid:83669142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806043/; classtype:trojan-activity;sid:83669143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806044/; classtype:trojan-activity;sid:83669144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806045/; classtype:trojan-activity;sid:83669145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806046/; classtype:trojan-activity;sid:83669146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"3.27.203.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806047/; classtype:trojan-activity;sid:83669147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.251.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806038/; classtype:trojan-activity;sid:83669138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806037/; classtype:trojan-activity;sid:83669137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.149.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806036/; classtype:trojan-activity;sid:83669136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.151.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806035/; classtype:trojan-activity;sid:83669135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.230.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806034/; classtype:trojan-activity;sid:83669134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.26.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806033/; classtype:trojan-activity;sid:83669133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.174.117.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806032/; classtype:trojan-activity;sid:83669132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.230.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806031/; classtype:trojan-activity;sid:83669131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"95.164.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806027/; classtype:trojan-activity;sid:83669127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ar"; depth:3; endswith; nocase; http.host; content:"95.164.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806028/; classtype:trojan-activity;sid:83669128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3"; depth:2; endswith; nocase; http.host; content:"95.164.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806029/; classtype:trojan-activity;sid:83669129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mi"; depth:3; endswith; nocase; http.host; content:"95.164.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806030/; classtype:trojan-activity;sid:83669130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.95.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806026/; classtype:trojan-activity;sid:83669126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.149.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806025/; classtype:trojan-activity;sid:83669125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806023/; classtype:trojan-activity;sid:83669123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.210.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806024/; classtype:trojan-activity;sid:83669124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.20.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806022/; classtype:trojan-activity;sid:83669122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy/xmrig-proxy"; depth:18; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806018/; classtype:trojan-activity;sid:83669118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/banner"; depth:17; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806019/; classtype:trojan-activity;sid:83669119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/network"; depth:10; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806020/; classtype:trojan-activity;sid:83669120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i/ps"; depth:5; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806021/; classtype:trojan-activity;sid:83669121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/s"; depth:4; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806017/; classtype:trojan-activity;sid:83669117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/cron"; depth:7; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806016/; classtype:trojan-activity;sid:83669116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan.tar"; depth:14; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806015/; classtype:trojan-activity;sid:83669115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/sc.tar"; depth:12; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806014/; classtype:trojan-activity;sid:83669114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan2.tar"; depth:15; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806011/; classtype:trojan-activity;sid:83669111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/brute"; depth:16; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806012/; classtype:trojan-activity;sid:83669112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scc.tar"; depth:13; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806013/; classtype:trojan-activity;sid:83669113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scannou.tar"; depth:17; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806007/; classtype:trojan-activity;sid:83669107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scandudu.tar"; depth:18; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806008/; classtype:trojan-activity;sid:83669108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/key"; depth:4; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806009/; classtype:trojan-activity;sid:83669109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806010/; classtype:trojan-activity;sid:83669110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/masscan"; depth:18; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806006/; classtype:trojan-activity;sid:83669106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i/pass"; depth:7; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806005/; classtype:trojan-activity;sid:83669105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/pass"; depth:15; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806001/; classtype:trojan-activity;sid:83669101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/ports"; depth:16; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806002/; classtype:trojan-activity;sid:83669102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magic"; depth:6; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806003/; classtype:trojan-activity;sid:83669103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/sis"; depth:14; endswith; nocase; http.host; content:"vvnnmm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806004/; classtype:trojan-activity;sid:83669104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.213.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806000/; classtype:trojan-activity;sid:83669100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.210.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805999/; classtype:trojan-activity;sid:83669099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.206.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805998/; classtype:trojan-activity;sid:83669098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805997/; classtype:trojan-activity;sid:83669097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.206.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805996/; classtype:trojan-activity;sid:83669096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.247.85.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805995/; classtype:trojan-activity;sid:83669095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.189.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805994/; classtype:trojan-activity;sid:83669094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.187.201.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805993/; classtype:trojan-activity;sid:83669093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.211.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805992/; classtype:trojan-activity;sid:83669092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.31.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805991/; classtype:trojan-activity;sid:83669091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.129.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805990/; classtype:trojan-activity;sid:83669090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.148.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805989/; classtype:trojan-activity;sid:83669089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.194.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805988/; classtype:trojan-activity;sid:83669088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.249.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805987/; classtype:trojan-activity;sid:83669087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.196.143.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805986/; classtype:trojan-activity;sid:83669086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805985/; classtype:trojan-activity;sid:83669085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.138.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805984/; classtype:trojan-activity;sid:83669084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.164.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805983/; classtype:trojan-activity;sid:83669083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.70.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805982/; classtype:trojan-activity;sid:83669082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.45.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805980/; classtype:trojan-activity;sid:83669080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.28.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805981/; classtype:trojan-activity;sid:83669081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.211.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805979/; classtype:trojan-activity;sid:83669079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.196.143.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805978/; classtype:trojan-activity;sid:83669078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805976/; classtype:trojan-activity;sid:83669076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.69.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805977/; classtype:trojan-activity;sid:83669077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.47.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805975/; classtype:trojan-activity;sid:83669075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805974/; classtype:trojan-activity;sid:83669074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.51.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805973/; classtype:trojan-activity;sid:83669073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805968/; classtype:trojan-activity;sid:83669068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805969/; classtype:trojan-activity;sid:83669069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm.nn"; depth:7; endswith; nocase; http.host; content:"94.156.67.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805970/; classtype:trojan-activity;sid:83669070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5.nn"; depth:8; endswith; nocase; http.host; content:"94.156.67.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805971/; classtype:trojan-activity;sid:83669071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.nn"; depth:8; endswith; nocase; http.host; content:"94.156.67.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805972/; classtype:trojan-activity;sid:83669072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805963/; classtype:trojan-activity;sid:83669063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805964/; classtype:trojan-activity;sid:83669064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/watchdog"; depth:9; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805965/; classtype:trojan-activity;sid:83669065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805966/; classtype:trojan-activity;sid:83669066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mil"; depth:4; endswith; nocase; http.host; content:"94.156.67.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805967/; classtype:trojan-activity;sid:83669067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805952/; classtype:trojan-activity;sid:83669052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805953/; classtype:trojan-activity;sid:83669053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805954/; classtype:trojan-activity;sid:83669054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6.nn"; depth:8; endswith; nocase; http.host; content:"94.156.67.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805955/; classtype:trojan-activity;sid:83669055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805956/; classtype:trojan-activity;sid:83669056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805957/; classtype:trojan-activity;sid:83669057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805958/; classtype:trojan-activity;sid:83669058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805959/; classtype:trojan-activity;sid:83669059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x32"; depth:11; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805960/; classtype:trojan-activity;sid:83669060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7.nn"; depth:8; endswith; nocase; http.host; content:"94.156.67.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805961/; classtype:trojan-activity;sid:83669061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh4"; depth:11; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805962/; classtype:trojan-activity;sid:83669062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805948/; classtype:trojan-activity;sid:83669048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mpsl"; depth:12; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805949/; classtype:trojan-activity;sid:83669049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805950/; classtype:trojan-activity;sid:83669050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805951/; classtype:trojan-activity;sid:83669051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86_64"; depth:9; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805942/; classtype:trojan-activity;sid:83669042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mil"; depth:4; endswith; nocase; http.host; content:"95.164.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805943/; classtype:trojan-activity;sid:83669043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm7"; depth:7; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805944/; classtype:trojan-activity;sid:83669044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smips"; depth:7; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805945/; classtype:trojan-activity;sid:83669045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805946/; classtype:trojan-activity;sid:83669046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm6"; depth:7; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805947/; classtype:trojan-activity;sid:83669047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"94.156.65.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805939/; classtype:trojan-activity;sid:83669039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805940/; classtype:trojan-activity;sid:83669040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"91.92.252.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805941/; classtype:trojan-activity;sid:83669041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smpsl"; depth:7; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805936/; classtype:trojan-activity;sid:83669036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sarm5"; depth:7; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805937/; classtype:trojan-activity;sid:83669037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sppc"; depth:6; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805938/; classtype:trojan-activity;sid:83669038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sspc"; depth:6; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805934/; classtype:trojan-activity;sid:83669034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sx86"; depth:6; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805935/; classtype:trojan-activity;sid:83669035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sm68k"; depth:7; endswith; nocase; http.host; content:"45.88.90.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805933/; classtype:trojan-activity;sid:83669033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805932/; classtype:trojan-activity;sid:83669032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805927/; classtype:trojan-activity;sid:83669027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805928/; classtype:trojan-activity;sid:83669028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805929/; classtype:trojan-activity;sid:83669029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805930/; classtype:trojan-activity;sid:83669030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.156.8.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805931/; classtype:trojan-activity;sid:83669031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.164.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805926/; classtype:trojan-activity;sid:83669026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.2.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805925/; classtype:trojan-activity;sid:83669025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.245.179.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805924/; classtype:trojan-activity;sid:83669024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.121.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805923/; classtype:trojan-activity;sid:83669023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.138.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805922/; classtype:trojan-activity;sid:83669022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.133.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805921/; classtype:trojan-activity;sid:83669021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.5.34.244"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805920/; classtype:trojan-activity;sid:83669020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.31.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805919/; classtype:trojan-activity;sid:83669019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.211.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805918/; classtype:trojan-activity;sid:83669018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.41.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805917/; classtype:trojan-activity;sid:83669017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805916/; classtype:trojan-activity;sid:83669016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.186.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805915/; classtype:trojan-activity;sid:83669015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.254.248.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805914/; classtype:trojan-activity;sid:83669014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.5.34.244"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805913/; classtype:trojan-activity;sid:83669013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.37.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805912/; classtype:trojan-activity;sid:83669012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.198.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805911/; classtype:trojan-activity;sid:83669011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdpzx.scr"; depth:10; endswith; nocase; http.host; content:"universalmovies.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805910/; classtype:trojan-activity;sid:83669010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.140.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805909/; classtype:trojan-activity;sid:83669009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805908/; classtype:trojan-activity;sid:83669008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.99.201.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805907/; classtype:trojan-activity;sid:83669007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.204.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805906/; classtype:trojan-activity;sid:83669006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.248.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805905/; classtype:trojan-activity;sid:83669005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.186.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805904/; classtype:trojan-activity;sid:83669004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805901/; classtype:trojan-activity;sid:83669001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805902/; classtype:trojan-activity;sid:83669002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805903/; classtype:trojan-activity;sid:83669003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805898/; classtype:trojan-activity;sid:83668998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805899/; classtype:trojan-activity;sid:83668999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805900/; classtype:trojan-activity;sid:83669000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805897/; classtype:trojan-activity;sid:83668997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805896/; classtype:trojan-activity;sid:83668996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805893/; classtype:trojan-activity;sid:83668993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805894/; classtype:trojan-activity;sid:83668994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"185.150.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805895/; classtype:trojan-activity;sid:83668995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.255.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805892/; classtype:trojan-activity;sid:83668992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805891/; classtype:trojan-activity;sid:83668991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.110.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805890/; classtype:trojan-activity;sid:83668990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.198.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805889/; classtype:trojan-activity;sid:83668989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.193.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805888/; classtype:trojan-activity;sid:83668988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.204.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805887/; classtype:trojan-activity;sid:83668987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805886/; classtype:trojan-activity;sid:83668986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.238.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805885/; classtype:trojan-activity;sid:83668985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.65.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805884/; classtype:trojan-activity;sid:83668984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.254.85.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805883/; classtype:trojan-activity;sid:83668983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.126.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805882/; classtype:trojan-activity;sid:83668982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.221.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805881/; classtype:trojan-activity;sid:83668981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.120.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805880/; classtype:trojan-activity;sid:83668980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.88.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805879/; classtype:trojan-activity;sid:83668979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.86.160.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805878/; classtype:trojan-activity;sid:83668978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.22.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805876/; classtype:trojan-activity;sid:83668976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.179.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805877/; classtype:trojan-activity;sid:83668977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.178.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805875/; classtype:trojan-activity;sid:83668975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.119.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805874/; classtype:trojan-activity;sid:83668974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.40.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805873/; classtype:trojan-activity;sid:83668973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805872/; classtype:trojan-activity;sid:83668972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.144.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805871/; classtype:trojan-activity;sid:83668971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.70.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805870/; classtype:trojan-activity;sid:83668970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.48.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805869/; classtype:trojan-activity;sid:83668969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805868/; classtype:trojan-activity;sid:83668968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.248.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805865/; classtype:trojan-activity;sid:83668965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.55.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805866/; classtype:trojan-activity;sid:83668966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.235.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805867/; classtype:trojan-activity;sid:83668967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.31.203.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805864/; classtype:trojan-activity;sid:83668964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.65.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805863/; classtype:trojan-activity;sid:83668963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.7.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805862/; classtype:trojan-activity;sid:83668962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.236.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805861/; classtype:trojan-activity;sid:83668961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fxyvcg6c.exe"; depth:13; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805860/; classtype:trojan-activity;sid:83668960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.178.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805859/; classtype:trojan-activity;sid:83668959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.184.28.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805858/; classtype:trojan-activity;sid:83668958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.127.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805856/; classtype:trojan-activity;sid:83668956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.7.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805857/; classtype:trojan-activity;sid:83668957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.173.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805855/; classtype:trojan-activity;sid:83668955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.238.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805854/; classtype:trojan-activity;sid:83668954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"185.191.246.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805853/; classtype:trojan-activity;sid:83668953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.65.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805852/; classtype:trojan-activity;sid:83668952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.62.61.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805851/; classtype:trojan-activity;sid:83668951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.236.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805850/; classtype:trojan-activity;sid:83668950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.12.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805849/; classtype:trojan-activity;sid:83668949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.18.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805847/; classtype:trojan-activity;sid:83668947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.215.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805848/; classtype:trojan-activity;sid:83668948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.123.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805846/; classtype:trojan-activity;sid:83668946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df/clip.exe"; depth:12; endswith; nocase; http.host; content:"45.129.199.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805845/; classtype:trojan-activity;sid:83668945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.220.155.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805844/; classtype:trojan-activity;sid:83668944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.93.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805843/; classtype:trojan-activity;sid:83668943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805838/; classtype:trojan-activity;sid:83668938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805839/; classtype:trojan-activity;sid:83668939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805840/; classtype:trojan-activity;sid:83668940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805841/; classtype:trojan-activity;sid:83668941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.230.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805842/; classtype:trojan-activity;sid:83668942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805834/; classtype:trojan-activity;sid:83668934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805835/; classtype:trojan-activity;sid:83668935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805836/; classtype:trojan-activity;sid:83668936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805837/; classtype:trojan-activity;sid:83668937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805827/; classtype:trojan-activity;sid:83668927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805828/; classtype:trojan-activity;sid:83668928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805829/; classtype:trojan-activity;sid:83668929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805830/; classtype:trojan-activity;sid:83668930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805831/; classtype:trojan-activity;sid:83668931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805832/; classtype:trojan-activity;sid:83668932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805833/; classtype:trojan-activity;sid:83668933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805824/; classtype:trojan-activity;sid:83668924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805825/; classtype:trojan-activity;sid:83668925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805826/; classtype:trojan-activity;sid:83668926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805820/; classtype:trojan-activity;sid:83668920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805821/; classtype:trojan-activity;sid:83668921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805822/; classtype:trojan-activity;sid:83668922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.196.11.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805823/; classtype:trojan-activity;sid:83668923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.224.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805819/; classtype:trojan-activity;sid:83668919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.68.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805818/; classtype:trojan-activity;sid:83668918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805817/; classtype:trojan-activity;sid:83668917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.65.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805816/; classtype:trojan-activity;sid:83668916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.206.185.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805815/; classtype:trojan-activity;sid:83668915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.38.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805814/; classtype:trojan-activity;sid:83668914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.62.61.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805813/; classtype:trojan-activity;sid:83668913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.18.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805812/; classtype:trojan-activity;sid:83668912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.43.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805811/; classtype:trojan-activity;sid:83668911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805810/; classtype:trojan-activity;sid:83668910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.93.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805809/; classtype:trojan-activity;sid:83668909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805808/; classtype:trojan-activity;sid:83668908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.248.167.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805807/; classtype:trojan-activity;sid:83668907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.123.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805806/; classtype:trojan-activity;sid:83668906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.124.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805805/; classtype:trojan-activity;sid:83668905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.87.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805803/; classtype:trojan-activity;sid:83668903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.8.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805804/; classtype:trojan-activity;sid:83668904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.87.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805802/; classtype:trojan-activity;sid:83668902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.123.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805801/; classtype:trojan-activity;sid:83668901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"190.109.229.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805800/; classtype:trojan-activity;sid:83668900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.242.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805799/; classtype:trojan-activity;sid:83668899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.248.167.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805798/; classtype:trojan-activity;sid:83668898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.54.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805797/; classtype:trojan-activity;sid:83668897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.114.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805796/; classtype:trojan-activity;sid:83668896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.244.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805795/; classtype:trojan-activity;sid:83668895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.114.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805794/; classtype:trojan-activity;sid:83668894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.43.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805793/; classtype:trojan-activity;sid:83668893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.209.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805791/; classtype:trojan-activity;sid:83668891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805792/; classtype:trojan-activity;sid:83668892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mqxbvlta.exe"; depth:13; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805790/; classtype:trojan-activity;sid:83668890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.86.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805789/; classtype:trojan-activity;sid:83668889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.8.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805788/; classtype:trojan-activity;sid:83668888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.6.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805787/; classtype:trojan-activity;sid:83668887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.151.229.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805786/; classtype:trojan-activity;sid:83668886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.191.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805784/; classtype:trojan-activity;sid:83668884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.242.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805785/; classtype:trojan-activity;sid:83668885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.244.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805783/; classtype:trojan-activity;sid:83668883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.38.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805782/; classtype:trojan-activity;sid:83668882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.137.21.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805781/; classtype:trojan-activity;sid:83668881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805779/; classtype:trojan-activity;sid:83668879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.113.124.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805780/; classtype:trojan-activity;sid:83668880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.13.1.1"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805778/; classtype:trojan-activity;sid:83668878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.238.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805777/; classtype:trojan-activity;sid:83668877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.56.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805776/; classtype:trojan-activity;sid:83668876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.226.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805775/; classtype:trojan-activity;sid:83668875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.209.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805774/; classtype:trojan-activity;sid:83668874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.191.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805773/; classtype:trojan-activity;sid:83668873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.212.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805772/; classtype:trojan-activity;sid:83668872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.120.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805771/; classtype:trojan-activity;sid:83668871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.171.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805770/; classtype:trojan-activity;sid:83668870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.30.128"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805769/; classtype:trojan-activity;sid:83668869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.210.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805768/; classtype:trojan-activity;sid:83668868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.113.124.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805767/; classtype:trojan-activity;sid:83668867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dskeown1.exe"; depth:13; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805766/; classtype:trojan-activity;sid:83668866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.238.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805765/; classtype:trojan-activity;sid:83668865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.38.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805764/; classtype:trojan-activity;sid:83668864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.32.172.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805763/; classtype:trojan-activity;sid:83668863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.131.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805761/; classtype:trojan-activity;sid:83668861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.171.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805762/; classtype:trojan-activity;sid:83668862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.230.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805760/; classtype:trojan-activity;sid:83668860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.147.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805759/; classtype:trojan-activity;sid:83668859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.132.150.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805758/; classtype:trojan-activity;sid:83668858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.32.172.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805757/; classtype:trojan-activity;sid:83668857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.115.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805755/; classtype:trojan-activity;sid:83668855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.73.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805756/; classtype:trojan-activity;sid:83668856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.44.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805754/; classtype:trojan-activity;sid:83668854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.128.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805753/; classtype:trojan-activity;sid:83668853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.181.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805751/; classtype:trojan-activity;sid:83668851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.182.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805752/; classtype:trojan-activity;sid:83668852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805750/; classtype:trojan-activity;sid:83668850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/6614d814c0eacbf4ee0c58c2"; depth:34; endswith; nocase; http.host; content:"api.discreetshare.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805749/; classtype:trojan-activity;sid:83668849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.210.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805748/; classtype:trojan-activity;sid:83668848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.194.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805747/; classtype:trojan-activity;sid:83668847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.230.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805746/; classtype:trojan-activity;sid:83668846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.14.129"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805745/; classtype:trojan-activity;sid:83668845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.29.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805744/; classtype:trojan-activity;sid:83668844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.73.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805743/; classtype:trojan-activity;sid:83668843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.82.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805742/; classtype:trojan-activity;sid:83668842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.38.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805741/; classtype:trojan-activity;sid:83668841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.82.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805740/; classtype:trojan-activity;sid:83668840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.239.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805739/; classtype:trojan-activity;sid:83668839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.201.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805738/; classtype:trojan-activity;sid:83668838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805737/; classtype:trojan-activity;sid:83668837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.22.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805736/; classtype:trojan-activity;sid:83668836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805735/; classtype:trojan-activity;sid:83668835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.49.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805734/; classtype:trojan-activity;sid:83668834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805733/; classtype:trojan-activity;sid:83668833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1185209803467915270/1193138665661157386/minty.zip|3f|ex=66239879|7c|26|7c|is=66112379|7c|26|7c|hm=797cf07abab08d53b653bdd1794b3734b00a5569d101b6f52dce70a1eed35b91|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805730/; classtype:trojan-activity;sid:83668830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1224415779168981056/1225527877282299945/fixer.zip|3f|ex=662174c7|7c|26|7c|is=660effc7|7c|26|7c|hm=1a61fd9216216eb2c21906ae21a580f4c353d9bf0b6a800f0bba31e054b6fbea|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805731/; classtype:trojan-activity;sid:83668831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lander/stealer-morenz/loader.zip"; depth:33; endswith; nocase; http.host; content:"game-hack.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805732/; classtype:trojan-activity;sid:83668832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1224409224902217740/1225839689299398767/fixer.zip|3f|ex=6622972c|7c|26|7c|is=6610222c|7c|26|7c|hm=d1a8a62b112ea04ff4d5dc4220cc74987f2718f5954de3116297c458a126f5af|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805729/; classtype:trojan-activity;sid:83668829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.121.87.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805728/; classtype:trojan-activity;sid:83668828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.210.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805727/; classtype:trojan-activity;sid:83668827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.161.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805726/; classtype:trojan-activity;sid:83668826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.229.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805725/; classtype:trojan-activity;sid:83668825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.151.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805724/; classtype:trojan-activity;sid:83668824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805723/; classtype:trojan-activity;sid:83668823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xipjvpdq.exe"; depth:13; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805722/; classtype:trojan-activity;sid:83668822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.183.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805721/; classtype:trojan-activity;sid:83668821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.73.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805720/; classtype:trojan-activity;sid:83668820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.36.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805719/; classtype:trojan-activity;sid:83668819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.246.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805718/; classtype:trojan-activity;sid:83668818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805717/; classtype:trojan-activity;sid:83668817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.22.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805716/; classtype:trojan-activity;sid:83668816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.160.128.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805715/; classtype:trojan-activity;sid:83668815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.49.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805714/; classtype:trojan-activity;sid:83668814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805713/; classtype:trojan-activity;sid:83668813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.97.173.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805712/; classtype:trojan-activity;sid:83668812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.187.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805711/; classtype:trojan-activity;sid:83668811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.74.59.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805710/; classtype:trojan-activity;sid:83668810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.29.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805709/; classtype:trojan-activity;sid:83668809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805708/; classtype:trojan-activity;sid:83668808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.36.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805707/; classtype:trojan-activity;sid:83668807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.105.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805706/; classtype:trojan-activity;sid:83668806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.117.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805705/; classtype:trojan-activity;sid:83668805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.91.248.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805704/; classtype:trojan-activity;sid:83668804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.185.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805702/; classtype:trojan-activity;sid:83668802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.60.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805703/; classtype:trojan-activity;sid:83668803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.187.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805701/; classtype:trojan-activity;sid:83668801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.178.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805700/; classtype:trojan-activity;sid:83668800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.244.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805699/; classtype:trojan-activity;sid:83668799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.166.86.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805698/; classtype:trojan-activity;sid:83668798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805697/; classtype:trojan-activity;sid:83668797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.73.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805696/; classtype:trojan-activity;sid:83668796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.64.87.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805695/; classtype:trojan-activity;sid:83668795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.161.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805694/; classtype:trojan-activity;sid:83668794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.68.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805693/; classtype:trojan-activity;sid:83668793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.105.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805692/; classtype:trojan-activity;sid:83668792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.60.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805690/; classtype:trojan-activity;sid:83668790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.183.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805691/; classtype:trojan-activity;sid:83668791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.185.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805689/; classtype:trojan-activity;sid:83668789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.186.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805688/; classtype:trojan-activity;sid:83668788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.49.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805687/; classtype:trojan-activity;sid:83668787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.114.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805686/; classtype:trojan-activity;sid:83668786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.142.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805684/; classtype:trojan-activity;sid:83668784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.248.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805685/; classtype:trojan-activity;sid:83668785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.147.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805683/; classtype:trojan-activity;sid:83668783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.178.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805682/; classtype:trojan-activity;sid:83668782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.244.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805681/; classtype:trojan-activity;sid:83668781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.255.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805680/; classtype:trojan-activity;sid:83668780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.166.86.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805679/; classtype:trojan-activity;sid:83668779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.68.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805678/; classtype:trojan-activity;sid:83668778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.186.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805676/; classtype:trojan-activity;sid:83668776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.28.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805677/; classtype:trojan-activity;sid:83668777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.61.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805675/; classtype:trojan-activity;sid:83668775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.95.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805674/; classtype:trojan-activity;sid:83668774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.121.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805673/; classtype:trojan-activity;sid:83668773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.186.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805672/; classtype:trojan-activity;sid:83668772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805671/; classtype:trojan-activity;sid:83668771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.142.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805670/; classtype:trojan-activity;sid:83668770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.102.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805669/; classtype:trojan-activity;sid:83668769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.248.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805668/; classtype:trojan-activity;sid:83668768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.114.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805667/; classtype:trojan-activity;sid:83668767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.31.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805666/; classtype:trojan-activity;sid:83668766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.147.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805665/; classtype:trojan-activity;sid:83668765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.74.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805663/; classtype:trojan-activity;sid:83668763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805664/; classtype:trojan-activity;sid:83668764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.195.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805662/; classtype:trojan-activity;sid:83668762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805661/; classtype:trojan-activity;sid:83668761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.214.83.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805659/; classtype:trojan-activity;sid:83668759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805660/; classtype:trojan-activity;sid:83668760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805658/; classtype:trojan-activity;sid:83668758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.68.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805657/; classtype:trojan-activity;sid:83668757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.102.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805656/; classtype:trojan-activity;sid:83668756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.31.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805655/; classtype:trojan-activity;sid:83668755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805654/; classtype:trojan-activity;sid:83668754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.180.96.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805653/; classtype:trojan-activity;sid:83668753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.237.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805652/; classtype:trojan-activity;sid:83668752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.240.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805651/; classtype:trojan-activity;sid:83668751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805650/; classtype:trojan-activity;sid:83668750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.147.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805649/; classtype:trojan-activity;sid:83668749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805648/; classtype:trojan-activity;sid:83668748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.101.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805647/; classtype:trojan-activity;sid:83668747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.50.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805646/; classtype:trojan-activity;sid:83668746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.173.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805645/; classtype:trojan-activity;sid:83668745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.106.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805644/; classtype:trojan-activity;sid:83668744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805643/; classtype:trojan-activity;sid:83668743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.120.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805642/; classtype:trojan-activity;sid:83668742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.205.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805641/; classtype:trojan-activity;sid:83668741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.90.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805640/; classtype:trojan-activity;sid:83668740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.42.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805639/; classtype:trojan-activity;sid:83668739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.149.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805638/; classtype:trojan-activity;sid:83668738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805637/; classtype:trojan-activity;sid:83668737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.80.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805635/; classtype:trojan-activity;sid:83668735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.15.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805636/; classtype:trojan-activity;sid:83668736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805634/; classtype:trojan-activity;sid:83668734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.40.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805633/; classtype:trojan-activity;sid:83668733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.65.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805632/; classtype:trojan-activity;sid:83668732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.101.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805631/; classtype:trojan-activity;sid:83668731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805630/; classtype:trojan-activity;sid:83668730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.80.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805629/; classtype:trojan-activity;sid:83668729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.192.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805628/; classtype:trojan-activity;sid:83668728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.225.50.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805627/; classtype:trojan-activity;sid:83668727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805625/; classtype:trojan-activity;sid:83668725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.23.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805626/; classtype:trojan-activity;sid:83668726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.137.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805623/; classtype:trojan-activity;sid:83668723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805624/; classtype:trojan-activity;sid:83668724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.62.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805622/; classtype:trojan-activity;sid:83668722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.114.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805621/; classtype:trojan-activity;sid:83668721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.42.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805620/; classtype:trojan-activity;sid:83668720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.66.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805619/; classtype:trojan-activity;sid:83668719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.236.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805618/; classtype:trojan-activity;sid:83668718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805617/; classtype:trojan-activity;sid:83668717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.15.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805616/; classtype:trojan-activity;sid:83668716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.23.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805615/; classtype:trojan-activity;sid:83668715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.192.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805614/; classtype:trojan-activity;sid:83668714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.193.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805613/; classtype:trojan-activity;sid:83668713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.51.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805612/; classtype:trojan-activity;sid:83668712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.137.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805611/; classtype:trojan-activity;sid:83668711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.40.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805610/; classtype:trojan-activity;sid:83668710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.89.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805609/; classtype:trojan-activity;sid:83668709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.118.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805608/; classtype:trojan-activity;sid:83668708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.28.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805607/; classtype:trojan-activity;sid:83668707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.173.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805605/; classtype:trojan-activity;sid:83668705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.236.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805606/; classtype:trojan-activity;sid:83668706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805604/; classtype:trojan-activity;sid:83668704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.82.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805603/; classtype:trojan-activity;sid:83668703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.114.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805602/; classtype:trojan-activity;sid:83668702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.229.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805601/; classtype:trojan-activity;sid:83668701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.27.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805599/; classtype:trojan-activity;sid:83668699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.176.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805600/; classtype:trojan-activity;sid:83668700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.121.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805598/; classtype:trojan-activity;sid:83668698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.24.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805597/; classtype:trojan-activity;sid:83668697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.83.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805596/; classtype:trojan-activity;sid:83668696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.221.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805594/; classtype:trojan-activity;sid:83668694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.166.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805595/; classtype:trojan-activity;sid:83668695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805593/; classtype:trojan-activity;sid:83668693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.249.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805592/; classtype:trojan-activity;sid:83668692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.37.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805590/; classtype:trojan-activity;sid:83668690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.53.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805591/; classtype:trojan-activity;sid:83668691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805589/; classtype:trojan-activity;sid:83668689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.93.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805588/; classtype:trojan-activity;sid:83668688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.54.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805586/; classtype:trojan-activity;sid:83668686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.246.180.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805587/; classtype:trojan-activity;sid:83668687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.14.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805585/; classtype:trojan-activity;sid:83668685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.45.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805584/; classtype:trojan-activity;sid:83668684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.254.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805583/; classtype:trojan-activity;sid:83668683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.118.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805582/; classtype:trojan-activity;sid:83668682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805581/; classtype:trojan-activity;sid:83668681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805580/; classtype:trojan-activity;sid:83668680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.104.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805579/; classtype:trojan-activity;sid:83668679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.121.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805578/; classtype:trojan-activity;sid:83668678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.221.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805577/; classtype:trojan-activity;sid:83668677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.80.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805576/; classtype:trojan-activity;sid:83668676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.83.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805575/; classtype:trojan-activity;sid:83668675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805574/; classtype:trojan-activity;sid:83668674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.209.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805573/; classtype:trojan-activity;sid:83668673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.221.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805572/; classtype:trojan-activity;sid:83668672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.140.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805570/; classtype:trojan-activity;sid:83668670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.44.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805571/; classtype:trojan-activity;sid:83668671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.254.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805569/; classtype:trojan-activity;sid:83668669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.243.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805568/; classtype:trojan-activity;sid:83668668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.221.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805567/; classtype:trojan-activity;sid:83668667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.104.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805566/; classtype:trojan-activity;sid:83668666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.243.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805564/; classtype:trojan-activity;sid:83668664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.85.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805565/; classtype:trojan-activity;sid:83668665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.80.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805559/; classtype:trojan-activity;sid:83668659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.91.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805560/; classtype:trojan-activity;sid:83668660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.183.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805561/; classtype:trojan-activity;sid:83668661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.48.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805562/; classtype:trojan-activity;sid:83668662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.45.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805563/; classtype:trojan-activity;sid:83668663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.24.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805558/; classtype:trojan-activity;sid:83668658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bu41"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805557/; classtype:trojan-activity;sid:83668657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.98.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805556/; classtype:trojan-activity;sid:83668656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.3.200"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805555/; classtype:trojan-activity;sid:83668655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.53.160.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805554/; classtype:trojan-activity;sid:83668654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.74.15.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805553/; classtype:trojan-activity;sid:83668653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.158.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805552/; classtype:trojan-activity;sid:83668652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.85.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805551/; classtype:trojan-activity;sid:83668651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805550/; classtype:trojan-activity;sid:83668650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805549/; classtype:trojan-activity;sid:83668649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.80.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805548/; classtype:trojan-activity;sid:83668648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.198.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805547/; classtype:trojan-activity;sid:83668647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.172.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805546/; classtype:trojan-activity;sid:83668646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.127.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805545/; classtype:trojan-activity;sid:83668645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.26.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805544/; classtype:trojan-activity;sid:83668644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.13.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805543/; classtype:trojan-activity;sid:83668643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.98.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805541/; classtype:trojan-activity;sid:83668641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.3.200"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805542/; classtype:trojan-activity;sid:83668642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.83.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805540/; classtype:trojan-activity;sid:83668640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.22.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805539/; classtype:trojan-activity;sid:83668639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.43.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805538/; classtype:trojan-activity;sid:83668638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.230.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805537/; classtype:trojan-activity;sid:83668637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.219.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805536/; classtype:trojan-activity;sid:83668636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.186.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805535/; classtype:trojan-activity;sid:83668635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.89.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805534/; classtype:trojan-activity;sid:83668634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.9.125.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805533/; classtype:trojan-activity;sid:83668633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.53.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805532/; classtype:trojan-activity;sid:83668632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.26.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805531/; classtype:trojan-activity;sid:83668631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.121.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805530/; classtype:trojan-activity;sid:83668630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.13.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805529/; classtype:trojan-activity;sid:83668629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.198.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805528/; classtype:trojan-activity;sid:83668628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.172.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805527/; classtype:trojan-activity;sid:83668627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.22.146"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805524/; classtype:trojan-activity;sid:83668624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.195.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805525/; classtype:trojan-activity;sid:83668625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.129.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805526/; classtype:trojan-activity;sid:83668626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.66.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805523/; classtype:trojan-activity;sid:83668623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.83.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805522/; classtype:trojan-activity;sid:83668622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.205.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805521/; classtype:trojan-activity;sid:83668621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.186.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805520/; classtype:trojan-activity;sid:83668620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.43.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805519/; classtype:trojan-activity;sid:83668619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.183.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805518/; classtype:trojan-activity;sid:83668618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.156.93.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805517/; classtype:trojan-activity;sid:83668617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.33.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805516/; classtype:trojan-activity;sid:83668616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.203.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805515/; classtype:trojan-activity;sid:83668615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.227.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805513/; classtype:trojan-activity;sid:83668613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805514/; classtype:trojan-activity;sid:83668614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805512/; classtype:trojan-activity;sid:83668612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.237.163.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805511/; classtype:trojan-activity;sid:83668611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805508/; classtype:trojan-activity;sid:83668608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805509/; classtype:trojan-activity;sid:83668609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805510/; classtype:trojan-activity;sid:83668610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805507/; classtype:trojan-activity;sid:83668607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805503/; classtype:trojan-activity;sid:83668603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805504/; classtype:trojan-activity;sid:83668604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805505/; classtype:trojan-activity;sid:83668605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805506/; classtype:trojan-activity;sid:83668606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.15.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805502/; classtype:trojan-activity;sid:83668602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.67.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805501/; classtype:trojan-activity;sid:83668601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.121.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805500/; classtype:trojan-activity;sid:83668600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.101.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805499/; classtype:trojan-activity;sid:83668599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.171.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805498/; classtype:trojan-activity;sid:83668598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.164.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805496/; classtype:trojan-activity;sid:83668596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.73.138.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805497/; classtype:trojan-activity;sid:83668597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.171.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805495/; classtype:trojan-activity;sid:83668595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.252.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805494/; classtype:trojan-activity;sid:83668594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.15.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805493/; classtype:trojan-activity;sid:83668593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"5.253.246.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805492/; classtype:trojan-activity;sid:83668592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805490/; classtype:trojan-activity;sid:83668590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.130.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805491/; classtype:trojan-activity;sid:83668591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.67.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805489/; classtype:trojan-activity;sid:83668589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.1.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805486/; classtype:trojan-activity;sid:83668586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.185.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805487/; classtype:trojan-activity;sid:83668587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.112.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805488/; classtype:trojan-activity;sid:83668588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.228.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805485/; classtype:trojan-activity;sid:83668585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.6.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805484/; classtype:trojan-activity;sid:83668584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/print23123/steal-installer/raw/main/crypted6077866846mvyqy.exe"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805483/; classtype:trojan-activity;sid:83668583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.30.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805482/; classtype:trojan-activity;sid:83668582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.115.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805481/; classtype:trojan-activity;sid:83668581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.185.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805480/; classtype:trojan-activity;sid:83668580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805479/; classtype:trojan-activity;sid:83668579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.140.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805478/; classtype:trojan-activity;sid:83668578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805477/; classtype:trojan-activity;sid:83668577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.6.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805475/; classtype:trojan-activity;sid:83668575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.228.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805476/; classtype:trojan-activity;sid:83668576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.136.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805474/; classtype:trojan-activity;sid:83668574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.30.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805473/; classtype:trojan-activity;sid:83668573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.150.181.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805472/; classtype:trojan-activity;sid:83668572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.238.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805470/; classtype:trojan-activity;sid:83668570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.172.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805471/; classtype:trojan-activity;sid:83668571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.156.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805469/; classtype:trojan-activity;sid:83668569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.20.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805468/; classtype:trojan-activity;sid:83668568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.113.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805466/; classtype:trojan-activity;sid:83668566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.9.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805467/; classtype:trojan-activity;sid:83668567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.183.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805464/; classtype:trojan-activity;sid:83668564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.14.97"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805465/; classtype:trojan-activity;sid:83668565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"yqwf.round.fishingreelinvestment.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805463/; classtype:trojan-activity;sid:83668563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.180.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805462/; classtype:trojan-activity;sid:83668562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.101.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805460/; classtype:trojan-activity;sid:83668560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.136.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805461/; classtype:trojan-activity;sid:83668561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.238.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805459/; classtype:trojan-activity;sid:83668559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.108.218.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805458/; classtype:trojan-activity;sid:83668558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.15.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805457/; classtype:trojan-activity;sid:83668557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.216.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805456/; classtype:trojan-activity;sid:83668556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.20.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805455/; classtype:trojan-activity;sid:83668555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.108.218.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805454/; classtype:trojan-activity;sid:83668554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.24.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805453/; classtype:trojan-activity;sid:83668553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xw0ihhpkbup7"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805452/; classtype:trojan-activity;sid:83668552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.180.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805451/; classtype:trojan-activity;sid:83668551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.101.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805450/; classtype:trojan-activity;sid:83668550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.68.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805449/; classtype:trojan-activity;sid:83668549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.15.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805448/; classtype:trojan-activity;sid:83668548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.186.60.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805447/; classtype:trojan-activity;sid:83668547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.137.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805446/; classtype:trojan-activity;sid:83668546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.84.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805445/; classtype:trojan-activity;sid:83668545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.73.138.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805444/; classtype:trojan-activity;sid:83668544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.172.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805443/; classtype:trojan-activity;sid:83668543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.183.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805442/; classtype:trojan-activity;sid:83668542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.17.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805441/; classtype:trojan-activity;sid:83668541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.216.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805440/; classtype:trojan-activity;sid:83668540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.22.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805439/; classtype:trojan-activity;sid:83668539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.199.76.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805438/; classtype:trojan-activity;sid:83668538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"chf.pool.hjdeboer.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805437/; classtype:trojan-activity;sid:83668537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.20.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805436/; classtype:trojan-activity;sid:83668536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.112.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805435/; classtype:trojan-activity;sid:83668535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.186.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805434/; classtype:trojan-activity;sid:83668534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.230.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805433/; classtype:trojan-activity;sid:83668533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.140.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805432/; classtype:trojan-activity;sid:83668532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.113.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805431/; classtype:trojan-activity;sid:83668531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.232.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805430/; classtype:trojan-activity;sid:83668530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.13.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805429/; classtype:trojan-activity;sid:83668529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.186.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805428/; classtype:trojan-activity;sid:83668528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.199.161.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805427/; classtype:trojan-activity;sid:83668527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.95.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805426/; classtype:trojan-activity;sid:83668526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.205.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805425/; classtype:trojan-activity;sid:83668525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.202.241.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805424/; classtype:trojan-activity;sid:83668524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.29.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805423/; classtype:trojan-activity;sid:83668523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.22.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805422/; classtype:trojan-activity;sid:83668522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.249.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805421/; classtype:trojan-activity;sid:83668521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"106.41.75.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805420/; classtype:trojan-activity;sid:83668520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.120.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805419/; classtype:trojan-activity;sid:83668519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.183.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805418/; classtype:trojan-activity;sid:83668518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.152.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805417/; classtype:trojan-activity;sid:83668517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.232.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805416/; classtype:trojan-activity;sid:83668516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.172.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805414/; classtype:trojan-activity;sid:83668514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.73.25.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805415/; classtype:trojan-activity;sid:83668515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805413/; classtype:trojan-activity;sid:83668513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.236.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805412/; classtype:trojan-activity;sid:83668512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.38.92.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805411/; classtype:trojan-activity;sid:83668511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.152.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805410/; classtype:trojan-activity;sid:83668510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.114.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805409/; classtype:trojan-activity;sid:83668509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.65.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805408/; classtype:trojan-activity;sid:83668508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.73.25.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805407/; classtype:trojan-activity;sid:83668507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.199.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805406/; classtype:trojan-activity;sid:83668506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.70.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805405/; classtype:trojan-activity;sid:83668505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805404/; classtype:trojan-activity;sid:83668504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.100.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805403/; classtype:trojan-activity;sid:83668503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.180.234.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805401/; classtype:trojan-activity;sid:83668501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.24.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805402/; classtype:trojan-activity;sid:83668502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.38.92.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805400/; classtype:trojan-activity;sid:83668500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.199.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805399/; classtype:trojan-activity;sid:83668499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805398/; classtype:trojan-activity;sid:83668498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.152.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805397/; classtype:trojan-activity;sid:83668497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.65.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805396/; classtype:trojan-activity;sid:83668496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.121.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805394/; classtype:trojan-activity;sid:83668494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.100.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805395/; classtype:trojan-activity;sid:83668495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.149.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805393/; classtype:trojan-activity;sid:83668493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.95.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805392/; classtype:trojan-activity;sid:83668492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i1gcbw1e.exe"; depth:13; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805391/; classtype:trojan-activity;sid:83668491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805390/; classtype:trojan-activity;sid:83668490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.36.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805389/; classtype:trojan-activity;sid:83668489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.27.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805388/; classtype:trojan-activity;sid:83668488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.95.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805387/; classtype:trojan-activity;sid:83668487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/x2wrobfvzxlz"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805386/; classtype:trojan-activity;sid:83668486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.7.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805385/; classtype:trojan-activity;sid:83668485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805383/; classtype:trojan-activity;sid:83668483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805384/; classtype:trojan-activity;sid:83668484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.139.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805382/; classtype:trojan-activity;sid:83668482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.176.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805380/; classtype:trojan-activity;sid:83668480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.152.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805381/; classtype:trojan-activity;sid:83668481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.115.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805379/; classtype:trojan-activity;sid:83668479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805378/; classtype:trojan-activity;sid:83668478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.28.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805377/; classtype:trojan-activity;sid:83668477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.179.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805376/; classtype:trojan-activity;sid:83668476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.85.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805375/; classtype:trojan-activity;sid:83668475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.146.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805374/; classtype:trojan-activity;sid:83668474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.7.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805373/; classtype:trojan-activity;sid:83668473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.121.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805372/; classtype:trojan-activity;sid:83668472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.36.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805371/; classtype:trojan-activity;sid:83668471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.28.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805370/; classtype:trojan-activity;sid:83668470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.139.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805369/; classtype:trojan-activity;sid:83668469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805368/; classtype:trojan-activity;sid:83668468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.188.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805367/; classtype:trojan-activity;sid:83668467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.181.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805366/; classtype:trojan-activity;sid:83668466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.248.187.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805365/; classtype:trojan-activity;sid:83668465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.248.59.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805364/; classtype:trojan-activity;sid:83668464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.175.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805363/; classtype:trojan-activity;sid:83668463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.176.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805362/; classtype:trojan-activity;sid:83668462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.179.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805361/; classtype:trojan-activity;sid:83668461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.115.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805360/; classtype:trojan-activity;sid:83668460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.237.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805359/; classtype:trojan-activity;sid:83668459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.135.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805358/; classtype:trojan-activity;sid:83668458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.57.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805357/; classtype:trojan-activity;sid:83668457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/watchdog"; depth:9; endswith; nocase; http.host; content:"176.97.210.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805356/; classtype:trojan-activity;sid:83668456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm7"; depth:13; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805350/; classtype:trojan-activity;sid:83668450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805351/; classtype:trojan-activity;sid:83668451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mil"; depth:4; endswith; nocase; http.host; content:"91.92.253.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805352/; classtype:trojan-activity;sid:83668452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86"; depth:12; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805353/; classtype:trojan-activity;sid:83668453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mips"; depth:13; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805354/; classtype:trojan-activity;sid:83668454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86_64"; depth:15; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805355/; classtype:trojan-activity;sid:83668455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805347/; classtype:trojan-activity;sid:83668447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805348/; classtype:trojan-activity;sid:83668448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm5"; depth:13; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805349/; classtype:trojan-activity;sid:83668449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805338/; classtype:trojan-activity;sid:83668438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805339/; classtype:trojan-activity;sid:83668439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm6"; depth:13; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805340/; classtype:trojan-activity;sid:83668440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805341/; classtype:trojan-activity;sid:83668441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805342/; classtype:trojan-activity;sid:83668442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm"; depth:12; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805343/; classtype:trojan-activity;sid:83668443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805344/; classtype:trojan-activity;sid:83668444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805345/; classtype:trojan-activity;sid:83668445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805346/; classtype:trojan-activity;sid:83668446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.85.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805334/; classtype:trojan-activity;sid:83668434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805335/; classtype:trojan-activity;sid:83668435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805336/; classtype:trojan-activity;sid:83668436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805337/; classtype:trojan-activity;sid:83668437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805330/; classtype:trojan-activity;sid:83668430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805331/; classtype:trojan-activity;sid:83668431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805332/; classtype:trojan-activity;sid:83668432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805333/; classtype:trojan-activity;sid:83668433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805324/; classtype:trojan-activity;sid:83668424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805325/; classtype:trojan-activity;sid:83668425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805326/; classtype:trojan-activity;sid:83668426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mpsl"; depth:13; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805327/; classtype:trojan-activity;sid:83668427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.243.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805328/; classtype:trojan-activity;sid:83668428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.m68k"; depth:13; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805329/; classtype:trojan-activity;sid:83668429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805321/; classtype:trojan-activity;sid:83668421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"93.123.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805322/; classtype:trojan-activity;sid:83668422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.ppc"; depth:12; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805323/; classtype:trojan-activity;sid:83668423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.246.249.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805319/; classtype:trojan-activity;sid:83668419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.sh4"; depth:12; endswith; nocase; http.host; content:"93.123.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805320/; classtype:trojan-activity;sid:83668420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"91.92.240.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805318/; classtype:trojan-activity;sid:83668418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.7.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805317/; classtype:trojan-activity;sid:83668417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.44.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805316/; classtype:trojan-activity;sid:83668416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.223.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805315/; classtype:trojan-activity;sid:83668415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.119.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805314/; classtype:trojan-activity;sid:83668414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.41.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805313/; classtype:trojan-activity;sid:83668413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.190.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805312/; classtype:trojan-activity;sid:83668412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.38.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805311/; classtype:trojan-activity;sid:83668411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.116.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805310/; classtype:trojan-activity;sid:83668410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.175.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805309/; classtype:trojan-activity;sid:83668409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.253.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805308/; classtype:trojan-activity;sid:83668408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.44.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805307/; classtype:trojan-activity;sid:83668407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.81.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805306/; classtype:trojan-activity;sid:83668406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.191.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805305/; classtype:trojan-activity;sid:83668405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.6.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805304/; classtype:trojan-activity;sid:83668404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805303/; classtype:trojan-activity;sid:83668403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.119.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805302/; classtype:trojan-activity;sid:83668402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"sgm.pool.hjdeboer.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805301/; classtype:trojan-activity;sid:83668401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.81.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805300/; classtype:trojan-activity;sid:83668400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805299/; classtype:trojan-activity;sid:83668399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805297/; classtype:trojan-activity;sid:83668397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.63.185.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805298/; classtype:trojan-activity;sid:83668398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.13.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805296/; classtype:trojan-activity;sid:83668396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.72.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805295/; classtype:trojan-activity;sid:83668395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.195.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805294/; classtype:trojan-activity;sid:83668394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.99.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805293/; classtype:trojan-activity;sid:83668393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.122.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805292/; classtype:trojan-activity;sid:83668392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.61.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805291/; classtype:trojan-activity;sid:83668391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.61.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805290/; classtype:trojan-activity;sid:83668390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.216.93.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805289/; classtype:trojan-activity;sid:83668389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.56.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805288/; classtype:trojan-activity;sid:83668388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/trustlauncher.rar"; depth:23; endswith; nocase; http.host; content:"lflsoftware.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805287/; classtype:trojan-activity;sid:83668387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1219079930122338327/1226905867916546088/qfi-apr-uprrp24-04-02prpdf.gz|3f|ex=66267821|7c|26|7c|is=66140321|7c|26|7c|hm=73c25feb07f209751bc514e7102070c74ad5f17cb04409e4e6d053619d3f635e|7c|26|7c|"; depth:205; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805286/; classtype:trojan-activity;sid:83668386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.13.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805285/; classtype:trojan-activity;sid:83668385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.3.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805284/; classtype:trojan-activity;sid:83668384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.3.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805283/; classtype:trojan-activity;sid:83668383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.213.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805282/; classtype:trojan-activity;sid:83668382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.122.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805281/; classtype:trojan-activity;sid:83668381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.195.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805279/; classtype:trojan-activity;sid:83668379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.99.30.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805280/; classtype:trojan-activity;sid:83668380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.33.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805278/; classtype:trojan-activity;sid:83668378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.216.93.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805277/; classtype:trojan-activity;sid:83668377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.254.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805276/; classtype:trojan-activity;sid:83668376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.139.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805275/; classtype:trojan-activity;sid:83668375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.123.218.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805274/; classtype:trojan-activity;sid:83668374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.133.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805273/; classtype:trojan-activity;sid:83668373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xz5tljxjpzvt"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805272/; classtype:trojan-activity;sid:83668372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805271/; classtype:trojan-activity;sid:83668371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.135.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805270/; classtype:trojan-activity;sid:83668370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.211.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805268/; classtype:trojan-activity;sid:83668368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805269/; classtype:trojan-activity;sid:83668369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.18.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805267/; classtype:trojan-activity;sid:83668367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.89.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805266/; classtype:trojan-activity;sid:83668366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805265/; classtype:trojan-activity;sid:83668365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.33.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805264/; classtype:trojan-activity;sid:83668364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.15.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805263/; classtype:trojan-activity;sid:83668363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.125.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805262/; classtype:trojan-activity;sid:83668362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.133.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805261/; classtype:trojan-activity;sid:83668361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.211.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805260/; classtype:trojan-activity;sid:83668360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.57.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805259/; classtype:trojan-activity;sid:83668359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.123.218.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805258/; classtype:trojan-activity;sid:83668358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.18.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805257/; classtype:trojan-activity;sid:83668357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.93.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805256/; classtype:trojan-activity;sid:83668356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.150.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805255/; classtype:trojan-activity;sid:83668355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805253/; classtype:trojan-activity;sid:83668353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805254/; classtype:trojan-activity;sid:83668354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805249/; classtype:trojan-activity;sid:83668349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xh0roxxnavebusyoo.x86"; depth:23; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805250/; classtype:trojan-activity;sid:83668350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805251/; classtype:trojan-activity;sid:83668351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805252/; classtype:trojan-activity;sid:83668352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805244/; classtype:trojan-activity;sid:83668344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i586"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805245/; classtype:trojan-activity;sid:83668345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805246/; classtype:trojan-activity;sid:83668346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805247/; classtype:trojan-activity;sid:83668347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805248/; classtype:trojan-activity;sid:83668348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805239/; classtype:trojan-activity;sid:83668339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805240/; classtype:trojan-activity;sid:83668340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805241/; classtype:trojan-activity;sid:83668341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805242/; classtype:trojan-activity;sid:83668342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805243/; classtype:trojan-activity;sid:83668343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm4"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805236/; classtype:trojan-activity;sid:83668336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805237/; classtype:trojan-activity;sid:83668337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"sdiufgsdugif.group-networks.ru"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805238/; classtype:trojan-activity;sid:83668338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.60.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805235/; classtype:trojan-activity;sid:83668335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.44.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805234/; classtype:trojan-activity;sid:83668334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.135.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805233/; classtype:trojan-activity;sid:83668333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.146.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805231/; classtype:trojan-activity;sid:83668331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.211.101.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805232/; classtype:trojan-activity;sid:83668332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.185.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805230/; classtype:trojan-activity;sid:83668330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805229/; classtype:trojan-activity;sid:83668329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.4.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805227/; classtype:trojan-activity;sid:83668327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.37.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805228/; classtype:trojan-activity;sid:83668328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.57.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805226/; classtype:trojan-activity;sid:83668326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.20.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805225/; classtype:trojan-activity;sid:83668325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.86.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805224/; classtype:trojan-activity;sid:83668324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.22.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805223/; classtype:trojan-activity;sid:83668323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.52.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805221/; classtype:trojan-activity;sid:83668321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.229.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805222/; classtype:trojan-activity;sid:83668322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805220/; classtype:trojan-activity;sid:83668320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.202.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805219/; classtype:trojan-activity;sid:83668319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.171.253.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805218/; classtype:trojan-activity;sid:83668318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.102.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805217/; classtype:trojan-activity;sid:83668317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.36.212.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805216/; classtype:trojan-activity;sid:83668316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.189.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805215/; classtype:trojan-activity;sid:83668315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.123.247.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805214/; classtype:trojan-activity;sid:83668314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.4.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805213/; classtype:trojan-activity;sid:83668313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.21.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805212/; classtype:trojan-activity;sid:83668312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.37.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805211/; classtype:trojan-activity;sid:83668311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.201.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805210/; classtype:trojan-activity;sid:83668310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.194.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805208/; classtype:trojan-activity;sid:83668308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.189.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805209/; classtype:trojan-activity;sid:83668309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.2.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805207/; classtype:trojan-activity;sid:83668307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.16.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805206/; classtype:trojan-activity;sid:83668306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.20.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805205/; classtype:trojan-activity;sid:83668305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.180.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805204/; classtype:trojan-activity;sid:83668304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.202.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805203/; classtype:trojan-activity;sid:83668303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805202/; classtype:trojan-activity;sid:83668302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.52.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805201/; classtype:trojan-activity;sid:83668301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.15.141.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805200/; classtype:trojan-activity;sid:83668300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.211.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805198/; classtype:trojan-activity;sid:83668298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtkite/defender-control/releases/download/v1.5/disable-defender.exe"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805199/; classtype:trojan-activity;sid:83668299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.77.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805197/; classtype:trojan-activity;sid:83668297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.11.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805196/; classtype:trojan-activity;sid:83668296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.21.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805195/; classtype:trojan-activity;sid:83668295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/qjb4prv4"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805194/; classtype:trojan-activity;sid:83668294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/mips"; depth:7; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805193/; classtype:trojan-activity;sid:83668293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/i5"; depth:5; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805184/; classtype:trojan-activity;sid:83668284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/sh4"; depth:6; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805185/; classtype:trojan-activity;sid:83668285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/arm"; depth:6; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805186/; classtype:trojan-activity;sid:83668286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/m68k"; depth:7; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805187/; classtype:trojan-activity;sid:83668287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/arm6"; depth:7; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805188/; classtype:trojan-activity;sid:83668288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/arm7"; depth:7; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805189/; classtype:trojan-activity;sid:83668289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/arc"; depth:6; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805190/; classtype:trojan-activity;sid:83668290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/i6"; depth:5; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805191/; classtype:trojan-activity;sid:83668291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/x86"; depth:6; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805192/; classtype:trojan-activity;sid:83668292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/spc"; depth:6; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805180/; classtype:trojan-activity;sid:83668280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/ppc"; depth:6; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805181/; classtype:trojan-activity;sid:83668281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/mpsl"; depth:7; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805182/; classtype:trojan-activity;sid:83668282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/arm5"; depth:7; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805183/; classtype:trojan-activity;sid:83668283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/675aaxjc"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805179/; classtype:trojan-activity;sid:83668279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.89.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805178/; classtype:trojan-activity;sid:83668278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.114.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805177/; classtype:trojan-activity;sid:83668277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.15.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805176/; classtype:trojan-activity;sid:83668276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lido/magmadrainer1.zip"; depth:23; endswith; nocase; http.host; content:"91.92.255.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805175/; classtype:trojan-activity;sid:83668275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient.exe"; depth:12; endswith; nocase; http.host; content:"94.156.64.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805174/; classtype:trojan-activity;sid:83668274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op.dll"; depth:7; endswith; nocase; http.host; content:"91.92.247.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805172/; classtype:trojan-activity;sid:83668272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mstore.exe"; depth:11; endswith; nocase; http.host; content:"91.92.247.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805173/; classtype:trojan-activity;sid:83668273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/props.exe"; depth:10; endswith; nocase; http.host; content:"91.92.247.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805171/; classtype:trojan-activity;sid:83668271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.137.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805170/; classtype:trojan-activity;sid:83668270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.228.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805169/; classtype:trojan-activity;sid:83668269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.185.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805168/; classtype:trojan-activity;sid:83668268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805167/; classtype:trojan-activity;sid:83668267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.45.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805166/; classtype:trojan-activity;sid:83668266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.154.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805165/; classtype:trojan-activity;sid:83668265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.215.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805164/; classtype:trojan-activity;sid:83668264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.254.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805163/; classtype:trojan-activity;sid:83668263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.67.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805162/; classtype:trojan-activity;sid:83668262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.121.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805161/; classtype:trojan-activity;sid:83668261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netspy"; depth:7; endswith; nocase; http.host; content:"45.61.188.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805160/; classtype:trojan-activity;sid:83668260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig"; depth:6; endswith; nocase; http.host; content:"45.61.188.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805159/; classtype:trojan-activity;sid:83668259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.232.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805158/; classtype:trojan-activity;sid:83668258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.137.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805157/; classtype:trojan-activity;sid:83668257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.254.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805156/; classtype:trojan-activity;sid:83668256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.217.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805155/; classtype:trojan-activity;sid:83668255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.240.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805154/; classtype:trojan-activity;sid:83668254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805153/; classtype:trojan-activity;sid:83668253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805152/; classtype:trojan-activity;sid:83668252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shk"; depth:4; endswith; nocase; http.host; content:"103.163.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805151/; classtype:trojan-activity;sid:83668251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.215.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805150/; classtype:trojan-activity;sid:83668250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.129.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805149/; classtype:trojan-activity;sid:83668249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.222.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805148/; classtype:trojan-activity;sid:83668248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.149.236.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805146/; classtype:trojan-activity;sid:83668246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.68.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805147/; classtype:trojan-activity;sid:83668247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.240.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805145/; classtype:trojan-activity;sid:83668245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.183.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805144/; classtype:trojan-activity;sid:83668244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.128.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805143/; classtype:trojan-activity;sid:83668243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.249.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805142/; classtype:trojan-activity;sid:83668242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.243.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805141/; classtype:trojan-activity;sid:83668241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.13.1.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805140/; classtype:trojan-activity;sid:83668240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s0704m/wininit.exe"; depth:19; endswith; nocase; http.host; content:"192.3.95.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805139/; classtype:trojan-activity;sid:83668239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.4.162.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805138/; classtype:trojan-activity;sid:83668238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.147.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805137/; classtype:trojan-activity;sid:83668237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.72.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805136/; classtype:trojan-activity;sid:83668236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.39.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805135/; classtype:trojan-activity;sid:83668235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.129.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805134/; classtype:trojan-activity;sid:83668234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.22.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805133/; classtype:trojan-activity;sid:83668233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.161.0.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805130/; classtype:trojan-activity;sid:83668230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805131/; classtype:trojan-activity;sid:83668231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.238.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805132/; classtype:trojan-activity;sid:83668232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805129/; classtype:trojan-activity;sid:83668229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.4.162.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805128/; classtype:trojan-activity;sid:83668228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.147.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805127/; classtype:trojan-activity;sid:83668227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.35.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805126/; classtype:trojan-activity;sid:83668226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.149.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805125/; classtype:trojan-activity;sid:83668225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.249.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805124/; classtype:trojan-activity;sid:83668224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.146.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805123/; classtype:trojan-activity;sid:83668223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.93.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805122/; classtype:trojan-activity;sid:83668222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.94.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805121/; classtype:trojan-activity;sid:83668221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.94.200.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805120/; classtype:trojan-activity;sid:83668220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.161.0.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805119/; classtype:trojan-activity;sid:83668219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.202.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805118/; classtype:trojan-activity;sid:83668218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805116/; classtype:trojan-activity;sid:83668216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.101.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805117/; classtype:trojan-activity;sid:83668217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.249.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805115/; classtype:trojan-activity;sid:83668215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.143.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805114/; classtype:trojan-activity;sid:83668214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.179.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805113/; classtype:trojan-activity;sid:83668213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.25.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805111/; classtype:trojan-activity;sid:83668211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.36.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805112/; classtype:trojan-activity;sid:83668212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.114.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805110/; classtype:trojan-activity;sid:83668210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.146.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805109/; classtype:trojan-activity;sid:83668209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.187.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805108/; classtype:trojan-activity;sid:83668208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.224.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805107/; classtype:trojan-activity;sid:83668207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.30.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805106/; classtype:trojan-activity;sid:83668206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805105/; classtype:trojan-activity;sid:83668205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.56.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805104/; classtype:trojan-activity;sid:83668204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.249.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805103/; classtype:trojan-activity;sid:83668203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805102/; classtype:trojan-activity;sid:83668202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.4.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805101/; classtype:trojan-activity;sid:83668201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.230.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805100/; classtype:trojan-activity;sid:83668200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.228.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805099/; classtype:trojan-activity;sid:83668199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.214.227.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805098/; classtype:trojan-activity;sid:83668198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.187.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805097/; classtype:trojan-activity;sid:83668197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.93.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805096/; classtype:trojan-activity;sid:83668196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.17.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805095/; classtype:trojan-activity;sid:83668195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.5.33.8"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805094/; classtype:trojan-activity;sid:83668194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.193.204.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805093/; classtype:trojan-activity;sid:83668193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.247.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805092/; classtype:trojan-activity;sid:83668192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.122.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805091/; classtype:trojan-activity;sid:83668191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.56.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805090/; classtype:trojan-activity;sid:83668190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.157.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805089/; classtype:trojan-activity;sid:83668189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.93.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805088/; classtype:trojan-activity;sid:83668188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.204.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805087/; classtype:trojan-activity;sid:83668187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.14.65"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805086/; classtype:trojan-activity;sid:83668186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.35.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805085/; classtype:trojan-activity;sid:83668185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.69.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805084/; classtype:trojan-activity;sid:83668184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xvyxplywp6vr"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805083/; classtype:trojan-activity;sid:83668183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.229.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805081/; classtype:trojan-activity;sid:83668181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.63.28.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805082/; classtype:trojan-activity;sid:83668182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.36.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805079/; classtype:trojan-activity;sid:83668179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.219.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805080/; classtype:trojan-activity;sid:83668180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805077/; classtype:trojan-activity;sid:83668177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.235.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805078/; classtype:trojan-activity;sid:83668178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.188.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805076/; classtype:trojan-activity;sid:83668176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.213.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805075/; classtype:trojan-activity;sid:83668175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.35.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805074/; classtype:trojan-activity;sid:83668174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.128.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805073/; classtype:trojan-activity;sid:83668173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.73.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805072/; classtype:trojan-activity;sid:83668172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.185.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805071/; classtype:trojan-activity;sid:83668171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.245.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805070/; classtype:trojan-activity;sid:83668170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.188.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805068/; classtype:trojan-activity;sid:83668168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.247.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805069/; classtype:trojan-activity;sid:83668169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.33.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805067/; classtype:trojan-activity;sid:83668167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ulwao.schedule.golfballnutz.com"; depth:31; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805066/; classtype:trojan-activity;sid:83668166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.32.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805065/; classtype:trojan-activity;sid:83668165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.21.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805064/; classtype:trojan-activity;sid:83668164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.230.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805063/; classtype:trojan-activity;sid:83668163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.7.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805062/; classtype:trojan-activity;sid:83668162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.19.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805061/; classtype:trojan-activity;sid:83668161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.128.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805060/; classtype:trojan-activity;sid:83668160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.213.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805059/; classtype:trojan-activity;sid:83668159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.35.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805058/; classtype:trojan-activity;sid:83668158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.202.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805057/; classtype:trojan-activity;sid:83668157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.109.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805055/; classtype:trojan-activity;sid:83668155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.80.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805056/; classtype:trojan-activity;sid:83668156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.213.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805054/; classtype:trojan-activity;sid:83668154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.38.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805053/; classtype:trojan-activity;sid:83668153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.236.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805052/; classtype:trojan-activity;sid:83668152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.245.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805051/; classtype:trojan-activity;sid:83668151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.132.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805050/; classtype:trojan-activity;sid:83668150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.32.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805049/; classtype:trojan-activity;sid:83668149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.21.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805048/; classtype:trojan-activity;sid:83668148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.188.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805047/; classtype:trojan-activity;sid:83668147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.230.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805046/; classtype:trojan-activity;sid:83668146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.213.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805045/; classtype:trojan-activity;sid:83668145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.157.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805044/; classtype:trojan-activity;sid:83668144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.24.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805043/; classtype:trojan-activity;sid:83668143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.7.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805042/; classtype:trojan-activity;sid:83668142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.191.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805041/; classtype:trojan-activity;sid:83668141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.236.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805040/; classtype:trojan-activity;sid:83668140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.175.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805039/; classtype:trojan-activity;sid:83668139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.101.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805038/; classtype:trojan-activity;sid:83668138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i/ps"; depth:5; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805035/; classtype:trojan-activity;sid:83668135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy/xmrig-proxy"; depth:18; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805036/; classtype:trojan-activity;sid:83668136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/network"; depth:10; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805037/; classtype:trojan-activity;sid:83668137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/cron"; depth:7; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805032/; classtype:trojan-activity;sid:83668132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/banner"; depth:17; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805033/; classtype:trojan-activity;sid:83668133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/s"; depth:4; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805034/; classtype:trojan-activity;sid:83668134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scandudu.tar"; depth:18; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805030/; classtype:trojan-activity;sid:83668130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/brute"; depth:16; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805031/; classtype:trojan-activity;sid:83668131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/sc.tar"; depth:12; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805029/; classtype:trojan-activity;sid:83668129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan2.tar"; depth:15; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805027/; classtype:trojan-activity;sid:83668127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/key"; depth:4; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805028/; classtype:trojan-activity;sid:83668128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scc.tar"; depth:13; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805026/; classtype:trojan-activity;sid:83668126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scannou.tar"; depth:17; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805024/; classtype:trojan-activity;sid:83668124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/masscan"; depth:18; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805025/; classtype:trojan-activity;sid:83668125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan.tar"; depth:14; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805023/; classtype:trojan-activity;sid:83668123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/pass"; depth:15; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805020/; classtype:trojan-activity;sid:83668120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/sis"; depth:14; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805021/; classtype:trojan-activity;sid:83668121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magic"; depth:6; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805022/; classtype:trojan-activity;sid:83668122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/scan/ports"; depth:16; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805019/; classtype:trojan-activity;sid:83668119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i/pass"; depth:7; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805018/; classtype:trojan-activity;sid:83668118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805017/; classtype:trojan-activity;sid:83668117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.111.31.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805016/; classtype:trojan-activity;sid:83668116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805015/; classtype:trojan-activity;sid:83668115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1234.exe"; depth:9; endswith; nocase; http.host; content:"88.218.61.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805014/; classtype:trojan-activity;sid:83668114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.189.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805013/; classtype:trojan-activity;sid:83668113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.73.209.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805012/; classtype:trojan-activity;sid:83668112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.145.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805011/; classtype:trojan-activity;sid:83668111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.171.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805010/; classtype:trojan-activity;sid:83668110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.165.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805009/; classtype:trojan-activity;sid:83668109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805008/; classtype:trojan-activity;sid:83668108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.185.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805007/; classtype:trojan-activity;sid:83668107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.175.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805006/; classtype:trojan-activity;sid:83668106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.145.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805005/; classtype:trojan-activity;sid:83668105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.15.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805004/; classtype:trojan-activity;sid:83668104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.32.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805003/; classtype:trojan-activity;sid:83668103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.239.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805002/; classtype:trojan-activity;sid:83668102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.88.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805000/; classtype:trojan-activity;sid:83668100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.190.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805001/; classtype:trojan-activity;sid:83668101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.171.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804999/; classtype:trojan-activity;sid:83668099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.179.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804998/; classtype:trojan-activity;sid:83668098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.152.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804997/; classtype:trojan-activity;sid:83668097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.190.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804996/; classtype:trojan-activity;sid:83668096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.15.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804995/; classtype:trojan-activity;sid:83668095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.49.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804994/; classtype:trojan-activity;sid:83668094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804993/; classtype:trojan-activity;sid:83668093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.223.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804991/; classtype:trojan-activity;sid:83668091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.190.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804992/; classtype:trojan-activity;sid:83668092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.38.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804990/; classtype:trojan-activity;sid:83668090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.101.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804989/; classtype:trojan-activity;sid:83668089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.29.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804988/; classtype:trojan-activity;sid:83668088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.221.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804987/; classtype:trojan-activity;sid:83668087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.215.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804986/; classtype:trojan-activity;sid:83668086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.179.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804985/; classtype:trojan-activity;sid:83668085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"94.156.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804984/; classtype:trojan-activity;sid:83668084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804983/; classtype:trojan-activity;sid:83668083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804977/; classtype:trojan-activity;sid:83668077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804978/; classtype:trojan-activity;sid:83668078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804979/; classtype:trojan-activity;sid:83668079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804980/; classtype:trojan-activity;sid:83668080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804981/; classtype:trojan-activity;sid:83668081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"92.249.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804982/; classtype:trojan-activity;sid:83668082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804976/; classtype:trojan-activity;sid:83668076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.173.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804975/; classtype:trojan-activity;sid:83668075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.225.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804974/; classtype:trojan-activity;sid:83668074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logo4.jpg"; depth:10; endswith; nocase; http.host; content:"a0940704.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804973/; classtype:trojan-activity;sid:83668073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.214.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804972/; classtype:trojan-activity;sid:83668072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.96.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804971/; classtype:trojan-activity;sid:83668071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.93.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804970/; classtype:trojan-activity;sid:83668070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"94.196.152.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804969/; classtype:trojan-activity;sid:83668069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.32.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804968/; classtype:trojan-activity;sid:83668068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.8.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804966/; classtype:trojan-activity;sid:83668066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.226.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804967/; classtype:trojan-activity;sid:83668067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.186.56.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804965/; classtype:trojan-activity;sid:83668065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.215.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804964/; classtype:trojan-activity;sid:83668064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.27.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804963/; classtype:trojan-activity;sid:83668063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidnr.arm5"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804958/; classtype:trojan-activity;sid:83668058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidnr.arm6"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804959/; classtype:trojan-activity;sid:83668059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidnr.arm"; depth:11; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804960/; classtype:trojan-activity;sid:83668060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804961/; classtype:trojan-activity;sid:83668061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidnr.mips"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804962/; classtype:trojan-activity;sid:83668062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804952/; classtype:trojan-activity;sid:83668052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804953/; classtype:trojan-activity;sid:83668053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804954/; classtype:trojan-activity;sid:83668054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidnr.mpsl"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804955/; classtype:trojan-activity;sid:83668055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidnr.arm7"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804956/; classtype:trojan-activity;sid:83668056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804957/; classtype:trojan-activity;sid:83668057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s"; depth:2; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804951/; classtype:trojan-activity;sid:83668051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.154.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804950/; classtype:trojan-activity;sid:83668050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.39.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804948/; classtype:trojan-activity;sid:83668048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.3.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804949/; classtype:trojan-activity;sid:83668049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804942/; classtype:trojan-activity;sid:83668042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804943/; classtype:trojan-activity;sid:83668043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804944/; classtype:trojan-activity;sid:83668044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faith.mips"; depth:11; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804945/; classtype:trojan-activity;sid:83668045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804946/; classtype:trojan-activity;sid:83668046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.mips"; depth:13; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804947/; classtype:trojan-activity;sid:83668047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804938/; classtype:trojan-activity;sid:83668038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804939/; classtype:trojan-activity;sid:83668039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804940/; classtype:trojan-activity;sid:83668040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804941/; classtype:trojan-activity;sid:83668041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.arm5"; depth:13; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804937/; classtype:trojan-activity;sid:83668037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.arm7"; depth:13; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804932/; classtype:trojan-activity;sid:83668032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nigger"; depth:7; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804933/; classtype:trojan-activity;sid:83668033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804934/; classtype:trojan-activity;sid:83668034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.arm"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804935/; classtype:trojan-activity;sid:83668035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804936/; classtype:trojan-activity;sid:83668036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.mpsl"; depth:13; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804925/; classtype:trojan-activity;sid:83668025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.sh4"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804926/; classtype:trojan-activity;sid:83668026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804927/; classtype:trojan-activity;sid:83668027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804928/; classtype:trojan-activity;sid:83668028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804929/; classtype:trojan-activity;sid:83668029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804930/; classtype:trojan-activity;sid:83668030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.ppc"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804931/; classtype:trojan-activity;sid:83668031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804920/; classtype:trojan-activity;sid:83668020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804921/; classtype:trojan-activity;sid:83668021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804922/; classtype:trojan-activity;sid:83668022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804923/; classtype:trojan-activity;sid:83668023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804924/; classtype:trojan-activity;sid:83668024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.arm6"; depth:13; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804919/; classtype:trojan-activity;sid:83668019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804914/; classtype:trojan-activity;sid:83668014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804915/; classtype:trojan-activity;sid:83668015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.m68k"; depth:13; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804916/; classtype:trojan-activity;sid:83668016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804917/; classtype:trojan-activity;sid:83668017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804918/; classtype:trojan-activity;sid:83668018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxypoo.x86"; depth:12; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804911/; classtype:trojan-activity;sid:83668011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804912/; classtype:trojan-activity;sid:83668012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"141.98.10.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804913/; classtype:trojan-activity;sid:83668013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.236.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804910/; classtype:trojan-activity;sid:83668010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.190.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804909/; classtype:trojan-activity;sid:83668009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804908/; classtype:trojan-activity;sid:83668008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.211.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804907/; classtype:trojan-activity;sid:83668007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.93.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804906/; classtype:trojan-activity;sid:83668006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.200.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804905/; classtype:trojan-activity;sid:83668005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.58.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804904/; classtype:trojan-activity;sid:83668004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.162.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804903/; classtype:trojan-activity;sid:83668003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.174.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804901/; classtype:trojan-activity;sid:83668001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.69.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804902/; classtype:trojan-activity;sid:83668002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804900/; classtype:trojan-activity;sid:83668000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.118.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804899/; classtype:trojan-activity;sid:83667999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.35.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804898/; classtype:trojan-activity;sid:83667998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.248.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804895/; classtype:trojan-activity;sid:83667995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.7.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804896/; classtype:trojan-activity;sid:83667996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804897/; classtype:trojan-activity;sid:83667997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.77.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804894/; classtype:trojan-activity;sid:83667994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804893/; classtype:trojan-activity;sid:83667993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.200.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804892/; classtype:trojan-activity;sid:83667992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.211.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804891/; classtype:trojan-activity;sid:83667991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/586"; depth:4; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804889/; classtype:trojan-activity;sid:83667989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dss"; depth:4; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804890/; classtype:trojan-activity;sid:83667990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc"; depth:3; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804879/; classtype:trojan-activity;sid:83667979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804880/; classtype:trojan-activity;sid:83667980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804881/; classtype:trojan-activity;sid:83667981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804882/; classtype:trojan-activity;sid:83667982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804883/; classtype:trojan-activity;sid:83667983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804884/; classtype:trojan-activity;sid:83667984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804885/; classtype:trojan-activity;sid:83667985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804886/; classtype:trojan-activity;sid:83667986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co"; depth:3; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804887/; classtype:trojan-activity;sid:83667987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm61"; depth:6; endswith; nocase; http.host; content:"62.171.162.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804888/; classtype:trojan-activity;sid:83667988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.58.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804878/; classtype:trojan-activity;sid:83667978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804877/; classtype:trojan-activity;sid:83667977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804868/; classtype:trojan-activity;sid:83667968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804869/; classtype:trojan-activity;sid:83667969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804870/; classtype:trojan-activity;sid:83667970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc-440fp"; depth:15; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804871/; classtype:trojan-activity;sid:83667971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x64"; depth:9; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804872/; classtype:trojan-activity;sid:83667972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804873/; classtype:trojan-activity;sid:83667973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804874/; classtype:trojan-activity;sid:83667974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804875/; classtype:trojan-activity;sid:83667975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i586"; depth:10; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804876/; classtype:trojan-activity;sid:83667976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804867/; classtype:trojan-activity;sid:83667967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804866/; classtype:trojan-activity;sid:83667966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804864/; classtype:trojan-activity;sid:83667964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"elrn.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804865/; classtype:trojan-activity;sid:83667965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804863/; classtype:trojan-activity;sid:83667963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804856/; classtype:trojan-activity;sid:83667956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc-440fp"; depth:15; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804857/; classtype:trojan-activity;sid:83667957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804858/; classtype:trojan-activity;sid:83667958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804859/; classtype:trojan-activity;sid:83667959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804860/; classtype:trojan-activity;sid:83667960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804861/; classtype:trojan-activity;sid:83667961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804862/; classtype:trojan-activity;sid:83667962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x64"; depth:9; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804850/; classtype:trojan-activity;sid:83667950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804851/; classtype:trojan-activity;sid:83667951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804852/; classtype:trojan-activity;sid:83667952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i586"; depth:10; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804853/; classtype:trojan-activity;sid:83667953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804854/; classtype:trojan-activity;sid:83667954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"45.178.6.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804855/; classtype:trojan-activity;sid:83667955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.41.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804849/; classtype:trojan-activity;sid:83667949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.89.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804848/; classtype:trojan-activity;sid:83667948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.69.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804847/; classtype:trojan-activity;sid:83667947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804846/; classtype:trojan-activity;sid:83667946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.140.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804845/; classtype:trojan-activity;sid:83667945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.103.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804844/; classtype:trojan-activity;sid:83667944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.174.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804843/; classtype:trojan-activity;sid:83667943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.235.175.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804842/; classtype:trojan-activity;sid:83667942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.58.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804841/; classtype:trojan-activity;sid:83667941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.77.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804840/; classtype:trojan-activity;sid:83667940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.147.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804839/; classtype:trojan-activity;sid:83667939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.32.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804838/; classtype:trojan-activity;sid:83667938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.76.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804837/; classtype:trojan-activity;sid:83667937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.79.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804836/; classtype:trojan-activity;sid:83667936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.58.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804835/; classtype:trojan-activity;sid:83667935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.102.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804834/; classtype:trojan-activity;sid:83667934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.58.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804833/; classtype:trojan-activity;sid:83667933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.122.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804832/; classtype:trojan-activity;sid:83667932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.41.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804831/; classtype:trojan-activity;sid:83667931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.55.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804830/; classtype:trojan-activity;sid:83667930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.41.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804828/; classtype:trojan-activity;sid:83667928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.8.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804829/; classtype:trojan-activity;sid:83667929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.98.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804827/; classtype:trojan-activity;sid:83667927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804826/; classtype:trojan-activity;sid:83667926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.217.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804825/; classtype:trojan-activity;sid:83667925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.x86"; depth:15; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804818/; classtype:trojan-activity;sid:83667918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.ppc"; depth:15; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804819/; classtype:trojan-activity;sid:83667919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mpsl"; depth:16; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804820/; classtype:trojan-activity;sid:83667920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mips"; depth:16; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804821/; classtype:trojan-activity;sid:83667921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm6"; depth:16; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804822/; classtype:trojan-activity;sid:83667922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm7"; depth:16; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804823/; classtype:trojan-activity;sid:83667923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm4"; depth:16; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804824/; classtype:trojan-activity;sid:83667924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm5"; depth:16; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804816/; classtype:trojan-activity;sid:83667916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sparc"; depth:17; endswith; nocase; http.host; content:"5.252.177.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804817/; classtype:trojan-activity;sid:83667917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2"; depth:57; endswith; nocase; http.host; content:"uclibc.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804815/; classtype:trojan-activity;sid:83667915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-x86_64.tar.bz2"; depth:58; endswith; nocase; http.host; content:"uclibc.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804812/; classtype:trojan-activity;sid:83667912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2"; depth:55; endswith; nocase; http.host; content:"uclibc.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804813/; classtype:trojan-activity;sid:83667913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2"; depth:56; endswith; nocase; http.host; content:"uclibc.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804814/; classtype:trojan-activity;sid:83667914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-i686.tar.bz2"; depth:56; endswith; nocase; http.host; content:"uclibc.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804811/; classtype:trojan-activity;sid:83667911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2"; depth:58; endswith; nocase; http.host; content:"uclibc.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804810/; classtype:trojan-activity;sid:83667910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2"; depth:56; endswith; nocase; http.host; content:"uclibc.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804809/; classtype:trojan-activity;sid:83667909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2"; depth:59; endswith; nocase; http.host; content:"uclibc.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804808/; classtype:trojan-activity;sid:83667908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nut"; depth:4; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804807/; classtype:trojan-activity;sid:83667907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; depth:56; endswith; nocase; http.host; content:"distro.ibiblio.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.206.62.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804804/; classtype:trojan-activity;sid:83667904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.90.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804805/; classtype:trojan-activity;sid:83667905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.22.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804803/; classtype:trojan-activity;sid:83667903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804802/; classtype:trojan-activity;sid:83667902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.arm7"; depth:26; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804799/; classtype:trojan-activity;sid:83667899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.sh4"; depth:25; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804800/; classtype:trojan-activity;sid:83667900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.x86"; depth:14; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804801/; classtype:trojan-activity;sid:83667901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.206.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804798/; classtype:trojan-activity;sid:83667898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.sh4"; depth:14; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804796/; classtype:trojan-activity;sid:83667896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imortality"; depth:11; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804797/; classtype:trojan-activity;sid:83667897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.m68k"; depth:15; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804794/; classtype:trojan-activity;sid:83667894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/watchdog"; depth:13; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804795/; classtype:trojan-activity;sid:83667895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm5"; depth:15; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804788/; classtype:trojan-activity;sid:83667888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.spc"; depth:25; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804789/; classtype:trojan-activity;sid:83667889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.x86"; depth:25; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804790/; classtype:trojan-activity;sid:83667890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm6l"; depth:16; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804791/; classtype:trojan-activity;sid:83667891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/big_bots"; depth:9; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804792/; classtype:trojan-activity;sid:83667892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.arm6"; depth:26; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804793/; classtype:trojan-activity;sid:83667893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm6"; depth:15; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804780/; classtype:trojan-activity;sid:83667880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm"; depth:14; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804781/; classtype:trojan-activity;sid:83667881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.spc"; depth:14; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804782/; classtype:trojan-activity;sid:83667882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.m68k"; depth:26; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804783/; classtype:trojan-activity;sid:83667883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.mips"; depth:15; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804784/; classtype:trojan-activity;sid:83667884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.mips"; depth:26; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804785/; classtype:trojan-activity;sid:83667885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.arm5"; depth:26; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804786/; classtype:trojan-activity;sid:83667886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.arm"; depth:25; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804787/; classtype:trojan-activity;sid:83667887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804776/; classtype:trojan-activity;sid:83667876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.mpsl"; depth:15; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804777/; classtype:trojan-activity;sid:83667877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.mpsl"; depth:26; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804778/; classtype:trojan-activity;sid:83667878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/skid.arm7"; depth:15; endswith; nocase; http.host; content:"193.233.132.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804779/; classtype:trojan-activity;sid:83667879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.77.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804775/; classtype:trojan-activity;sid:83667875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.16.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804774/; classtype:trojan-activity;sid:83667874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.253.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804773/; classtype:trojan-activity;sid:83667873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804772/; classtype:trojan-activity;sid:83667872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbotx86"; depth:8; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804767/; classtype:trojan-activity;sid:83667867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbotsh4"; depth:8; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804768/; classtype:trojan-activity;sid:83667868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbot-build.sh"; depth:14; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804769/; classtype:trojan-activity;sid:83667869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zboti686"; depth:9; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804770/; classtype:trojan-activity;sid:83667870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbotmips"; depth:9; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804771/; classtype:trojan-activity;sid:83667871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.163.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804762/; classtype:trojan-activity;sid:83667862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.150.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804763/; classtype:trojan-activity;sid:83667863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zboti586"; depth:9; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804764/; classtype:trojan-activity;sid:83667864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbotarmv6"; depth:10; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804765/; classtype:trojan-activity;sid:83667865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbotmipsel"; depth:11; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804766/; classtype:trojan-activity;sid:83667866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbot.sh"; depth:8; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804760/; classtype:trojan-activity;sid:83667860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbot-setup.py"; depth:14; endswith; nocase; http.host; content:"137.184.244.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804761/; classtype:trojan-activity;sid:83667861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.54.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804759/; classtype:trojan-activity;sid:83667859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.104.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804758/; classtype:trojan-activity;sid:83667858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.45.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804757/; classtype:trojan-activity;sid:83667857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804756/; classtype:trojan-activity;sid:83667856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm7"; depth:13; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804750/; classtype:trojan-activity;sid:83667850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm"; depth:11; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804751/; classtype:trojan-activity;sid:83667851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm5"; depth:12; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804752/; classtype:trojan-activity;sid:83667852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86_64"; depth:15; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804753/; classtype:trojan-activity;sid:83667853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86"; depth:12; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804754/; classtype:trojan-activity;sid:83667854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mips"; depth:13; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804755/; classtype:trojan-activity;sid:83667855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm6"; depth:13; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804747/; classtype:trojan-activity;sid:83667847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm5"; depth:13; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804748/; classtype:trojan-activity;sid:83667848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm"; depth:12; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804749/; classtype:trojan-activity;sid:83667849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm7"; depth:12; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804744/; classtype:trojan-activity;sid:83667844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.m68k"; depth:13; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804745/; classtype:trojan-activity;sid:83667845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.sh4"; depth:12; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804746/; classtype:trojan-activity;sid:83667846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.m68k"; depth:12; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804741/; classtype:trojan-activity;sid:83667841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mpsl"; depth:13; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804742/; classtype:trojan-activity;sid:83667842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.ppc"; depth:12; endswith; nocase; http.host; content:"bot.ddosvps.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804743/; classtype:trojan-activity;sid:83667843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.ppc"; depth:11; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804734/; classtype:trojan-activity;sid:83667834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.spc"; depth:11; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804735/; classtype:trojan-activity;sid:83667835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.mpsl"; depth:12; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804736/; classtype:trojan-activity;sid:83667836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.sh4"; depth:11; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804737/; classtype:trojan-activity;sid:83667837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm6"; depth:12; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804738/; classtype:trojan-activity;sid:83667838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.x86"; depth:11; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804739/; classtype:trojan-activity;sid:83667839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.mips"; depth:12; endswith; nocase; http.host; content:"packetinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804740/; classtype:trojan-activity;sid:83667840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.66.252"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804733/; classtype:trojan-activity;sid:83667833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.137.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804732/; classtype:trojan-activity;sid:83667832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.143.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804731/; classtype:trojan-activity;sid:83667831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.236.185.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804730/; classtype:trojan-activity;sid:83667830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804726/; classtype:trojan-activity;sid:83667826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804727/; classtype:trojan-activity;sid:83667827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804728/; classtype:trojan-activity;sid:83667828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.83.54.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804729/; classtype:trojan-activity;sid:83667829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804723/; classtype:trojan-activity;sid:83667823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804724/; classtype:trojan-activity;sid:83667824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804725/; classtype:trojan-activity;sid:83667825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804718/; classtype:trojan-activity;sid:83667818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804719/; classtype:trojan-activity;sid:83667819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804720/; classtype:trojan-activity;sid:83667820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804721/; classtype:trojan-activity;sid:83667821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"wcjwcj.lol"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804722/; classtype:trojan-activity;sid:83667822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804717/; classtype:trojan-activity;sid:83667817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.77.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804716/; classtype:trojan-activity;sid:83667816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.160.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804715/; classtype:trojan-activity;sid:83667815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.104.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804714/; classtype:trojan-activity;sid:83667814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.61.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804713/; classtype:trojan-activity;sid:83667813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ltn"; depth:4; endswith; nocase; http.host; content:"103.188.244.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804711/; classtype:trojan-activity;sid:83667811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.54.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804712/; classtype:trojan-activity;sid:83667812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.48.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804710/; classtype:trojan-activity;sid:83667810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804709/; classtype:trojan-activity;sid:83667809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.6.88.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804708/; classtype:trojan-activity;sid:83667808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.52.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804707/; classtype:trojan-activity;sid:83667807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804705/; classtype:trojan-activity;sid:83667805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.166.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804706/; classtype:trojan-activity;sid:83667806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.150.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804703/; classtype:trojan-activity;sid:83667803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.232.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804704/; classtype:trojan-activity;sid:83667804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.172.68.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804702/; classtype:trojan-activity;sid:83667802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isetup8.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804701/; classtype:trojan-activity;sid:83667801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.160.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804700/; classtype:trojan-activity;sid:83667800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.178.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804699/; classtype:trojan-activity;sid:83667799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.61.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804698/; classtype:trojan-activity;sid:83667798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.178.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804697/; classtype:trojan-activity;sid:83667797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.9.198.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804696/; classtype:trojan-activity;sid:83667796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804695/; classtype:trojan-activity;sid:83667795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.150.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804694/; classtype:trojan-activity;sid:83667794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.207.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804693/; classtype:trojan-activity;sid:83667793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.48.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804692/; classtype:trojan-activity;sid:83667792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.162.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804691/; classtype:trojan-activity;sid:83667791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.169.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804690/; classtype:trojan-activity;sid:83667790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.24.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804689/; classtype:trojan-activity;sid:83667789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.120.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804687/; classtype:trojan-activity;sid:83667787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.81.21.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804688/; classtype:trojan-activity;sid:83667788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.249.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804686/; classtype:trojan-activity;sid:83667786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.203.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804684/; classtype:trojan-activity;sid:83667784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804685/; classtype:trojan-activity;sid:83667785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.124.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804683/; classtype:trojan-activity;sid:83667783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.34.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804682/; classtype:trojan-activity;sid:83667782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804681/; classtype:trojan-activity;sid:83667781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.192.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804680/; classtype:trojan-activity;sid:83667780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.164.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804679/; classtype:trojan-activity;sid:83667779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.38.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804678/; classtype:trojan-activity;sid:83667778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.10.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804677/; classtype:trojan-activity;sid:83667777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.119.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804676/; classtype:trojan-activity;sid:83667776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.38.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804675/; classtype:trojan-activity;sid:83667775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.141.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804674/; classtype:trojan-activity;sid:83667774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.71.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804673/; classtype:trojan-activity;sid:83667773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.208.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804672/; classtype:trojan-activity;sid:83667772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.101.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804671/; classtype:trojan-activity;sid:83667771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.49.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804670/; classtype:trojan-activity;sid:83667770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.27.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804669/; classtype:trojan-activity;sid:83667769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804668/; classtype:trojan-activity;sid:83667768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.169.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804667/; classtype:trojan-activity;sid:83667767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.231.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804666/; classtype:trojan-activity;sid:83667766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.x86_64"; depth:12; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804664/; classtype:trojan-activity;sid:83667764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.x86_64"; depth:12; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804665/; classtype:trojan-activity;sid:83667765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.i686"; depth:10; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804662/; classtype:trojan-activity;sid:83667762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mips"; depth:10; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804663/; classtype:trojan-activity;sid:83667763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.i686"; depth:10; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804661/; classtype:trojan-activity;sid:83667761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mips"; depth:10; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804660/; classtype:trojan-activity;sid:83667760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.arm"; depth:9; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804658/; classtype:trojan-activity;sid:83667758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.arm"; depth:9; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804659/; classtype:trojan-activity;sid:83667759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.i386"; depth:10; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804653/; classtype:trojan-activity;sid:83667753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mips64el"; depth:14; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804654/; classtype:trojan-activity;sid:83667754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.aarch64"; depth:13; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804655/; classtype:trojan-activity;sid:83667755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.i386"; depth:10; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804656/; classtype:trojan-activity;sid:83667756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mips64"; depth:12; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804657/; classtype:trojan-activity;sid:83667757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mips64"; depth:12; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804651/; classtype:trojan-activity;sid:83667751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.aarch64"; depth:13; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804652/; classtype:trojan-activity;sid:83667752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mipsel"; depth:12; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804648/; classtype:trojan-activity;sid:83667748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mips64el"; depth:14; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804649/; classtype:trojan-activity;sid:83667749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mipsel"; depth:12; endswith; nocase; http.host; content:"ktlvz.dnsfailover.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804650/; classtype:trojan-activity;sid:83667750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.mips"; depth:13; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804646/; classtype:trojan-activity;sid:83667746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm6"; depth:13; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804647/; classtype:trojan-activity;sid:83667747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm5"; depth:13; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804642/; classtype:trojan-activity;sid:83667742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.x86"; depth:12; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804643/; classtype:trojan-activity;sid:83667743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm4"; depth:13; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804644/; classtype:trojan-activity;sid:83667744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm7"; depth:13; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804645/; classtype:trojan-activity;sid:83667745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.178.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804641/; classtype:trojan-activity;sid:83667741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.10.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804640/; classtype:trojan-activity;sid:83667740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.30.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804639/; classtype:trojan-activity;sid:83667739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.116.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804638/; classtype:trojan-activity;sid:83667738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.10.227"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804637/; classtype:trojan-activity;sid:83667737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.38.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804636/; classtype:trojan-activity;sid:83667736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.210.180.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804635/; classtype:trojan-activity;sid:83667735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.158.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804634/; classtype:trojan-activity;sid:83667734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.186.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804633/; classtype:trojan-activity;sid:83667733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.133.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804632/; classtype:trojan-activity;sid:83667732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.214.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804631/; classtype:trojan-activity;sid:83667731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.103.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804630/; classtype:trojan-activity;sid:83667730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.150.254.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804629/; classtype:trojan-activity;sid:83667729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.33.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804627/; classtype:trojan-activity;sid:83667727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.39.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804628/; classtype:trojan-activity;sid:83667728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.213.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804626/; classtype:trojan-activity;sid:83667726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.178.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804625/; classtype:trojan-activity;sid:83667725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.195.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804624/; classtype:trojan-activity;sid:83667724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.56.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804623/; classtype:trojan-activity;sid:83667723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.66.168.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804622/; classtype:trojan-activity;sid:83667722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.149.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804621/; classtype:trojan-activity;sid:83667721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"217.210.180.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804620/; classtype:trojan-activity;sid:83667720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.158.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804619/; classtype:trojan-activity;sid:83667719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.7.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804618/; classtype:trojan-activity;sid:83667718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.133.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804617/; classtype:trojan-activity;sid:83667717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.236.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804616/; classtype:trojan-activity;sid:83667716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.134.183.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804615/; classtype:trojan-activity;sid:83667715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.76.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804614/; classtype:trojan-activity;sid:83667714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.213.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804613/; classtype:trojan-activity;sid:83667713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.19.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804612/; classtype:trojan-activity;sid:83667712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.27.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804611/; classtype:trojan-activity;sid:83667711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.103.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804610/; classtype:trojan-activity;sid:83667710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.210.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804609/; classtype:trojan-activity;sid:83667709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.195.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804608/; classtype:trojan-activity;sid:83667708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/horvest0504.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804605/; classtype:trojan-activity;sid:83667705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test2.exe"; depth:10; endswith; nocase; http.host; content:"88.218.61.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804606/; classtype:trojan-activity;sid:83667706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1111.exe"; depth:9; endswith; nocase; http.host; content:"88.218.61.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804607/; classtype:trojan-activity;sid:83667707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.59.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804604/; classtype:trojan-activity;sid:83667704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isetup2.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804603/; classtype:trojan-activity;sid:83667703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.43.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804602/; classtype:trojan-activity;sid:83667702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.173.110.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804601/; classtype:trojan-activity;sid:83667701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.40.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804600/; classtype:trojan-activity;sid:83667700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.7.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804599/; classtype:trojan-activity;sid:83667699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.219.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804598/; classtype:trojan-activity;sid:83667698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.236.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804597/; classtype:trojan-activity;sid:83667697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.10.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804596/; classtype:trojan-activity;sid:83667696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.1.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804595/; classtype:trojan-activity;sid:83667695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.22.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804594/; classtype:trojan-activity;sid:83667694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.212.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804593/; classtype:trojan-activity;sid:83667693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.237.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804592/; classtype:trojan-activity;sid:83667692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.59.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804591/; classtype:trojan-activity;sid:83667691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.10.176.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804590/; classtype:trojan-activity;sid:83667690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.176.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804589/; classtype:trojan-activity;sid:83667689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.111.31.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804588/; classtype:trojan-activity;sid:83667688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.132.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804587/; classtype:trojan-activity;sid:83667687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.10.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804586/; classtype:trojan-activity;sid:83667686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804585/; classtype:trojan-activity;sid:83667685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.55.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804584/; classtype:trojan-activity;sid:83667684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.149.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804583/; classtype:trojan-activity;sid:83667683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.162"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804582/; classtype:trojan-activity;sid:83667682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.213.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804581/; classtype:trojan-activity;sid:83667681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.229.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804580/; classtype:trojan-activity;sid:83667680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.219.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804579/; classtype:trojan-activity;sid:83667679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/5d2a75/tester.exe"; depth:20; endswith; nocase; http.host; content:"file-drop.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804578/; classtype:trojan-activity;sid:83667678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.10.176.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804577/; classtype:trojan-activity;sid:83667677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.45.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804576/; classtype:trojan-activity;sid:83667676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.58.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804575/; classtype:trojan-activity;sid:83667675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.212.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804574/; classtype:trojan-activity;sid:83667674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/24e534/svchost.exe"; depth:21; endswith; nocase; http.host; content:"file-drop.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804573/; classtype:trojan-activity;sid:83667673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.243.54.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804572/; classtype:trojan-activity;sid:83667672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"62.20.192.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804571/; classtype:trojan-activity;sid:83667671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.53.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804570/; classtype:trojan-activity;sid:83667670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.249.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804569/; classtype:trojan-activity;sid:83667669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.3.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804568/; classtype:trojan-activity;sid:83667668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804567/; classtype:trojan-activity;sid:83667667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.71.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804566/; classtype:trojan-activity;sid:83667666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.27.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804565/; classtype:trojan-activity;sid:83667665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804564/; classtype:trojan-activity;sid:83667664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.132.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804563/; classtype:trojan-activity;sid:83667663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.53.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804562/; classtype:trojan-activity;sid:83667662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.213.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804561/; classtype:trojan-activity;sid:83667661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.58.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804560/; classtype:trojan-activity;sid:83667660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804558/; classtype:trojan-activity;sid:83667658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.223.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804559/; classtype:trojan-activity;sid:83667659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.48.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804557/; classtype:trojan-activity;sid:83667657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804556/; classtype:trojan-activity;sid:83667656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.134.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804555/; classtype:trojan-activity;sid:83667655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804554/; classtype:trojan-activity;sid:83667654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.130.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804551/; classtype:trojan-activity;sid:83667651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.15.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804552/; classtype:trojan-activity;sid:83667652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.231.195.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804553/; classtype:trojan-activity;sid:83667653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.168.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804550/; classtype:trojan-activity;sid:83667650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.3.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804549/; classtype:trojan-activity;sid:83667649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804548/; classtype:trojan-activity;sid:83667648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.53.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804547/; classtype:trojan-activity;sid:83667647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.47.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804546/; classtype:trojan-activity;sid:83667646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.111.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804544/; classtype:trojan-activity;sid:83667644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.167.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804545/; classtype:trojan-activity;sid:83667645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.100.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804543/; classtype:trojan-activity;sid:83667643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.78.39.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804542/; classtype:trojan-activity;sid:83667642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.48.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804541/; classtype:trojan-activity;sid:83667641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.102.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804540/; classtype:trojan-activity;sid:83667640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.20.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804539/; classtype:trojan-activity;sid:83667639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.100.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804535/; classtype:trojan-activity;sid:83667635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.180.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804536/; classtype:trojan-activity;sid:83667636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.179.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804537/; classtype:trojan-activity;sid:83667637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.99.222.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804538/; classtype:trojan-activity;sid:83667638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.214.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804534/; classtype:trojan-activity;sid:83667634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.4.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804533/; classtype:trojan-activity;sid:83667633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.144.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804532/; classtype:trojan-activity;sid:83667632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.41.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804531/; classtype:trojan-activity;sid:83667631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.41.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804530/; classtype:trojan-activity;sid:83667630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.36.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804529/; classtype:trojan-activity;sid:83667629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.228.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804528/; classtype:trojan-activity;sid:83667628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.168.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804527/; classtype:trojan-activity;sid:83667627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.47.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804525/; classtype:trojan-activity;sid:83667625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.52.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804526/; classtype:trojan-activity;sid:83667626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804524/; classtype:trojan-activity;sid:83667624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.180.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804523/; classtype:trojan-activity;sid:83667623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.145.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804522/; classtype:trojan-activity;sid:83667622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.15.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804521/; classtype:trojan-activity;sid:83667621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.144.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804520/; classtype:trojan-activity;sid:83667620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.41.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804519/; classtype:trojan-activity;sid:83667619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804518/; classtype:trojan-activity;sid:83667618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.169.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804517/; classtype:trojan-activity;sid:83667617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.4.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804516/; classtype:trojan-activity;sid:83667616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.45.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804514/; classtype:trojan-activity;sid:83667614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.133.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804515/; classtype:trojan-activity;sid:83667615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.255.20.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804513/; classtype:trojan-activity;sid:83667613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.78.39.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804512/; classtype:trojan-activity;sid:83667612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804511/; classtype:trojan-activity;sid:83667611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.195.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804510/; classtype:trojan-activity;sid:83667610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.205.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804509/; classtype:trojan-activity;sid:83667609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.104.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804508/; classtype:trojan-activity;sid:83667608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.102.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804507/; classtype:trojan-activity;sid:83667607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.99.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804506/; classtype:trojan-activity;sid:83667606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.83.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804505/; classtype:trojan-activity;sid:83667605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.186.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804504/; classtype:trojan-activity;sid:83667604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.160.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804503/; classtype:trojan-activity;sid:83667603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.184.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804501/; classtype:trojan-activity;sid:83667601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.214.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804502/; classtype:trojan-activity;sid:83667602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.236.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804500/; classtype:trojan-activity;sid:83667600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.31.247.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804496/; classtype:trojan-activity;sid:83667596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.176.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804497/; classtype:trojan-activity;sid:83667597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.106.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804498/; classtype:trojan-activity;sid:83667598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.52.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804499/; classtype:trojan-activity;sid:83667599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.173.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804495/; classtype:trojan-activity;sid:83667595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.145.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804494/; classtype:trojan-activity;sid:83667594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.123.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804493/; classtype:trojan-activity;sid:83667593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.173.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804492/; classtype:trojan-activity;sid:83667592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804491/; classtype:trojan-activity;sid:83667591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.1.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804490/; classtype:trojan-activity;sid:83667590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.105.194.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804489/; classtype:trojan-activity;sid:83667589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.155.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804488/; classtype:trojan-activity;sid:83667588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.39.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804487/; classtype:trojan-activity;sid:83667587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.247.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804485/; classtype:trojan-activity;sid:83667585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.184.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804486/; classtype:trojan-activity;sid:83667586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.228.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804484/; classtype:trojan-activity;sid:83667584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.238.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804483/; classtype:trojan-activity;sid:83667583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.128.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804482/; classtype:trojan-activity;sid:83667582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.253.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804481/; classtype:trojan-activity;sid:83667581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.94.171.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804480/; classtype:trojan-activity;sid:83667580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.148.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804479/; classtype:trojan-activity;sid:83667579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.69.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804478/; classtype:trojan-activity;sid:83667578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.123.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804477/; classtype:trojan-activity;sid:83667577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804476/; classtype:trojan-activity;sid:83667576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.185.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804475/; classtype:trojan-activity;sid:83667575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.155.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804474/; classtype:trojan-activity;sid:83667574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804473/; classtype:trojan-activity;sid:83667573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.238.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804472/; classtype:trojan-activity;sid:83667572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.22.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804471/; classtype:trojan-activity;sid:83667571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804470/; classtype:trojan-activity;sid:83667570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.2.13"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804467/; classtype:trojan-activity;sid:83667567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.106.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804468/; classtype:trojan-activity;sid:83667568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.91.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804469/; classtype:trojan-activity;sid:83667569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.17.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804466/; classtype:trojan-activity;sid:83667566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.19.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804465/; classtype:trojan-activity;sid:83667565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.32.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804464/; classtype:trojan-activity;sid:83667564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.185.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804462/; classtype:trojan-activity;sid:83667562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.93.185.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804463/; classtype:trojan-activity;sid:83667563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.13.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804460/; classtype:trojan-activity;sid:83667560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804461/; classtype:trojan-activity;sid:83667561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804459/; classtype:trojan-activity;sid:83667559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.103.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804458/; classtype:trojan-activity;sid:83667558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.95.130.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804457/; classtype:trojan-activity;sid:83667557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.119.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804456/; classtype:trojan-activity;sid:83667556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.214.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804455/; classtype:trojan-activity;sid:83667555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.22.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804454/; classtype:trojan-activity;sid:83667554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.27.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804453/; classtype:trojan-activity;sid:83667553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.101.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804452/; classtype:trojan-activity;sid:83667552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.212.203.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804451/; classtype:trojan-activity;sid:83667551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.121.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804450/; classtype:trojan-activity;sid:83667550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.16.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804449/; classtype:trojan-activity;sid:83667549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.17.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804448/; classtype:trojan-activity;sid:83667548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.2.13"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804447/; classtype:trojan-activity;sid:83667547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.9.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804446/; classtype:trojan-activity;sid:83667546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.247.154.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804445/; classtype:trojan-activity;sid:83667545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.214.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804443/; classtype:trojan-activity;sid:83667543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.231.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804444/; classtype:trojan-activity;sid:83667544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.67.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804442/; classtype:trojan-activity;sid:83667542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.37.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804441/; classtype:trojan-activity;sid:83667541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.212.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804440/; classtype:trojan-activity;sid:83667540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.217.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804439/; classtype:trojan-activity;sid:83667539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804438/; classtype:trojan-activity;sid:83667538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.16.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804437/; classtype:trojan-activity;sid:83667537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.128.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804436/; classtype:trojan-activity;sid:83667536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.16.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804435/; classtype:trojan-activity;sid:83667535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.252.165.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804434/; classtype:trojan-activity;sid:83667534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.84.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804433/; classtype:trojan-activity;sid:83667533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.133.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804432/; classtype:trojan-activity;sid:83667532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.247.154.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804431/; classtype:trojan-activity;sid:83667531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.9.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804430/; classtype:trojan-activity;sid:83667530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.21.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804429/; classtype:trojan-activity;sid:83667529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804428/; classtype:trojan-activity;sid:83667528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.142.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804427/; classtype:trojan-activity;sid:83667527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.133.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804426/; classtype:trojan-activity;sid:83667526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.148.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804425/; classtype:trojan-activity;sid:83667525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.16.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804424/; classtype:trojan-activity;sid:83667524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.55.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804423/; classtype:trojan-activity;sid:83667523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.25.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804422/; classtype:trojan-activity;sid:83667522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.15.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804421/; classtype:trojan-activity;sid:83667521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.219.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804420/; classtype:trojan-activity;sid:83667520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.130.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804419/; classtype:trojan-activity;sid:83667519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.118.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804418/; classtype:trojan-activity;sid:83667518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.245.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804417/; classtype:trojan-activity;sid:83667517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.171.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804416/; classtype:trojan-activity;sid:83667516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.213.180.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804415/; classtype:trojan-activity;sid:83667515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.157.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804414/; classtype:trojan-activity;sid:83667514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.111.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804413/; classtype:trojan-activity;sid:83667513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.188.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804412/; classtype:trojan-activity;sid:83667512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.94.156.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804411/; classtype:trojan-activity;sid:83667511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.55.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804410/; classtype:trojan-activity;sid:83667510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.25.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804409/; classtype:trojan-activity;sid:83667509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.13.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804408/; classtype:trojan-activity;sid:83667508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.193.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804407/; classtype:trojan-activity;sid:83667507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804406/; classtype:trojan-activity;sid:83667506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.73.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804405/; classtype:trojan-activity;sid:83667505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.154.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804404/; classtype:trojan-activity;sid:83667504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.11.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804402/; classtype:trojan-activity;sid:83667502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.45.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804403/; classtype:trojan-activity;sid:83667503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.90.128.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804401/; classtype:trojan-activity;sid:83667501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.251.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804400/; classtype:trojan-activity;sid:83667500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.175.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804397/; classtype:trojan-activity;sid:83667497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.229.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804398/; classtype:trojan-activity;sid:83667498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.207.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804399/; classtype:trojan-activity;sid:83667499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.95.228.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804396/; classtype:trojan-activity;sid:83667496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.187.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804395/; classtype:trojan-activity;sid:83667495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.119.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804393/; classtype:trojan-activity;sid:83667493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.2.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804394/; classtype:trojan-activity;sid:83667494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.188.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804392/; classtype:trojan-activity;sid:83667492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.111.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804391/; classtype:trojan-activity;sid:83667491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.105.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804390/; classtype:trojan-activity;sid:83667490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.43.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804388/; classtype:trojan-activity;sid:83667488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.181.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804389/; classtype:trojan-activity;sid:83667489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.39.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804387/; classtype:trojan-activity;sid:83667487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.218.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804386/; classtype:trojan-activity;sid:83667486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.90.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804385/; classtype:trojan-activity;sid:83667485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.13.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804384/; classtype:trojan-activity;sid:83667484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.135.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804383/; classtype:trojan-activity;sid:83667483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.106.76.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804382/; classtype:trojan-activity;sid:83667482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.128.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804381/; classtype:trojan-activity;sid:83667481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.61.147.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804380/; classtype:trojan-activity;sid:83667480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.193.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804379/; classtype:trojan-activity;sid:83667479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.4.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804378/; classtype:trojan-activity;sid:83667478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.39.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804376/; classtype:trojan-activity;sid:83667476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.17.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804377/; classtype:trojan-activity;sid:83667477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.33.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804375/; classtype:trojan-activity;sid:83667475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.12.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804374/; classtype:trojan-activity;sid:83667474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804373/; classtype:trojan-activity;sid:83667473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.198.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804372/; classtype:trojan-activity;sid:83667472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.168.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804370/; classtype:trojan-activity;sid:83667470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804371/; classtype:trojan-activity;sid:83667471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.187.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804369/; classtype:trojan-activity;sid:83667469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.2.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804368/; classtype:trojan-activity;sid:83667468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.119.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804367/; classtype:trojan-activity;sid:83667467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.43.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804366/; classtype:trojan-activity;sid:83667466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.90.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804365/; classtype:trojan-activity;sid:83667465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.51.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804364/; classtype:trojan-activity;sid:83667464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.60.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804363/; classtype:trojan-activity;sid:83667463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.99.223.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804362/; classtype:trojan-activity;sid:83667462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.92.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804361/; classtype:trojan-activity;sid:83667461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.2.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804360/; classtype:trojan-activity;sid:83667460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.233.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804359/; classtype:trojan-activity;sid:83667459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804358/; classtype:trojan-activity;sid:83667458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804351/; classtype:trojan-activity;sid:83667451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86"; depth:12; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804352/; classtype:trojan-activity;sid:83667452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86_64"; depth:15; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804353/; classtype:trojan-activity;sid:83667453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mips"; depth:13; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804354/; classtype:trojan-activity;sid:83667454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804355/; classtype:trojan-activity;sid:83667455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86_64"; depth:15; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804356/; classtype:trojan-activity;sid:83667456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804357/; classtype:trojan-activity;sid:83667457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804349/; classtype:trojan-activity;sid:83667449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mips"; depth:13; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804350/; classtype:trojan-activity;sid:83667450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm"; depth:11; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804347/; classtype:trojan-activity;sid:83667447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686_1"; depth:7; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804348/; classtype:trojan-activity;sid:83667448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804343/; classtype:trojan-activity;sid:83667443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86"; depth:12; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804344/; classtype:trojan-activity;sid:83667444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804346/; classtype:trojan-activity;sid:83667446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804342/; classtype:trojan-activity;sid:83667442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804341/; classtype:trojan-activity;sid:83667441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.ppc"; depth:21; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804337/; classtype:trojan-activity;sid:83667437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm7"; depth:12; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804338/; classtype:trojan-activity;sid:83667438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm5"; depth:12; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804339/; classtype:trojan-activity;sid:83667439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.x86"; depth:21; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804340/; classtype:trojan-activity;sid:83667440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804333/; classtype:trojan-activity;sid:83667433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804334/; classtype:trojan-activity;sid:83667434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804335/; classtype:trojan-activity;sid:83667435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm6"; depth:13; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804336/; classtype:trojan-activity;sid:83667436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804330/; classtype:trojan-activity;sid:83667430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.arm7"; depth:22; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804331/; classtype:trojan-activity;sid:83667431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804332/; classtype:trojan-activity;sid:83667432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.sparc"; depth:23; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804323/; classtype:trojan-activity;sid:83667423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mpsl"; depth:13; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804324/; classtype:trojan-activity;sid:83667424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.m68k"; depth:13; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804325/; classtype:trojan-activity;sid:83667425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804326/; classtype:trojan-activity;sid:83667426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804327/; classtype:trojan-activity;sid:83667427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804328/; classtype:trojan-activity;sid:83667428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804329/; classtype:trojan-activity;sid:83667429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm7"; depth:13; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804322/; classtype:trojan-activity;sid:83667422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm5"; depth:13; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804316/; classtype:trojan-activity;sid:83667416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804317/; classtype:trojan-activity;sid:83667417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804318/; classtype:trojan-activity;sid:83667418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804319/; classtype:trojan-activity;sid:83667419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804320/; classtype:trojan-activity;sid:83667420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804321/; classtype:trojan-activity;sid:83667421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.arm6"; depth:12; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804312/; classtype:trojan-activity;sid:83667412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804313/; classtype:trojan-activity;sid:83667413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm"; depth:12; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804314/; classtype:trojan-activity;sid:83667414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804315/; classtype:trojan-activity;sid:83667415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804309/; classtype:trojan-activity;sid:83667409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.arm5"; depth:22; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804310/; classtype:trojan-activity;sid:83667410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804311/; classtype:trojan-activity;sid:83667411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804307/; classtype:trojan-activity;sid:83667407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm7"; depth:13; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804308/; classtype:trojan-activity;sid:83667408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm6"; depth:13; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804302/; classtype:trojan-activity;sid:83667402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804303/; classtype:trojan-activity;sid:83667403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.mips"; depth:22; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804304/; classtype:trojan-activity;sid:83667404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804305/; classtype:trojan-activity;sid:83667405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804306/; classtype:trojan-activity;sid:83667406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804300/; classtype:trojan-activity;sid:83667400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804301/; classtype:trojan-activity;sid:83667401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm5"; depth:13; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804298/; classtype:trojan-activity;sid:83667398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm"; depth:12; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804299/; classtype:trojan-activity;sid:83667399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804296/; classtype:trojan-activity;sid:83667396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804297/; classtype:trojan-activity;sid:83667397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804293/; classtype:trojan-activity;sid:83667393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804294/; classtype:trojan-activity;sid:83667394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.arm6"; depth:22; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804295/; classtype:trojan-activity;sid:83667395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804291/; classtype:trojan-activity;sid:83667391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804292/; classtype:trojan-activity;sid:83667392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.m68k"; depth:12; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804287/; classtype:trojan-activity;sid:83667387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804288/; classtype:trojan-activity;sid:83667388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804289/; classtype:trojan-activity;sid:83667389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.spc"; depth:11; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804290/; classtype:trojan-activity;sid:83667390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"92.249.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804286/; classtype:trojan-activity;sid:83667386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.sh4"; depth:12; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804284/; classtype:trojan-activity;sid:83667384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804285/; classtype:trojan-activity;sid:83667385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.mpsl"; depth:22; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804283/; classtype:trojan-activity;sid:83667383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804281/; classtype:trojan-activity;sid:83667381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.ppc"; depth:11; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804282/; classtype:trojan-activity;sid:83667382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.mips"; depth:12; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804277/; classtype:trojan-activity;sid:83667377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804278/; classtype:trojan-activity;sid:83667378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.arm4"; depth:22; endswith; nocase; http.host; content:"141.98.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804279/; classtype:trojan-activity;sid:83667379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.sh4"; depth:11; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804280/; classtype:trojan-activity;sid:83667380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.ppc"; depth:12; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804271/; classtype:trojan-activity;sid:83667371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804272/; classtype:trojan-activity;sid:83667372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mpsl"; depth:13; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804273/; classtype:trojan-activity;sid:83667373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804274/; classtype:trojan-activity;sid:83667374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804275/; classtype:trojan-activity;sid:83667375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804276/; classtype:trojan-activity;sid:83667376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.sh4"; depth:12; endswith; nocase; http.host; content:"154.44.25.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804267/; classtype:trojan-activity;sid:83667367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.m68k"; depth:13; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804268/; classtype:trojan-activity;sid:83667368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804269/; classtype:trojan-activity;sid:83667369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.ppc"; depth:12; endswith; nocase; http.host; content:"198.12.70.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804270/; classtype:trojan-activity;sid:83667370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804263/; classtype:trojan-activity;sid:83667363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804264/; classtype:trojan-activity;sid:83667364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804265/; classtype:trojan-activity;sid:83667365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.x86"; depth:11; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804266/; classtype:trojan-activity;sid:83667366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804260/; classtype:trojan-activity;sid:83667360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"79.110.62.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804261/; classtype:trojan-activity;sid:83667361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkwasz.mpsl"; depth:12; endswith; nocase; http.host; content:"185.196.9.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804262/; classtype:trojan-activity;sid:83667362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804259/; classtype:trojan-activity;sid:83667359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"93.123.85.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804256/; classtype:trojan-activity;sid:83667356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"93.123.85.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804257/; classtype:trojan-activity;sid:83667357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.128.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804258/; classtype:trojan-activity;sid:83667358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.12.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804255/; classtype:trojan-activity;sid:83667355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.45.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804254/; classtype:trojan-activity;sid:83667354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.169.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804253/; classtype:trojan-activity;sid:83667353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.17.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804252/; classtype:trojan-activity;sid:83667352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.172.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804251/; classtype:trojan-activity;sid:83667351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.151.73.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804250/; classtype:trojan-activity;sid:83667350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.232.225.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804249/; classtype:trojan-activity;sid:83667349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.81.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804248/; classtype:trojan-activity;sid:83667348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.69.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804247/; classtype:trojan-activity;sid:83667347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/logo3.jpg"; depth:17; endswith; nocase; http.host; content:"axsit.biz"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804246/; classtype:trojan-activity;sid:83667346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.217.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804245/; classtype:trojan-activity;sid:83667345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.45.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804244/; classtype:trojan-activity;sid:83667344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.200.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804243/; classtype:trojan-activity;sid:83667343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804242/; classtype:trojan-activity;sid:83667342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.3.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804239/; classtype:trojan-activity;sid:83667339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.233.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804240/; classtype:trojan-activity;sid:83667340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.147.213.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804241/; classtype:trojan-activity;sid:83667341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.81.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804238/; classtype:trojan-activity;sid:83667338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.206.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804237/; classtype:trojan-activity;sid:83667337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.176.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804236/; classtype:trojan-activity;sid:83667336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.17.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804235/; classtype:trojan-activity;sid:83667335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.69.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804234/; classtype:trojan-activity;sid:83667334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.74.59.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804233/; classtype:trojan-activity;sid:83667333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byfronbypass.html/css/mss/bnyoyenjf.exe"; depth:40; endswith; nocase; http.host; content:"futilloiu.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804232/; classtype:trojan-activity;sid:83667332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.133.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804231/; classtype:trojan-activity;sid:83667331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.7.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804229/; classtype:trojan-activity;sid:83667329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.115.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804230/; classtype:trojan-activity;sid:83667330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byfronbypass.html/css/mss/c32setup.exe"; depth:39; endswith; nocase; http.host; content:"futilloiu.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804226/; classtype:trojan-activity;sid:83667326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byfronbypass.html/css/mss/rokzl.exe"; depth:36; endswith; nocase; http.host; content:"futilloiu.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804227/; classtype:trojan-activity;sid:83667327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804228/; classtype:trojan-activity;sid:83667328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.147.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804225/; classtype:trojan-activity;sid:83667325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.176.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804224/; classtype:trojan-activity;sid:83667324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.186.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804223/; classtype:trojan-activity;sid:83667323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.55.13.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804222/; classtype:trojan-activity;sid:83667322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804221/; classtype:trojan-activity;sid:83667321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.152.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804220/; classtype:trojan-activity;sid:83667320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.227.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804219/; classtype:trojan-activity;sid:83667319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804218/; classtype:trojan-activity;sid:83667318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.243.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804217/; classtype:trojan-activity;sid:83667317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.90.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804216/; classtype:trojan-activity;sid:83667316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.2.13"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804215/; classtype:trojan-activity;sid:83667315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.0.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804214/; classtype:trojan-activity;sid:83667314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.80.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804212/; classtype:trojan-activity;sid:83667312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.74.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804213/; classtype:trojan-activity;sid:83667313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.186.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804211/; classtype:trojan-activity;sid:83667311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804210/; classtype:trojan-activity;sid:83667310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.210.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804209/; classtype:trojan-activity;sid:83667309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804208/; classtype:trojan-activity;sid:83667308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.152.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804207/; classtype:trojan-activity;sid:83667307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.57.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804206/; classtype:trojan-activity;sid:83667306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.246.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804205/; classtype:trojan-activity;sid:83667305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.80.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804204/; classtype:trojan-activity;sid:83667304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.148.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804203/; classtype:trojan-activity;sid:83667303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.0.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804202/; classtype:trojan-activity;sid:83667302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.153.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804200/; classtype:trojan-activity;sid:83667300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668376079|3f|hash=zdonk6wvw6ivzq1iappa9xpz0ao2de2pbzfkr2ltulw|7c|26|7c|dl=nzfsxnpoxj4dtzch4zbwwmp6tgm3jzawsbi7g7gp14g|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804201/; classtype:trojan-activity;sid:83667301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.48.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804199/; classtype:trojan-activity;sid:83667299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.215.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804198/; classtype:trojan-activity;sid:83667298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.28.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804196/; classtype:trojan-activity;sid:83667296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.54.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804197/; classtype:trojan-activity;sid:83667297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.34.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804194/; classtype:trojan-activity;sid:83667294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.178.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804195/; classtype:trojan-activity;sid:83667295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.203.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804193/; classtype:trojan-activity;sid:83667293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.74.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804192/; classtype:trojan-activity;sid:83667292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.249.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804191/; classtype:trojan-activity;sid:83667291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.229.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804190/; classtype:trojan-activity;sid:83667290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.17.162"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804189/; classtype:trojan-activity;sid:83667289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.246.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804188/; classtype:trojan-activity;sid:83667288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.23.95"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804187/; classtype:trojan-activity;sid:83667287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.68.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804185/; classtype:trojan-activity;sid:83667285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.57.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804186/; classtype:trojan-activity;sid:83667286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.241.50.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804184/; classtype:trojan-activity;sid:83667284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.247.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804183/; classtype:trojan-activity;sid:83667283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.144.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804182/; classtype:trojan-activity;sid:83667282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.237.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804181/; classtype:trojan-activity;sid:83667281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.76.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804180/; classtype:trojan-activity;sid:83667280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.7.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804179/; classtype:trojan-activity;sid:83667279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804178/; classtype:trojan-activity;sid:83667278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.178.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804177/; classtype:trojan-activity;sid:83667277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.153.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804176/; classtype:trojan-activity;sid:83667276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.41.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804175/; classtype:trojan-activity;sid:83667275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.233.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804173/; classtype:trojan-activity;sid:83667273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.93.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804174/; classtype:trojan-activity;sid:83667274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.251.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804172/; classtype:trojan-activity;sid:83667272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.149.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804171/; classtype:trojan-activity;sid:83667271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.3.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804170/; classtype:trojan-activity;sid:83667270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.254.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804169/; classtype:trojan-activity;sid:83667269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.41.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804168/; classtype:trojan-activity;sid:83667268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804167/; classtype:trojan-activity;sid:83667267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byfronbypass.html/css/mss/tfr.exe"; depth:34; endswith; nocase; http.host; content:"futilloiu.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804166/; classtype:trojan-activity;sid:83667266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.88.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804163/; classtype:trojan-activity;sid:83667263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.249.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804164/; classtype:trojan-activity;sid:83667264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804165/; classtype:trojan-activity;sid:83667265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.17.162"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804162/; classtype:trojan-activity;sid:83667262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.91.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804161/; classtype:trojan-activity;sid:83667261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668374303|3f|hash=niuboi699aev6a4umxn0ovns0czhpaw8wuiwzdns6i4|7c|26|7c|dl=8twrxgdnwpuzzprnsgumxxilor1vk17zat1mi2c7mlw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804160/; classtype:trojan-activity;sid:83667260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.23.95"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804159/; classtype:trojan-activity;sid:83667259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.178.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804158/; classtype:trojan-activity;sid:83667258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.144.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804157/; classtype:trojan-activity;sid:83667257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.198.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804156/; classtype:trojan-activity;sid:83667256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.72.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804155/; classtype:trojan-activity;sid:83667255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.200.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804154/; classtype:trojan-activity;sid:83667254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804153/; classtype:trojan-activity;sid:83667253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.76.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804152/; classtype:trojan-activity;sid:83667252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.125.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804151/; classtype:trojan-activity;sid:83667251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804150/; classtype:trojan-activity;sid:83667250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804149/; classtype:trojan-activity;sid:83667249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.200.235.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804148/; classtype:trojan-activity;sid:83667248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804147/; classtype:trojan-activity;sid:83667247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.21.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804146/; classtype:trojan-activity;sid:83667246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.89.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804145/; classtype:trojan-activity;sid:83667245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.239.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804144/; classtype:trojan-activity;sid:83667244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.68.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804143/; classtype:trojan-activity;sid:83667243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.85.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804142/; classtype:trojan-activity;sid:83667242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.68.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804141/; classtype:trojan-activity;sid:83667241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.200.235.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804139/; classtype:trojan-activity;sid:83667239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.88.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804140/; classtype:trojan-activity;sid:83667240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.198.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804137/; classtype:trojan-activity;sid:83667237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.125.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804138/; classtype:trojan-activity;sid:83667238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.231.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804136/; classtype:trojan-activity;sid:83667236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804135/; classtype:trojan-activity;sid:83667235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804134/; classtype:trojan-activity;sid:83667234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.57.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804133/; classtype:trojan-activity;sid:83667233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.231.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804132/; classtype:trojan-activity;sid:83667232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.49.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804131/; classtype:trojan-activity;sid:83667231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.235.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804130/; classtype:trojan-activity;sid:83667230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.149.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804129/; classtype:trojan-activity;sid:83667229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.237.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804128/; classtype:trojan-activity;sid:83667228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.162.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804126/; classtype:trojan-activity;sid:83667226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.43.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804127/; classtype:trojan-activity;sid:83667227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.116.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804125/; classtype:trojan-activity;sid:83667225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.156.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804124/; classtype:trojan-activity;sid:83667224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.88.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804123/; classtype:trojan-activity;sid:83667223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668374256|3f|hash=wozmcag9lgg2ezqzyof1mjkcvzv0jbwzubyaahjuvzc|7c|26|7c|dl=0qy3ixtbaai6txcm1bdyasjedvpk8ixmf8y5djtvi7c|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804122/; classtype:trojan-activity;sid:83667222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"zcwmr.schedule.golfballnutz.com"; depth:31; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804121/; classtype:trojan-activity;sid:83667221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804120/; classtype:trojan-activity;sid:83667220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804119/; classtype:trojan-activity;sid:83667219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.141.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804118/; classtype:trojan-activity;sid:83667218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.57.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804116/; classtype:trojan-activity;sid:83667216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804117/; classtype:trojan-activity;sid:83667217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.131.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804114/; classtype:trojan-activity;sid:83667214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.111.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804115/; classtype:trojan-activity;sid:83667215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.212.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804113/; classtype:trojan-activity;sid:83667213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.149.236.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804112/; classtype:trojan-activity;sid:83667212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.11.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804111/; classtype:trojan-activity;sid:83667211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.1.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804110/; classtype:trojan-activity;sid:83667210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804109/; classtype:trojan-activity;sid:83667209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.79.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804108/; classtype:trojan-activity;sid:83667208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.245.179.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804106/; classtype:trojan-activity;sid:83667206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.243.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804107/; classtype:trojan-activity;sid:83667207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.171.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804105/; classtype:trojan-activity;sid:83667205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.9.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804104/; classtype:trojan-activity;sid:83667204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.65.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804103/; classtype:trojan-activity;sid:83667203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.60.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804102/; classtype:trojan-activity;sid:83667202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.155.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804101/; classtype:trojan-activity;sid:83667201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.11.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804100/; classtype:trojan-activity;sid:83667200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.192.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804099/; classtype:trojan-activity;sid:83667199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.241.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804098/; classtype:trojan-activity;sid:83667198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.220.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804097/; classtype:trojan-activity;sid:83667197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.234.195.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804096/; classtype:trojan-activity;sid:83667196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.132.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804095/; classtype:trojan-activity;sid:83667195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.69.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804094/; classtype:trojan-activity;sid:83667194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.1.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804092/; classtype:trojan-activity;sid:83667192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.79.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804093/; classtype:trojan-activity;sid:83667193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.72.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804091/; classtype:trojan-activity;sid:83667191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.155.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804090/; classtype:trojan-activity;sid:83667190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.45.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804089/; classtype:trojan-activity;sid:83667189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804088/; classtype:trojan-activity;sid:83667188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804087/; classtype:trojan-activity;sid:83667187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804086/; classtype:trojan-activity;sid:83667186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804084/; classtype:trojan-activity;sid:83667184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804085/; classtype:trojan-activity;sid:83667185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804078/; classtype:trojan-activity;sid:83667178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804079/; classtype:trojan-activity;sid:83667179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804080/; classtype:trojan-activity;sid:83667180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804081/; classtype:trojan-activity;sid:83667181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.235.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804082/; classtype:trojan-activity;sid:83667182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.132.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804083/; classtype:trojan-activity;sid:83667183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804075/; classtype:trojan-activity;sid:83667175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804076/; classtype:trojan-activity;sid:83667176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804077/; classtype:trojan-activity;sid:83667177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/watchdog"; depth:9; endswith; nocase; http.host; content:"194.195.253.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804074/; classtype:trojan-activity;sid:83667174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804073/; classtype:trojan-activity;sid:83667173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.192.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804072/; classtype:trojan-activity;sid:83667172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.55.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804070/; classtype:trojan-activity;sid:83667170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.74.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804071/; classtype:trojan-activity;sid:83667171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.132.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804069/; classtype:trojan-activity;sid:83667169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804068/; classtype:trojan-activity;sid:83667168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.143.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804067/; classtype:trojan-activity;sid:83667167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804062/; classtype:trojan-activity;sid:83667162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804063/; classtype:trojan-activity;sid:83667163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804064/; classtype:trojan-activity;sid:83667164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804065/; classtype:trojan-activity;sid:83667165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804066/; classtype:trojan-activity;sid:83667166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804056/; classtype:trojan-activity;sid:83667156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804057/; classtype:trojan-activity;sid:83667157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804058/; classtype:trojan-activity;sid:83667158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804059/; classtype:trojan-activity;sid:83667159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804060/; classtype:trojan-activity;sid:83667160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804061/; classtype:trojan-activity;sid:83667161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/watchdog"; depth:9; endswith; nocase; http.host; content:"5.253.246.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804055/; classtype:trojan-activity;sid:83667155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm"; depth:12; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804054/; classtype:trojan-activity;sid:83667154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.sh4"; depth:12; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804048/; classtype:trojan-activity;sid:83667148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.m68k"; depth:13; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804049/; classtype:trojan-activity;sid:83667149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm5"; depth:13; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804050/; classtype:trojan-activity;sid:83667150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86"; depth:12; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804051/; classtype:trojan-activity;sid:83667151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mips"; depth:13; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804052/; classtype:trojan-activity;sid:83667152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm7"; depth:13; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804053/; classtype:trojan-activity;sid:83667153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.175.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804041/; classtype:trojan-activity;sid:83667141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.192.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804042/; classtype:trojan-activity;sid:83667142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.192.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804043/; classtype:trojan-activity;sid:83667143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.arm6"; depth:13; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804044/; classtype:trojan-activity;sid:83667144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.mpsl"; depth:13; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804045/; classtype:trojan-activity;sid:83667145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.x86_64"; depth:15; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804046/; classtype:trojan-activity;sid:83667146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top1hbt.ppc"; depth:12; endswith; nocase; http.host; content:"net.przsc.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804047/; classtype:trojan-activity;sid:83667147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.53.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804040/; classtype:trojan-activity;sid:83667140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.234.195.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804039/; classtype:trojan-activity;sid:83667139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.72.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804038/; classtype:trojan-activity;sid:83667138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.250.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804037/; classtype:trojan-activity;sid:83667137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.149.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804036/; classtype:trojan-activity;sid:83667136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.74.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804035/; classtype:trojan-activity;sid:83667135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.91.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804034/; classtype:trojan-activity;sid:83667134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.55.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804033/; classtype:trojan-activity;sid:83667133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.237.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804032/; classtype:trojan-activity;sid:83667132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc8ba3f3fbfe32b1/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.113.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804031/; classtype:trojan-activity;sid:83667131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc8ba3f3fbfe32b1/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.113.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804025/; classtype:trojan-activity;sid:83667125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc8ba3f3fbfe32b1/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.113.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804026/; classtype:trojan-activity;sid:83667126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc8ba3f3fbfe32b1/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.113.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804027/; classtype:trojan-activity;sid:83667127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc8ba3f3fbfe32b1/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.113.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804028/; classtype:trojan-activity;sid:83667128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc8ba3f3fbfe32b1/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.113.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804029/; classtype:trojan-activity;sid:83667129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc8ba3f3fbfe32b1/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.113.119.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804030/; classtype:trojan-activity;sid:83667130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.156.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804024/; classtype:trojan-activity;sid:83667124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.234.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804023/; classtype:trojan-activity;sid:83667123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.78.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804022/; classtype:trojan-activity;sid:83667122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.230.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804021/; classtype:trojan-activity;sid:83667121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668370956|3f|hash=tro2xa7eekpzirghliwslmdn8rzeohsqoid1v0fqu6w|7c|26|7c|dl=wzwqctguymkleqnrldgpepowlnptbzcdo4mjslrsaw8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804020/; classtype:trojan-activity;sid:83667120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.159.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804019/; classtype:trojan-activity;sid:83667119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.158.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804018/; classtype:trojan-activity;sid:83667118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.9.67.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804016/; classtype:trojan-activity;sid:83667116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.112.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804017/; classtype:trojan-activity;sid:83667117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.233.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804015/; classtype:trojan-activity;sid:83667115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.230.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804013/; classtype:trojan-activity;sid:83667113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.142.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804014/; classtype:trojan-activity;sid:83667114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.42.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804012/; classtype:trojan-activity;sid:83667112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.247.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804011/; classtype:trojan-activity;sid:83667111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.66.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804010/; classtype:trojan-activity;sid:83667110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804006/; classtype:trojan-activity;sid:83667106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804007/; classtype:trojan-activity;sid:83667107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804008/; classtype:trojan-activity;sid:83667108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804009/; classtype:trojan-activity;sid:83667109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804002/; classtype:trojan-activity;sid:83667102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.159.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804003/; classtype:trojan-activity;sid:83667103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804004/; classtype:trojan-activity;sid:83667104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804005/; classtype:trojan-activity;sid:83667105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803996/; classtype:trojan-activity;sid:83667096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803997/; classtype:trojan-activity;sid:83667097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803998/; classtype:trojan-activity;sid:83667098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803999/; classtype:trojan-activity;sid:83667099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804000/; classtype:trojan-activity;sid:83667100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2804001/; classtype:trojan-activity;sid:83667101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smd.sh"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803989/; classtype:trojan-activity;sid:83667089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803990/; classtype:trojan-activity;sid:83667090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803991/; classtype:trojan-activity;sid:83667091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803992/; classtype:trojan-activity;sid:83667092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803993/; classtype:trojan-activity;sid:83667093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc"; depth:3; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803994/; classtype:trojan-activity;sid:83667094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803995/; classtype:trojan-activity;sid:83667095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803987/; classtype:trojan-activity;sid:83667087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803988/; classtype:trojan-activity;sid:83667088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803986/; classtype:trojan-activity;sid:83667086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.mips"; depth:7; endswith; nocase; http.host; content:"62.72.185.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803985/; classtype:trojan-activity;sid:83667085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7.sh"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803984/; classtype:trojan-activity;sid:83667084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803977/; classtype:trojan-activity;sid:83667077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol"; depth:4; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803978/; classtype:trojan-activity;sid:83667078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803979/; classtype:trojan-activity;sid:83667079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803980/; classtype:trojan-activity;sid:83667080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803981/; classtype:trojan-activity;sid:83667081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803982/; classtype:trojan-activity;sid:83667082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.sh"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803983/; classtype:trojan-activity;sid:83667083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803974/; classtype:trojan-activity;sid:83667074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803975/; classtype:trojan-activity;sid:83667075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803976/; classtype:trojan-activity;sid:83667076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803966/; classtype:trojan-activity;sid:83667066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803967/; classtype:trojan-activity;sid:83667067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803968/; classtype:trojan-activity;sid:83667068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803969/; classtype:trojan-activity;sid:83667069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803970/; classtype:trojan-activity;sid:83667070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803971/; classtype:trojan-activity;sid:83667071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803972/; classtype:trojan-activity;sid:83667072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803973/; classtype:trojan-activity;sid:83667073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803964/; classtype:trojan-activity;sid:83667064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803965/; classtype:trojan-activity;sid:83667065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803959/; classtype:trojan-activity;sid:83667059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803960/; classtype:trojan-activity;sid:83667060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803961/; classtype:trojan-activity;sid:83667061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803962/; classtype:trojan-activity;sid:83667062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803963/; classtype:trojan-activity;sid:83667063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803954/; classtype:trojan-activity;sid:83667054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803955/; classtype:trojan-activity;sid:83667055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803956/; classtype:trojan-activity;sid:83667056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803957/; classtype:trojan-activity;sid:83667057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803958/; classtype:trojan-activity;sid:83667058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803950/; classtype:trojan-activity;sid:83667050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803951/; classtype:trojan-activity;sid:83667051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803952/; classtype:trojan-activity;sid:83667052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803953/; classtype:trojan-activity;sid:83667053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803939/; classtype:trojan-activity;sid:83667039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803940/; classtype:trojan-activity;sid:83667040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803941/; classtype:trojan-activity;sid:83667041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803942/; classtype:trojan-activity;sid:83667042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803943/; classtype:trojan-activity;sid:83667043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803944/; classtype:trojan-activity;sid:83667044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803945/; classtype:trojan-activity;sid:83667045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803946/; classtype:trojan-activity;sid:83667046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803947/; classtype:trojan-activity;sid:83667047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803948/; classtype:trojan-activity;sid:83667048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"67.217.60.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803949/; classtype:trojan-activity;sid:83667049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.49.52.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803938/; classtype:trojan-activity;sid:83667038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.59.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803936/; classtype:trojan-activity;sid:83667036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.45.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803937/; classtype:trojan-activity;sid:83667037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.137.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803935/; classtype:trojan-activity;sid:83667035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.9.67.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803934/; classtype:trojan-activity;sid:83667034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.248.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803933/; classtype:trojan-activity;sid:83667033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.233.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803932/; classtype:trojan-activity;sid:83667032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.56.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803931/; classtype:trojan-activity;sid:83667031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803930/; classtype:trojan-activity;sid:83667030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.42.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803929/; classtype:trojan-activity;sid:83667029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.117.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803928/; classtype:trojan-activity;sid:83667028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.53.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803927/; classtype:trojan-activity;sid:83667027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.242.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803926/; classtype:trojan-activity;sid:83667026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/555.exe"; depth:8; endswith; nocase; http.host; content:"88.218.61.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803925/; classtype:trojan-activity;sid:83667025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.193.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803923/; classtype:trojan-activity;sid:83667023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.56.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803924/; classtype:trojan-activity;sid:83667024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"45.67.86.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803922/; classtype:trojan-activity;sid:83667022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.86.4.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803921/; classtype:trojan-activity;sid:83667021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.68.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803918/; classtype:trojan-activity;sid:83667018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.117.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803919/; classtype:trojan-activity;sid:83667019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803920/; classtype:trojan-activity;sid:83667020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.6.113"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803917/; classtype:trojan-activity;sid:83667017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.87.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803916/; classtype:trojan-activity;sid:83667016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.147.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803913/; classtype:trojan-activity;sid:83667013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.150.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803914/; classtype:trojan-activity;sid:83667014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.221.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803915/; classtype:trojan-activity;sid:83667015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.42.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803912/; classtype:trojan-activity;sid:83667012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.248.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803911/; classtype:trojan-activity;sid:83667011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.arm6"; depth:28; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803910/; classtype:trojan-activity;sid:83667010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/debug.dbg"; depth:21; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803909/; classtype:trojan-activity;sid:83667009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.mpsl"; depth:28; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803901/; classtype:trojan-activity;sid:83667001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos3.sh"; depth:15; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803902/; classtype:trojan-activity;sid:83667002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.arm5"; depth:28; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803903/; classtype:trojan-activity;sid:83667003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.arm"; depth:27; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803904/; classtype:trojan-activity;sid:83667004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.arc"; depth:27; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803905/; classtype:trojan-activity;sid:83667005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.arm7"; depth:28; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803906/; classtype:trojan-activity;sid:83667006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.x86_64"; depth:30; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803907/; classtype:trojan-activity;sid:83667007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.mips"; depth:28; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803908/; classtype:trojan-activity;sid:83667008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.m68k"; depth:28; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803896/; classtype:trojan-activity;sid:83666996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.spc"; depth:27; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803897/; classtype:trojan-activity;sid:83666997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.sh4"; depth:27; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803898/; classtype:trojan-activity;sid:83666998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.x86"; depth:27; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803899/; classtype:trojan-activity;sid:83666999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guruitddos/rpcsecurity.ppc"; depth:27; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803900/; classtype:trojan-activity;sid:83667000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"185.94.29.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803895/; classtype:trojan-activity;sid:83666995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.68.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803894/; classtype:trojan-activity;sid:83666994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.25.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803893/; classtype:trojan-activity;sid:83666993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.239.48.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803892/; classtype:trojan-activity;sid:83666992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.169.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803891/; classtype:trojan-activity;sid:83666991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.4.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803890/; classtype:trojan-activity;sid:83666990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.169.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803889/; classtype:trojan-activity;sid:83666989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.44.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803888/; classtype:trojan-activity;sid:83666988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.156.51.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803887/; classtype:trojan-activity;sid:83666987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.137.201.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803885/; classtype:trojan-activity;sid:83666985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.227.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803886/; classtype:trojan-activity;sid:83666986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.26.247.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803884/; classtype:trojan-activity;sid:83666984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.36.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803883/; classtype:trojan-activity;sid:83666983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.106.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803882/; classtype:trojan-activity;sid:83666982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803881/; classtype:trojan-activity;sid:83666981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803875/; classtype:trojan-activity;sid:83666975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803876/; classtype:trojan-activity;sid:83666976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803877/; classtype:trojan-activity;sid:83666977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803878/; classtype:trojan-activity;sid:83666978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803879/; classtype:trojan-activity;sid:83666979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803880/; classtype:trojan-activity;sid:83666980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803871/; classtype:trojan-activity;sid:83666971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803872/; classtype:trojan-activity;sid:83666972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803873/; classtype:trojan-activity;sid:83666973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"83.147.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803874/; classtype:trojan-activity;sid:83666974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.92.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803870/; classtype:trojan-activity;sid:83666970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.242.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803869/; classtype:trojan-activity;sid:83666969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.188.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803868/; classtype:trojan-activity;sid:83666968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.160.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803867/; classtype:trojan-activity;sid:83666967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.234.195.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803866/; classtype:trojan-activity;sid:83666966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.194.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803863/; classtype:trojan-activity;sid:83666963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.4.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803864/; classtype:trojan-activity;sid:83666964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.239.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803865/; classtype:trojan-activity;sid:83666965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.115.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803862/; classtype:trojan-activity;sid:83666962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"71.89.182.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803861/; classtype:trojan-activity;sid:83666961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.91.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803860/; classtype:trojan-activity;sid:83666960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803847/; classtype:trojan-activity;sid:83666947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803848/; classtype:trojan-activity;sid:83666948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803849/; classtype:trojan-activity;sid:83666949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803850/; classtype:trojan-activity;sid:83666950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803851/; classtype:trojan-activity;sid:83666951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803852/; classtype:trojan-activity;sid:83666952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803853/; classtype:trojan-activity;sid:83666953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803854/; classtype:trojan-activity;sid:83666954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803855/; classtype:trojan-activity;sid:83666955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803856/; classtype:trojan-activity;sid:83666956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803857/; classtype:trojan-activity;sid:83666957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686_1"; depth:7; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803858/; classtype:trojan-activity;sid:83666958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"secure-network-rebirthltd.ru"; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803859/; classtype:trojan-activity;sid:83666959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803836/; classtype:trojan-activity;sid:83666936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803837/; classtype:trojan-activity;sid:83666937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803838/; classtype:trojan-activity;sid:83666938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686_1"; depth:7; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803839/; classtype:trojan-activity;sid:83666939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803840/; classtype:trojan-activity;sid:83666940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803841/; classtype:trojan-activity;sid:83666941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803842/; classtype:trojan-activity;sid:83666942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803843/; classtype:trojan-activity;sid:83666943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803844/; classtype:trojan-activity;sid:83666944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803845/; classtype:trojan-activity;sid:83666945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"sex.secure-cyber-security-rebirthltd.su"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803846/; classtype:trojan-activity;sid:83666946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803834/; classtype:trojan-activity;sid:83666934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803835/; classtype:trojan-activity;sid:83666935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803827/; classtype:trojan-activity;sid:83666927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803828/; classtype:trojan-activity;sid:83666928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803829/; classtype:trojan-activity;sid:83666929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803830/; classtype:trojan-activity;sid:83666930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803831/; classtype:trojan-activity;sid:83666931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803832/; classtype:trojan-activity;sid:83666932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803833/; classtype:trojan-activity;sid:83666933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"zyb.ac"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803826/; classtype:trojan-activity;sid:83666926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-x86"; depth:9; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803822/; classtype:trojan-activity;sid:83666922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm7"; depth:10; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803823/; classtype:trojan-activity;sid:83666923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803824/; classtype:trojan-activity;sid:83666924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mips"; depth:10; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803825/; classtype:trojan-activity;sid:83666925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-ppc"; depth:9; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803819/; classtype:trojan-activity;sid:83666919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm"; depth:9; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803820/; classtype:trojan-activity;sid:83666920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-m68k"; depth:10; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803821/; classtype:trojan-activity;sid:83666921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-sh4"; depth:9; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803816/; classtype:trojan-activity;sid:83666916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-mpsl"; depth:10; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803817/; classtype:trojan-activity;sid:83666917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm6"; depth:10; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803818/; classtype:trojan-activity;sid:83666918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803813/; classtype:trojan-activity;sid:83666913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803814/; classtype:trojan-activity;sid:83666914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/most-arm5"; depth:10; endswith; nocase; http.host; content:"net-killer.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803815/; classtype:trojan-activity;sid:83666915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.106.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803812/; classtype:trojan-activity;sid:83666912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.215.141.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803811/; classtype:trojan-activity;sid:83666911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.242.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803810/; classtype:trojan-activity;sid:83666910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.92.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803809/; classtype:trojan-activity;sid:83666909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803806/; classtype:trojan-activity;sid:83666906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803807/; classtype:trojan-activity;sid:83666907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803808/; classtype:trojan-activity;sid:83666908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803801/; classtype:trojan-activity;sid:83666901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803802/; classtype:trojan-activity;sid:83666902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803803/; classtype:trojan-activity;sid:83666903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803804/; classtype:trojan-activity;sid:83666904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803805/; classtype:trojan-activity;sid:83666905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803799/; classtype:trojan-activity;sid:83666899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803800/; classtype:trojan-activity;sid:83666900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803797/; classtype:trojan-activity;sid:83666897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"a.iruko.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803798/; classtype:trojan-activity;sid:83666898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mpsl"; depth:10; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803789/; classtype:trojan-activity;sid:83666889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.spc"; depth:9; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803790/; classtype:trojan-activity;sid:83666890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.sh4"; depth:9; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803791/; classtype:trojan-activity;sid:83666891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.m68k"; depth:10; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803792/; classtype:trojan-activity;sid:83666892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.ppc"; depth:9; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803793/; classtype:trojan-activity;sid:83666893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm7"; depth:10; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803794/; classtype:trojan-activity;sid:83666894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803795/; classtype:trojan-activity;sid:83666895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mips"; depth:10; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803796/; classtype:trojan-activity;sid:83666896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.184.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803784/; classtype:trojan-activity;sid:83666884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86"; depth:9; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803785/; classtype:trojan-activity;sid:83666885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm5"; depth:10; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803786/; classtype:trojan-activity;sid:83666886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm"; depth:9; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803787/; classtype:trojan-activity;sid:83666887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm6"; depth:10; endswith; nocase; http.host; content:"cnc.pr333.ggm.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803788/; classtype:trojan-activity;sid:83666888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.109.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803783/; classtype:trojan-activity;sid:83666883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803782/; classtype:trojan-activity;sid:83666882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"71.89.182.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803781/; classtype:trojan-activity;sid:83666881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.91.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803780/; classtype:trojan-activity;sid:83666880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.92.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803779/; classtype:trojan-activity;sid:83666879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.120.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803778/; classtype:trojan-activity;sid:83666878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.10.147.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803777/; classtype:trojan-activity;sid:83666877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.10.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803775/; classtype:trojan-activity;sid:83666875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.80.55.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803776/; classtype:trojan-activity;sid:83666876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.26.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803774/; classtype:trojan-activity;sid:83666874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.200.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803773/; classtype:trojan-activity;sid:83666873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.119.9.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803772/; classtype:trojan-activity;sid:83666872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.21.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803770/; classtype:trojan-activity;sid:83666870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.87.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803771/; classtype:trojan-activity;sid:83666871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803769/; classtype:trojan-activity;sid:83666869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"103.20.235.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803768/; classtype:trojan-activity;sid:83666868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803763/; classtype:trojan-activity;sid:83666863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803764/; classtype:trojan-activity;sid:83666864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803765/; classtype:trojan-activity;sid:83666865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803766/; classtype:trojan-activity;sid:83666866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803767/; classtype:trojan-activity;sid:83666867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803761/; classtype:trojan-activity;sid:83666861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803762/; classtype:trojan-activity;sid:83666862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803754/; classtype:trojan-activity;sid:83666854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803755/; classtype:trojan-activity;sid:83666855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803756/; classtype:trojan-activity;sid:83666856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803757/; classtype:trojan-activity;sid:83666857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803758/; classtype:trojan-activity;sid:83666858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803759/; classtype:trojan-activity;sid:83666859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803760/; classtype:trojan-activity;sid:83666860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803752/; classtype:trojan-activity;sid:83666852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803753/; classtype:trojan-activity;sid:83666853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.75.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803748/; classtype:trojan-activity;sid:83666848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803749/; classtype:trojan-activity;sid:83666849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803750/; classtype:trojan-activity;sid:83666850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"103.20.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803751/; classtype:trojan-activity;sid:83666851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803746/; classtype:trojan-activity;sid:83666846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"159.100.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803747/; classtype:trojan-activity;sid:83666847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.109.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803745/; classtype:trojan-activity;sid:83666845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.92.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803744/; classtype:trojan-activity;sid:83666844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.111.31.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803743/; classtype:trojan-activity;sid:83666843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.6.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803742/; classtype:trojan-activity;sid:83666842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.220.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803741/; classtype:trojan-activity;sid:83666841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.154.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803740/; classtype:trojan-activity;sid:83666840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.90.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803739/; classtype:trojan-activity;sid:83666839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.244.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803737/; classtype:trojan-activity;sid:83666837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.184.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803738/; classtype:trojan-activity;sid:83666838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.247.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803736/; classtype:trojan-activity;sid:83666836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.11.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803735/; classtype:trojan-activity;sid:83666835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.94.156.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803733/; classtype:trojan-activity;sid:83666833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.63.31.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803734/; classtype:trojan-activity;sid:83666834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803732/; classtype:trojan-activity;sid:83666832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.117.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803731/; classtype:trojan-activity;sid:83666831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.121.87.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803729/; classtype:trojan-activity;sid:83666829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.29.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803730/; classtype:trojan-activity;sid:83666830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.154.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803728/; classtype:trojan-activity;sid:83666828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.138.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803727/; classtype:trojan-activity;sid:83666827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.223.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803725/; classtype:trojan-activity;sid:83666825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668361522|3f|hash=whbsiigdkw7qdlqip7luq9bm3i0r3jhwmy3fs3ze8xh|7c|26|7c|dl=pzakpwh0rikrfe124f0nsey1ibwloty0s0r7fe2agfl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803726/; classtype:trojan-activity;sid:83666826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.244.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803724/; classtype:trojan-activity;sid:83666824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803723/; classtype:trojan-activity;sid:83666823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.29.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803722/; classtype:trojan-activity;sid:83666822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.91.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803721/; classtype:trojan-activity;sid:83666821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.123.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803720/; classtype:trojan-activity;sid:83666820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.73.67.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803719/; classtype:trojan-activity;sid:83666819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.234.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803718/; classtype:trojan-activity;sid:83666818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.239.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803717/; classtype:trojan-activity;sid:83666817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.223.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803716/; classtype:trojan-activity;sid:83666816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.15.8.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803715/; classtype:trojan-activity;sid:83666815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.82.143.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803714/; classtype:trojan-activity;sid:83666814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.86.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803713/; classtype:trojan-activity;sid:83666813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.82.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803712/; classtype:trojan-activity;sid:83666812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.235.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803711/; classtype:trojan-activity;sid:83666811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.190.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803710/; classtype:trojan-activity;sid:83666810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803709/; classtype:trojan-activity;sid:83666809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.154.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803708/; classtype:trojan-activity;sid:83666808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.45.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803707/; classtype:trojan-activity;sid:83666807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.169.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803706/; classtype:trojan-activity;sid:83666806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.169.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803705/; classtype:trojan-activity;sid:83666805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.20.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803704/; classtype:trojan-activity;sid:83666804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.235.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803703/; classtype:trojan-activity;sid:83666803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.117.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803702/; classtype:trojan-activity;sid:83666802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.184.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803701/; classtype:trojan-activity;sid:83666801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.45.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803700/; classtype:trojan-activity;sid:83666800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.190.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803699/; classtype:trojan-activity;sid:83666799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.204.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803698/; classtype:trojan-activity;sid:83666798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.206.47.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803697/; classtype:trojan-activity;sid:83666797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.184.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803696/; classtype:trojan-activity;sid:83666796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.248.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803695/; classtype:trojan-activity;sid:83666795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.70.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803694/; classtype:trojan-activity;sid:83666794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.120.10.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803693/; classtype:trojan-activity;sid:83666793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.159.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803692/; classtype:trojan-activity;sid:83666792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.20.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803691/; classtype:trojan-activity;sid:83666791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.65.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803690/; classtype:trojan-activity;sid:83666790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.235.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803689/; classtype:trojan-activity;sid:83666789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.95.228.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803688/; classtype:trojan-activity;sid:83666788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.174.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803687/; classtype:trojan-activity;sid:83666787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.230.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803686/; classtype:trojan-activity;sid:83666786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.206.47.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803685/; classtype:trojan-activity;sid:83666785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.70.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803684/; classtype:trojan-activity;sid:83666784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.87.49.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803683/; classtype:trojan-activity;sid:83666783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.65.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803682/; classtype:trojan-activity;sid:83666782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/ce736be0b00ea25a9155101e47dc9fd9/client.exe"; depth:48; endswith; nocase; http.host; content:"download.oxy.st"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803681/; classtype:trojan-activity;sid:83666781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.203.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803680/; classtype:trojan-activity;sid:83666780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.55.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803679/; classtype:trojan-activity;sid:83666779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.150.181.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803676/; classtype:trojan-activity;sid:83666776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.69.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803677/; classtype:trojan-activity;sid:83666777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.32.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803678/; classtype:trojan-activity;sid:83666778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.198.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803675/; classtype:trojan-activity;sid:83666775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.246.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803674/; classtype:trojan-activity;sid:83666774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.228.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803673/; classtype:trojan-activity;sid:83666773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.31.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803672/; classtype:trojan-activity;sid:83666772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/lw8lvhhnmg7sadt22kdg0/trustlauncher.rar|3f|rlkey=2ljl7p6w0wgeloj224b1hd0dm|7c|26|7c|dl=1"; depth:96; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803671/; classtype:trojan-activity;sid:83666771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/midjourney.7z"; depth:14; endswith; nocase; http.host; content:"urbantiara.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803670/; classtype:trojan-activity;sid:83666770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.60.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803669/; classtype:trojan-activity;sid:83666769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.209.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803668/; classtype:trojan-activity;sid:83666768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.45.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803667/; classtype:trojan-activity;sid:83666767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.6.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803666/; classtype:trojan-activity;sid:83666766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.239.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803665/; classtype:trojan-activity;sid:83666765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.49.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803664/; classtype:trojan-activity;sid:83666764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.86.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803663/; classtype:trojan-activity;sid:83666763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.91.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803661/; classtype:trojan-activity;sid:83666761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.87.49.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803662/; classtype:trojan-activity;sid:83666762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.203.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803660/; classtype:trojan-activity;sid:83666760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.78.39.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803659/; classtype:trojan-activity;sid:83666759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.228.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803658/; classtype:trojan-activity;sid:83666758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.151.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803657/; classtype:trojan-activity;sid:83666757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.25.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803656/; classtype:trojan-activity;sid:83666756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.31.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803655/; classtype:trojan-activity;sid:83666755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.60.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803654/; classtype:trojan-activity;sid:83666754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.49.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803653/; classtype:trojan-activity;sid:83666753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.95.130.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803652/; classtype:trojan-activity;sid:83666752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.91.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803651/; classtype:trojan-activity;sid:83666751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803650/; classtype:trojan-activity;sid:83666750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.5.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803648/; classtype:trojan-activity;sid:83666748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.78.39.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803649/; classtype:trojan-activity;sid:83666749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668357786|3f|hash=wtozzcav4tbbsz81wyyju8ueotzze7jpz0de6nqdl0k|7c|26|7c|dl=k009zxc6zrf32ajp3fth3jrcjvzwswezbldepzukziw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803647/; classtype:trojan-activity;sid:83666747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.28.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803646/; classtype:trojan-activity;sid:83666746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.54.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803645/; classtype:trojan-activity;sid:83666745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output.exe"; depth:11; endswith; nocase; http.host; content:"johnnyyyzzeeebii.serv00.net"; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803644/; classtype:trojan-activity;sid:83666744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.250"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803643/; classtype:trojan-activity;sid:83666743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803641/; classtype:trojan-activity;sid:83666741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.179.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803642/; classtype:trojan-activity;sid:83666742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.198.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803639/; classtype:trojan-activity;sid:83666739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.173.109.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803640/; classtype:trojan-activity;sid:83666740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.8.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803638/; classtype:trojan-activity;sid:83666738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.73.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803637/; classtype:trojan-activity;sid:83666737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.5.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803636/; classtype:trojan-activity;sid:83666736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.227.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803635/; classtype:trojan-activity;sid:83666735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.157.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803634/; classtype:trojan-activity;sid:83666734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.54.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803633/; classtype:trojan-activity;sid:83666733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.149.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803632/; classtype:trojan-activity;sid:83666732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.70.92.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803631/; classtype:trojan-activity;sid:83666731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.193.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803630/; classtype:trojan-activity;sid:83666730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.179.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803629/; classtype:trojan-activity;sid:83666729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.253.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803628/; classtype:trojan-activity;sid:83666728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.20.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803627/; classtype:trojan-activity;sid:83666727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.198.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803626/; classtype:trojan-activity;sid:83666726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.144.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803625/; classtype:trojan-activity;sid:83666725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803624/; classtype:trojan-activity;sid:83666724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803621/; classtype:trojan-activity;sid:83666721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.114.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803622/; classtype:trojan-activity;sid:83666722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.38.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803623/; classtype:trojan-activity;sid:83666723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.225.111.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803620/; classtype:trojan-activity;sid:83666720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.170.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803619/; classtype:trojan-activity;sid:83666719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.225.111.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803618/; classtype:trojan-activity;sid:83666718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.179.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803617/; classtype:trojan-activity;sid:83666717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.193.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803616/; classtype:trojan-activity;sid:83666716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.9.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803615/; classtype:trojan-activity;sid:83666715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803614/; classtype:trojan-activity;sid:83666714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.157.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803613/; classtype:trojan-activity;sid:83666713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.102.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803612/; classtype:trojan-activity;sid:83666712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.160.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803611/; classtype:trojan-activity;sid:83666711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.230.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803610/; classtype:trojan-activity;sid:83666710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.20.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803609/; classtype:trojan-activity;sid:83666709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.230.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803608/; classtype:trojan-activity;sid:83666708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.173.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803607/; classtype:trojan-activity;sid:83666707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.254.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803606/; classtype:trojan-activity;sid:83666706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.133.218.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803605/; classtype:trojan-activity;sid:83666705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.9.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803604/; classtype:trojan-activity;sid:83666704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.214.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803603/; classtype:trojan-activity;sid:83666703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.87.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803602/; classtype:trojan-activity;sid:83666702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.179.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803601/; classtype:trojan-activity;sid:83666701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.170.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803600/; classtype:trojan-activity;sid:83666700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.160.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803599/; classtype:trojan-activity;sid:83666699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.189.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803598/; classtype:trojan-activity;sid:83666698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.83.168.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803597/; classtype:trojan-activity;sid:83666697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.75.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803596/; classtype:trojan-activity;sid:83666696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.83.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803595/; classtype:trojan-activity;sid:83666695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.87.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803594/; classtype:trojan-activity;sid:83666694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.172.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803593/; classtype:trojan-activity;sid:83666693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803592/; classtype:trojan-activity;sid:83666692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.209.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803591/; classtype:trojan-activity;sid:83666691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.162.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803589/; classtype:trojan-activity;sid:83666689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.141.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803590/; classtype:trojan-activity;sid:83666690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.36.212.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803588/; classtype:trojan-activity;sid:83666688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.173.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803587/; classtype:trojan-activity;sid:83666687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.214.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803586/; classtype:trojan-activity;sid:83666686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.157.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803585/; classtype:trojan-activity;sid:83666685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.214.245.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803584/; classtype:trojan-activity;sid:83666684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.191.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803583/; classtype:trojan-activity;sid:83666683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.189.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803582/; classtype:trojan-activity;sid:83666682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.36.212.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803581/; classtype:trojan-activity;sid:83666681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.105.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803579/; classtype:trojan-activity;sid:83666679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.10.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803580/; classtype:trojan-activity;sid:83666680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.69.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803578/; classtype:trojan-activity;sid:83666678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.162.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803577/; classtype:trojan-activity;sid:83666677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803576/; classtype:trojan-activity;sid:83666676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.191.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803575/; classtype:trojan-activity;sid:83666675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.79.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803574/; classtype:trojan-activity;sid:83666674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.64.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803573/; classtype:trojan-activity;sid:83666673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.58.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803571/; classtype:trojan-activity;sid:83666671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.59.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803572/; classtype:trojan-activity;sid:83666672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803570/; classtype:trojan-activity;sid:83666670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.46.205.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803569/; classtype:trojan-activity;sid:83666669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.204.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803568/; classtype:trojan-activity;sid:83666668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.72.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803567/; classtype:trojan-activity;sid:83666667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.69.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803566/; classtype:trojan-activity;sid:83666666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.157.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803565/; classtype:trojan-activity;sid:83666665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.239.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803564/; classtype:trojan-activity;sid:83666664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803563/; classtype:trojan-activity;sid:83666663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803562/; classtype:trojan-activity;sid:83666662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.137.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803559/; classtype:trojan-activity;sid:83666659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.127.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803560/; classtype:trojan-activity;sid:83666660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.13.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803561/; classtype:trojan-activity;sid:83666661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.180.13.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803558/; classtype:trojan-activity;sid:83666658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.204.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803557/; classtype:trojan-activity;sid:83666657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.46.205.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803556/; classtype:trojan-activity;sid:83666656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.72.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803555/; classtype:trojan-activity;sid:83666655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.215.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803554/; classtype:trojan-activity;sid:83666654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.179.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803553/; classtype:trojan-activity;sid:83666653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhflqhlq/stmon.exe"; depth:19; endswith; nocase; http.host; content:"34.230.221.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803552/; classtype:trojan-activity;sid:83666652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.13.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803551/; classtype:trojan-activity;sid:83666651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.103.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803550/; classtype:trojan-activity;sid:83666650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.46.205.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803549/; classtype:trojan-activity;sid:83666649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.97.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803548/; classtype:trojan-activity;sid:83666648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.13.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803547/; classtype:trojan-activity;sid:83666647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.120.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803546/; classtype:trojan-activity;sid:83666646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.103.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803545/; classtype:trojan-activity;sid:83666645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.40.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803544/; classtype:trojan-activity;sid:83666644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.76.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803543/; classtype:trojan-activity;sid:83666643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.121.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803542/; classtype:trojan-activity;sid:83666642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.198.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803541/; classtype:trojan-activity;sid:83666641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.235.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803540/; classtype:trojan-activity;sid:83666640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.181.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803539/; classtype:trojan-activity;sid:83666639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.188.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803538/; classtype:trojan-activity;sid:83666638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.151.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803537/; classtype:trojan-activity;sid:83666637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.215.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803536/; classtype:trojan-activity;sid:83666636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.55.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803535/; classtype:trojan-activity;sid:83666635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.txt"; depth:6; endswith; nocase; http.host; content:"195.130.202.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803534/; classtype:trojan-activity;sid:83666634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.162.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803533/; classtype:trojan-activity;sid:83666633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.26.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803532/; classtype:trojan-activity;sid:83666632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.198.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803531/; classtype:trojan-activity;sid:83666631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.22.14"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803530/; classtype:trojan-activity;sid:83666630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.55.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803529/; classtype:trojan-activity;sid:83666629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.218.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803528/; classtype:trojan-activity;sid:83666628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.181.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803526/; classtype:trojan-activity;sid:83666626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.188.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803527/; classtype:trojan-activity;sid:83666627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig.exe"; depth:10; endswith; nocase; http.host; content:"neosusu01.netlify.app"; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803525/; classtype:trojan-activity;sid:83666625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/pomo/po.php"; depth:24; endswith; nocase; http.host; content:"kenesrakishev.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803524/; classtype:trojan-activity;sid:83666624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document.exe"; depth:13; endswith; nocase; http.host; content:"pub-bfce74d1910148989228a2ae7c102b8a.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803523/; classtype:trojan-activity;sid:83666623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/460925/brawlb0t.exe"; depth:22; endswith; nocase; http.host; content:"file-drop.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803522/; classtype:trojan-activity;sid:83666622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/server/appgate2103v01.exe"; depth:37; endswith; nocase; http.host; content:"piramidglobaltobacco.id"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803518/; classtype:trojan-activity;sid:83666618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/medcallaboratory5.exe"; depth:22; endswith; nocase; http.host; content:"192.3.109.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803519/; classtype:trojan-activity;sid:83666619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmui/nbminer.exe"; depth:17; endswith; nocase; http.host; content:"java.okczb.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803520/; classtype:trojan-activity;sid:83666620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rcrtcrmc/stmon.exe"; depth:19; endswith; nocase; http.host; content:"34.230.221.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803521/; classtype:trojan-activity;sid:83666621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/securitycheck.exe"; depth:18; endswith; nocase; http.host; content:"i-like-hokku.co.ua"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803516/; classtype:trojan-activity;sid:83666616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/printspoofer.exe"; depth:17; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803517/; classtype:trojan-activity;sid:83666617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lumma3.exe"; depth:11; endswith; nocase; http.host; content:"193.233.132.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803515/; classtype:trojan-activity;sid:83666615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23cafb7a4fcef13f/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"89.105.201.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803514/; classtype:trojan-activity;sid:83666614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/trustlauncher.rar"; depth:23; endswith; nocase; http.host; content:"www.mynestudiocontable.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803510/; classtype:trojan-activity;sid:83666610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/af19c4/svchost.exe"; depth:21; endswith; nocase; http.host; content:"file-drop.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803511/; classtype:trojan-activity;sid:83666611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload-x64.exe"; depth:16; endswith; nocase; http.host; content:"182.23.67.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803512/; classtype:trojan-activity;sid:83666612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23cafb7a4fcef13f/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"89.105.201.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803513/; classtype:trojan-activity;sid:83666613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23cafb7a4fcef13f/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"89.105.201.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803509/; classtype:trojan-activity;sid:83666609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/th/retailer_sup.exe"; depth:29; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803506/; classtype:trojan-activity;sid:83666606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gttbfogvko.exe"; depth:15; endswith; nocase; http.host; content:"80.66.76.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803507/; classtype:trojan-activity;sid:83666607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jipa.exe"; depth:9; endswith; nocase; http.host; content:"huureiirre.website"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803508/; classtype:trojan-activity;sid:83666608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803505/; classtype:trojan-activity;sid:83666605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803504/; classtype:trojan-activity;sid:83666604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.98.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803503/; classtype:trojan-activity;sid:83666603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.114.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803502/; classtype:trojan-activity;sid:83666602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yccobn/mayfro.exe"; depth:18; endswith; nocase; http.host; content:"168.138.211.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803501/; classtype:trojan-activity;sid:83666601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.217.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803500/; classtype:trojan-activity;sid:83666600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.236.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803499/; classtype:trojan-activity;sid:83666599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.26.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803498/; classtype:trojan-activity;sid:83666598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.83.173.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803497/; classtype:trojan-activity;sid:83666597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.9.67.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803496/; classtype:trojan-activity;sid:83666596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.11.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803495/; classtype:trojan-activity;sid:83666595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/adobe_update.exe"; depth:22; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803494/; classtype:trojan-activity;sid:83666594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.52.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803493/; classtype:trojan-activity;sid:83666593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.55"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803491/; classtype:trojan-activity;sid:83666591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803492/; classtype:trojan-activity;sid:83666592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.110.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803490/; classtype:trojan-activity;sid:83666590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803489/; classtype:trojan-activity;sid:83666589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.11.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803488/; classtype:trojan-activity;sid:83666588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803487/; classtype:trojan-activity;sid:83666587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.83.173.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803486/; classtype:trojan-activity;sid:83666586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.11.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803485/; classtype:trojan-activity;sid:83666585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.240.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803484/; classtype:trojan-activity;sid:83666584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.107.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803483/; classtype:trojan-activity;sid:83666583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.47.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803482/; classtype:trojan-activity;sid:83666582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.234.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803481/; classtype:trojan-activity;sid:83666581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.11.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803480/; classtype:trojan-activity;sid:83666580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.96.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803479/; classtype:trojan-activity;sid:83666579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.32.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803478/; classtype:trojan-activity;sid:83666578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.75.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803477/; classtype:trojan-activity;sid:83666577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.217.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803475/; classtype:trojan-activity;sid:83666575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803476/; classtype:trojan-activity;sid:83666576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.170.24.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803474/; classtype:trojan-activity;sid:83666574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.59.61.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803473/; classtype:trojan-activity;sid:83666573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.74.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803472/; classtype:trojan-activity;sid:83666572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.240.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803471/; classtype:trojan-activity;sid:83666571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.164.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803470/; classtype:trojan-activity;sid:83666570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.201.35.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803469/; classtype:trojan-activity;sid:83666569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.234.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803468/; classtype:trojan-activity;sid:83666568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803467/; classtype:trojan-activity;sid:83666567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803466/; classtype:trojan-activity;sid:83666566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.252.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803465/; classtype:trojan-activity;sid:83666565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.130.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803463/; classtype:trojan-activity;sid:83666563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.160.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803464/; classtype:trojan-activity;sid:83666564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.133.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803461/; classtype:trojan-activity;sid:83666561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.6.113"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803462/; classtype:trojan-activity;sid:83666562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.42.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803460/; classtype:trojan-activity;sid:83666560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.17.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803459/; classtype:trojan-activity;sid:83666559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.74.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803458/; classtype:trojan-activity;sid:83666558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.26.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803457/; classtype:trojan-activity;sid:83666557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.17.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803456/; classtype:trojan-activity;sid:83666556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/th/retailer_prog.exe"; depth:30; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803455/; classtype:trojan-activity;sid:83666555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.61.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803454/; classtype:trojan-activity;sid:83666554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.86.4.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803452/; classtype:trojan-activity;sid:83666552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.26.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803453/; classtype:trojan-activity;sid:83666553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.233.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803451/; classtype:trojan-activity;sid:83666551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.114.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803450/; classtype:trojan-activity;sid:83666550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.41.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803449/; classtype:trojan-activity;sid:83666549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.30.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803448/; classtype:trojan-activity;sid:83666548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.188.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803447/; classtype:trojan-activity;sid:83666547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.202.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803446/; classtype:trojan-activity;sid:83666546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.10.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803445/; classtype:trojan-activity;sid:83666545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.94.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803444/; classtype:trojan-activity;sid:83666544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.41.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803442/; classtype:trojan-activity;sid:83666542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.219.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803443/; classtype:trojan-activity;sid:83666543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.91.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803441/; classtype:trojan-activity;sid:83666541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.15.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803439/; classtype:trojan-activity;sid:83666539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.78.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803440/; classtype:trojan-activity;sid:83666540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.26.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803437/; classtype:trojan-activity;sid:83666537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.61.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803438/; classtype:trojan-activity;sid:83666538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.30.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803436/; classtype:trojan-activity;sid:83666536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.231.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803435/; classtype:trojan-activity;sid:83666535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.202.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803434/; classtype:trojan-activity;sid:83666534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.219.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803433/; classtype:trojan-activity;sid:83666533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.94.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803432/; classtype:trojan-activity;sid:83666532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.91.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803431/; classtype:trojan-activity;sid:83666531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.29.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803430/; classtype:trojan-activity;sid:83666530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linuxasync/080389b6ed5252ce01ad79d9415c648c3ad0a5e2.bin"; depth:56; endswith; nocase; http.host; content:"a0932621.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803429/; classtype:trojan-activity;sid:83666529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.52.226.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803427/; classtype:trojan-activity;sid:83666527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.115.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803428/; classtype:trojan-activity;sid:83666528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.231.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803426/; classtype:trojan-activity;sid:83666526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.29.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803425/; classtype:trojan-activity;sid:83666525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.223.87.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803424/; classtype:trojan-activity;sid:83666524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.187.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803423/; classtype:trojan-activity;sid:83666523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.161.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803422/; classtype:trojan-activity;sid:83666522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.41.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803421/; classtype:trojan-activity;sid:83666521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.42.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803420/; classtype:trojan-activity;sid:83666520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.240.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803419/; classtype:trojan-activity;sid:83666519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.61.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803418/; classtype:trojan-activity;sid:83666518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.1.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803416/; classtype:trojan-activity;sid:83666516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.141.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803417/; classtype:trojan-activity;sid:83666517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.51.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803415/; classtype:trojan-activity;sid:83666515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.210.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803414/; classtype:trojan-activity;sid:83666514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.220.146.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803413/; classtype:trojan-activity;sid:83666513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.54.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803411/; classtype:trojan-activity;sid:83666511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.85.94.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803412/; classtype:trojan-activity;sid:83666512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.248.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803410/; classtype:trojan-activity;sid:83666510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.10.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803409/; classtype:trojan-activity;sid:83666509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.127.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803408/; classtype:trojan-activity;sid:83666508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.171.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803407/; classtype:trojan-activity;sid:83666507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.45.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803406/; classtype:trojan-activity;sid:83666506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.43.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803405/; classtype:trojan-activity;sid:83666505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.85.94.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803404/; classtype:trojan-activity;sid:83666504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.184.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803403/; classtype:trojan-activity;sid:83666503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.42.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803402/; classtype:trojan-activity;sid:83666502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.232.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803401/; classtype:trojan-activity;sid:83666501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.240.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803400/; classtype:trojan-activity;sid:83666500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.61.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803399/; classtype:trojan-activity;sid:83666499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.69.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803398/; classtype:trojan-activity;sid:83666498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.236.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803396/; classtype:trojan-activity;sid:83666496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.208.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803397/; classtype:trojan-activity;sid:83666497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.135.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803395/; classtype:trojan-activity;sid:83666495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.20.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803394/; classtype:trojan-activity;sid:83666494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803392/; classtype:trojan-activity;sid:83666492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.29.109.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803393/; classtype:trojan-activity;sid:83666493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.22.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803391/; classtype:trojan-activity;sid:83666491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803390/; classtype:trojan-activity;sid:83666490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.127.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803388/; classtype:trojan-activity;sid:83666488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.100.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803389/; classtype:trojan-activity;sid:83666489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.223.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803387/; classtype:trojan-activity;sid:83666487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.45.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803386/; classtype:trojan-activity;sid:83666486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.118.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803385/; classtype:trojan-activity;sid:83666485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.16.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803384/; classtype:trojan-activity;sid:83666484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.43.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803383/; classtype:trojan-activity;sid:83666483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.230.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803381/; classtype:trojan-activity;sid:83666481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.41.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803382/; classtype:trojan-activity;sid:83666482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.80.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803380/; classtype:trojan-activity;sid:83666480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.251.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803378/; classtype:trojan-activity;sid:83666478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.220.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803379/; classtype:trojan-activity;sid:83666479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.103.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803377/; classtype:trojan-activity;sid:83666477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.191.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803374/; classtype:trojan-activity;sid:83666474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.25.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803375/; classtype:trojan-activity;sid:83666475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.108.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803376/; classtype:trojan-activity;sid:83666476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.180.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803373/; classtype:trojan-activity;sid:83666473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.100.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803372/; classtype:trojan-activity;sid:83666472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.32.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803371/; classtype:trojan-activity;sid:83666471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.39.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803369/; classtype:trojan-activity;sid:83666469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.217.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803370/; classtype:trojan-activity;sid:83666470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.126.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803368/; classtype:trojan-activity;sid:83666468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803367/; classtype:trojan-activity;sid:83666467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.180.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803366/; classtype:trojan-activity;sid:83666466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.14.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803365/; classtype:trojan-activity;sid:83666465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.26.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803364/; classtype:trojan-activity;sid:83666464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.223.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803363/; classtype:trojan-activity;sid:83666463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.238.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803362/; classtype:trojan-activity;sid:83666462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.197.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803360/; classtype:trojan-activity;sid:83666460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.209.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803361/; classtype:trojan-activity;sid:83666461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.135.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803359/; classtype:trojan-activity;sid:83666459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.105.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803358/; classtype:trojan-activity;sid:83666458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.126.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803357/; classtype:trojan-activity;sid:83666457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.14.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803356/; classtype:trojan-activity;sid:83666456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.118.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803355/; classtype:trojan-activity;sid:83666455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.52.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803354/; classtype:trojan-activity;sid:83666454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803353/; classtype:trojan-activity;sid:83666453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.26.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803352/; classtype:trojan-activity;sid:83666452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.180.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803351/; classtype:trojan-activity;sid:83666451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.217.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803350/; classtype:trojan-activity;sid:83666450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.195.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803349/; classtype:trojan-activity;sid:83666449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.84.16.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803348/; classtype:trojan-activity;sid:83666448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.30.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803347/; classtype:trojan-activity;sid:83666447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.254.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803346/; classtype:trojan-activity;sid:83666446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.45.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803345/; classtype:trojan-activity;sid:83666445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.16.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803344/; classtype:trojan-activity;sid:83666444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.138.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803343/; classtype:trojan-activity;sid:83666443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803342/; classtype:trojan-activity;sid:83666442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.33.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803341/; classtype:trojan-activity;sid:83666441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.84.16.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803340/; classtype:trojan-activity;sid:83666440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.118.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803338/; classtype:trojan-activity;sid:83666438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.59.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803339/; classtype:trojan-activity;sid:83666439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.227.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803337/; classtype:trojan-activity;sid:83666437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.115.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803336/; classtype:trojan-activity;sid:83666436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.13.1.1"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803335/; classtype:trojan-activity;sid:83666435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.108.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803334/; classtype:trojan-activity;sid:83666434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.138.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803333/; classtype:trojan-activity;sid:83666433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803332/; classtype:trojan-activity;sid:83666432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.81.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803331/; classtype:trojan-activity;sid:83666431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.238.89.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803330/; classtype:trojan-activity;sid:83666430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.170.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803328/; classtype:trojan-activity;sid:83666428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.174"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803329/; classtype:trojan-activity;sid:83666429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.203.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803327/; classtype:trojan-activity;sid:83666427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.40.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803326/; classtype:trojan-activity;sid:83666426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.188.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803324/; classtype:trojan-activity;sid:83666424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.195.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803325/; classtype:trojan-activity;sid:83666425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.106.146.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803323/; classtype:trojan-activity;sid:83666423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.25.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803322/; classtype:trojan-activity;sid:83666422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.248.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803321/; classtype:trojan-activity;sid:83666421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.126.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803320/; classtype:trojan-activity;sid:83666420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.81.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803319/; classtype:trojan-activity;sid:83666419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"102.71.130.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803318/; classtype:trojan-activity;sid:83666418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.203.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803317/; classtype:trojan-activity;sid:83666417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.214.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803316/; classtype:trojan-activity;sid:83666416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.34.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803314/; classtype:trojan-activity;sid:83666414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.45.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803315/; classtype:trojan-activity;sid:83666415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.57.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803313/; classtype:trojan-activity;sid:83666413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.127.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803312/; classtype:trojan-activity;sid:83666412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.95.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803311/; classtype:trojan-activity;sid:83666411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.236.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803310/; classtype:trojan-activity;sid:83666410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.148.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803308/; classtype:trojan-activity;sid:83666408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.230.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803309/; classtype:trojan-activity;sid:83666409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803307/; classtype:trojan-activity;sid:83666407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.22.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803306/; classtype:trojan-activity;sid:83666406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.248.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803305/; classtype:trojan-activity;sid:83666405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.166.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803304/; classtype:trojan-activity;sid:83666404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.84.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803303/; classtype:trojan-activity;sid:83666403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.39.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803302/; classtype:trojan-activity;sid:83666402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.95.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803301/; classtype:trojan-activity;sid:83666401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.209.8.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803299/; classtype:trojan-activity;sid:83666399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803300/; classtype:trojan-activity;sid:83666400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.79.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803298/; classtype:trojan-activity;sid:83666398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.124.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803297/; classtype:trojan-activity;sid:83666397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.245.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803296/; classtype:trojan-activity;sid:83666396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.127.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803295/; classtype:trojan-activity;sid:83666395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.240.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803294/; classtype:trojan-activity;sid:83666394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.55.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803293/; classtype:trojan-activity;sid:83666393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.10.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803292/; classtype:trojan-activity;sid:83666392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.89.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803288/; classtype:trojan-activity;sid:83666388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.159.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803289/; classtype:trojan-activity;sid:83666389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.201.162.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803290/; classtype:trojan-activity;sid:83666390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.211.209.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803291/; classtype:trojan-activity;sid:83666391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.213.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803287/; classtype:trojan-activity;sid:83666387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.162.70.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803286/; classtype:trojan-activity;sid:83666386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.151.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803285/; classtype:trojan-activity;sid:83666385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.245.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803284/; classtype:trojan-activity;sid:83666384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.79.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803283/; classtype:trojan-activity;sid:83666383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.218.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803280/; classtype:trojan-activity;sid:83666380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.166.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803281/; classtype:trojan-activity;sid:83666381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803282/; classtype:trojan-activity;sid:83666382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.209.8.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803279/; classtype:trojan-activity;sid:83666379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.64.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803278/; classtype:trojan-activity;sid:83666378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.69.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803277/; classtype:trojan-activity;sid:83666377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.240.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803275/; classtype:trojan-activity;sid:83666375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.165.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803276/; classtype:trojan-activity;sid:83666376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.4.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803274/; classtype:trojan-activity;sid:83666374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.137.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803273/; classtype:trojan-activity;sid:83666373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803272/; classtype:trojan-activity;sid:83666372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.104.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803271/; classtype:trojan-activity;sid:83666371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.247.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803270/; classtype:trojan-activity;sid:83666370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.41.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803269/; classtype:trojan-activity;sid:83666369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.236.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803268/; classtype:trojan-activity;sid:83666368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.44.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803266/; classtype:trojan-activity;sid:83666366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.185.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803267/; classtype:trojan-activity;sid:83666367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.111.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803265/; classtype:trojan-activity;sid:83666365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.114.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803264/; classtype:trojan-activity;sid:83666364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803263/; classtype:trojan-activity;sid:83666363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.165.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803262/; classtype:trojan-activity;sid:83666362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.54.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803260/; classtype:trojan-activity;sid:83666360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.218.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803261/; classtype:trojan-activity;sid:83666361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803259/; classtype:trojan-activity;sid:83666359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.4.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803258/; classtype:trojan-activity;sid:83666358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.149.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803257/; classtype:trojan-activity;sid:83666357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.0.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803256/; classtype:trojan-activity;sid:83666356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.4.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803255/; classtype:trojan-activity;sid:83666355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.102.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803254/; classtype:trojan-activity;sid:83666354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.155.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803253/; classtype:trojan-activity;sid:83666353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.120.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803250/; classtype:trojan-activity;sid:83666350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.96.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803251/; classtype:trojan-activity;sid:83666351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.156.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803252/; classtype:trojan-activity;sid:83666352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.114.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803249/; classtype:trojan-activity;sid:83666349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.209.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803248/; classtype:trojan-activity;sid:83666348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.23.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803247/; classtype:trojan-activity;sid:83666347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.96.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803246/; classtype:trojan-activity;sid:83666346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.195.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803245/; classtype:trojan-activity;sid:83666345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.155.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803244/; classtype:trojan-activity;sid:83666344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.227.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803243/; classtype:trojan-activity;sid:83666343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.245.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803241/; classtype:trojan-activity;sid:83666341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.213.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803242/; classtype:trojan-activity;sid:83666342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.52.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803239/; classtype:trojan-activity;sid:83666339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.23.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803240/; classtype:trojan-activity;sid:83666340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803238/; classtype:trojan-activity;sid:83666338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.143.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803237/; classtype:trojan-activity;sid:83666337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.85.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803236/; classtype:trojan-activity;sid:83666336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.149.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803235/; classtype:trojan-activity;sid:83666335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.244.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803234/; classtype:trojan-activity;sid:83666334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.209.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803233/; classtype:trojan-activity;sid:83666333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.194.214.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803232/; classtype:trojan-activity;sid:83666332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.137.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803231/; classtype:trojan-activity;sid:83666331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.215.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803230/; classtype:trojan-activity;sid:83666330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.93.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803229/; classtype:trojan-activity;sid:83666329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.143.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803228/; classtype:trojan-activity;sid:83666328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.91.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803227/; classtype:trojan-activity;sid:83666327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.246.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803226/; classtype:trojan-activity;sid:83666326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.85.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803223/; classtype:trojan-activity;sid:83666323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.138.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803224/; classtype:trojan-activity;sid:83666324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.153.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803225/; classtype:trojan-activity;sid:83666325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.244.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803222/; classtype:trojan-activity;sid:83666322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803220/; classtype:trojan-activity;sid:83666320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.208.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803221/; classtype:trojan-activity;sid:83666321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803219/; classtype:trojan-activity;sid:83666319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.215.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803218/; classtype:trojan-activity;sid:83666318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.148.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803217/; classtype:trojan-activity;sid:83666317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.178.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803216/; classtype:trojan-activity;sid:83666316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803215/; classtype:trojan-activity;sid:83666315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.217.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803213/; classtype:trojan-activity;sid:83666313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.164.229.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803214/; classtype:trojan-activity;sid:83666314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.178.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803212/; classtype:trojan-activity;sid:83666312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.111.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803211/; classtype:trojan-activity;sid:83666311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803210/; classtype:trojan-activity;sid:83666310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.93.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803209/; classtype:trojan-activity;sid:83666309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803208/; classtype:trojan-activity;sid:83666308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803207/; classtype:trojan-activity;sid:83666307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.13.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803206/; classtype:trojan-activity;sid:83666306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.114.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803205/; classtype:trojan-activity;sid:83666305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.219.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803204/; classtype:trojan-activity;sid:83666304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.114.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803202/; classtype:trojan-activity;sid:83666302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.217.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803203/; classtype:trojan-activity;sid:83666303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.184.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803201/; classtype:trojan-activity;sid:83666301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.208.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803200/; classtype:trojan-activity;sid:83666300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.128.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803199/; classtype:trojan-activity;sid:83666299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803197/; classtype:trojan-activity;sid:83666297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803198/; classtype:trojan-activity;sid:83666298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.148.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803196/; classtype:trojan-activity;sid:83666296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.11.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803194/; classtype:trojan-activity;sid:83666294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.45.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803195/; classtype:trojan-activity;sid:83666295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.167.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803193/; classtype:trojan-activity;sid:83666293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803192/; classtype:trojan-activity;sid:83666292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.187.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803191/; classtype:trojan-activity;sid:83666291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.251.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803189/; classtype:trojan-activity;sid:83666289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.70.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803190/; classtype:trojan-activity;sid:83666290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.44.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803188/; classtype:trojan-activity;sid:83666288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.53.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803187/; classtype:trojan-activity;sid:83666287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.128.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803186/; classtype:trojan-activity;sid:83666286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.89.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803182/; classtype:trojan-activity;sid:83666282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803183/; classtype:trojan-activity;sid:83666283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"184.60.63.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803184/; classtype:trojan-activity;sid:83666284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.39.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803185/; classtype:trojan-activity;sid:83666285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.207.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803181/; classtype:trojan-activity;sid:83666281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.44.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803180/; classtype:trojan-activity;sid:83666280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.198.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803179/; classtype:trojan-activity;sid:83666279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.37.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803178/; classtype:trojan-activity;sid:83666278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.73.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803177/; classtype:trojan-activity;sid:83666277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.218.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803176/; classtype:trojan-activity;sid:83666276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.130.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803174/; classtype:trojan-activity;sid:83666274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.207.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803175/; classtype:trojan-activity;sid:83666275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.251.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803173/; classtype:trojan-activity;sid:83666273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803172/; classtype:trojan-activity;sid:83666272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.189.162.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803171/; classtype:trojan-activity;sid:83666271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.206.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803170/; classtype:trojan-activity;sid:83666270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.175.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803168/; classtype:trojan-activity;sid:83666268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.13.1.1"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803169/; classtype:trojan-activity;sid:83666269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.151.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803167/; classtype:trojan-activity;sid:83666267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668261252|3f|hash=t3nifxzgzxpjaxbztshzt9oogqrzufacfuzcpuwxhj4|7c|26|7c|dl=zw8ot4hztfrjoytf5lttks0rgvizzwmldgvktdk9zys|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803166/; classtype:trojan-activity;sid:83666266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.3.46"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803165/; classtype:trojan-activity;sid:83666265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.38.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803164/; classtype:trojan-activity;sid:83666264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.125.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803162/; classtype:trojan-activity;sid:83666262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.55.177.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803163/; classtype:trojan-activity;sid:83666263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.151.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803160/; classtype:trojan-activity;sid:83666260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.225.167.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803161/; classtype:trojan-activity;sid:83666261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803156/; classtype:trojan-activity;sid:83666256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.247.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803157/; classtype:trojan-activity;sid:83666257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.212.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803158/; classtype:trojan-activity;sid:83666258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.209.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803159/; classtype:trojan-activity;sid:83666259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.130.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803155/; classtype:trojan-activity;sid:83666255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.22.14"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803154/; classtype:trojan-activity;sid:83666254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.32.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803152/; classtype:trojan-activity;sid:83666252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.195.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803153/; classtype:trojan-activity;sid:83666253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.220.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803151/; classtype:trojan-activity;sid:83666251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.137.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803150/; classtype:trojan-activity;sid:83666250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.227.68.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803149/; classtype:trojan-activity;sid:83666249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.90.90.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803148/; classtype:trojan-activity;sid:83666248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.213.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803147/; classtype:trojan-activity;sid:83666247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.29"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803146/; classtype:trojan-activity;sid:83666246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.211.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803145/; classtype:trojan-activity;sid:83666245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.23.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803144/; classtype:trojan-activity;sid:83666244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.243.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803143/; classtype:trojan-activity;sid:83666243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.119.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803142/; classtype:trojan-activity;sid:83666242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.115.145.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803141/; classtype:trojan-activity;sid:83666241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.149.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803140/; classtype:trojan-activity;sid:83666240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.47.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803139/; classtype:trojan-activity;sid:83666239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.151.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803138/; classtype:trojan-activity;sid:83666238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.112.122.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803137/; classtype:trojan-activity;sid:83666237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.246.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803136/; classtype:trojan-activity;sid:83666236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.23.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803135/; classtype:trojan-activity;sid:83666235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.211.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803134/; classtype:trojan-activity;sid:83666234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.46.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803133/; classtype:trojan-activity;sid:83666233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.123.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803132/; classtype:trojan-activity;sid:83666232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.47.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803130/; classtype:trojan-activity;sid:83666230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.156.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803131/; classtype:trojan-activity;sid:83666231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.213.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803129/; classtype:trojan-activity;sid:83666229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.196.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803128/; classtype:trojan-activity;sid:83666228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.123.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803127/; classtype:trojan-activity;sid:83666227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.2.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803126/; classtype:trojan-activity;sid:83666226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.245.179.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803125/; classtype:trojan-activity;sid:83666225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.132.186.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803124/; classtype:trojan-activity;sid:83666224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.193.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803123/; classtype:trojan-activity;sid:83666223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.160.139.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803122/; classtype:trojan-activity;sid:83666222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/insomnia%20loader.zip"; depth:26; endswith; nocase; http.host; content:"insomniahack.fun"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803121/; classtype:trojan-activity;sid:83666221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/nwf9z72k|3f|download"; depth:30; endswith; nocase; http.host; content:"pixeldrain.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803120/; classtype:trojan-activity;sid:83666220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.2.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803119/; classtype:trojan-activity;sid:83666219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.196.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803118/; classtype:trojan-activity;sid:83666218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/broomsetup.exe"; depth:15; endswith; nocase; http.host; content:"185.172.128.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803117/; classtype:trojan-activity;sid:83666217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.202.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803115/; classtype:trojan-activity;sid:83666215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/alexxxxxxxx.exe"; depth:21; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803116/; classtype:trojan-activity;sid:83666216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syncupd.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803113/; classtype:trojan-activity;sid:83666213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ledger-live.exe"; depth:16; endswith; nocase; http.host; content:"185.172.128.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803114/; classtype:trojan-activity;sid:83666214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e01344cf59ab042c145ef9f1d3dd469d/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803105/; classtype:trojan-activity;sid:83666205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1aa4507a2a1ff5a21a0006841c45af1e/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803106/; classtype:trojan-activity;sid:83666206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b44ff5e2684c208c4de0c8fac094e59/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803107/; classtype:trojan-activity;sid:83666207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfdcef1e5c78522151ab7c58b2ac68db/4767d2e713f2021e8fe856e3ea638b58.exe"; depth:70; endswith; nocase; http.host; content:"junglethomas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803108/; classtype:trojan-activity;sid:83666208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a7d44325cf6b14c6f79ee0f16e628759/4767d2e713f2021e8fe856e3ea638b58.exe"; depth:70; endswith; nocase; http.host; content:"junglethomas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803109/; classtype:trojan-activity;sid:83666209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a7d44325cf6b14c6f79ee0f16e628759/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803110/; classtype:trojan-activity;sid:83666210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b44ff5e2684c208c4de0c8fac094e59/4767d2e713f2021e8fe856e3ea638b58.exe"; depth:70; endswith; nocase; http.host; content:"junglethomas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803111/; classtype:trojan-activity;sid:83666211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3692dd152c69adff8a2421d19a73e70a/4767d2e713f2021e8fe856e3ea638b58.exe"; depth:70; endswith; nocase; http.host; content:"junglethomas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803112/; classtype:trojan-activity;sid:83666212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installer.exe"; depth:14; endswith; nocase; http.host; content:"dwnld.392391234.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803104/; classtype:trojan-activity;sid:83666204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egejyvoz/stmon.exe"; depth:19; endswith; nocase; http.host; content:"34.230.221.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803103/; classtype:trojan-activity;sid:83666203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/1111.exe"; depth:14; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803102/; classtype:trojan-activity;sid:83666202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84bad7132df89fd7/nss3.dll"; depth:26; endswith; nocase; http.host; content:"52.143.157.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803101/; classtype:trojan-activity;sid:83666201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84bad7132df89fd7/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"52.143.157.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803097/; classtype:trojan-activity;sid:83666197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfdcef1e5c78522151ab7c58b2ac68db/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803098/; classtype:trojan-activity;sid:83666198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/new1.exe"; depth:14; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803099/; classtype:trojan-activity;sid:83666199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84bad7132df89fd7/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"52.143.157.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803100/; classtype:trojan-activity;sid:83666200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84bad7132df89fd7/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"52.143.157.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803091/; classtype:trojan-activity;sid:83666191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84bad7132df89fd7/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"52.143.157.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803092/; classtype:trojan-activity;sid:83666192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disk/ccfe416d2965a9b2d781ed4d9a3eec7554204fba2a13dab3738018ae8dc9d2a4/6611dbdc/dgghks6zfpqkvyfbdhet5v7rdsxhlx9j9bobjcbopzudtgo1qkdrry5hqgstzjpqw1kqvfdvb8coirywmcvqkq%3d%3d|3f|uid=0|7c|26|7c|filename=escalibur%20crack.rar|7c|26|7c|disposition=attachment|7c|26|7c|hash=ymbssgpjje0ajn7oxekxfetbdki%2bijdujwqpdpkdkcso8apugcktfs9xvur8cfpnq/j6bpmryojont3voxndag%3d%3d|7c|26|7c|limit=0|7c|26|7c|content_type=application%2fx-rar|7c|26|7c|owner_uid=1540073697|7c|26|7c|fsize=49484|7c|26|7c|hid=f277e300fbd2010f6bb081d43f3d052e|7c|26|7c|media_type=compressed|7c|26|7c|tknv=v2"; depth:566; endswith; nocase; http.host; content:"downloader.disk.yandex.ru"; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803093/; classtype:trojan-activity;sid:83666193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/swiiii.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803094/; classtype:trojan-activity;sid:83666194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84bad7132df89fd7/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"52.143.157.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803095/; classtype:trojan-activity;sid:83666195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84bad7132df89fd7/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"52.143.157.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803096/; classtype:trojan-activity;sid:83666196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6fdc4243e7b884e283b20a936c67f6a7/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803090/; classtype:trojan-activity;sid:83666190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/8fa57f978f04aee46a073ad093fb4900/escalibur_crack.rar"; depth:57; endswith; nocase; http.host; content:"download.oxy.st"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803088/; classtype:trojan-activity;sid:83666188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6fdc4243e7b884e283b20a936c67f6a7/4767d2e713f2021e8fe856e3ea638b58.exe"; depth:70; endswith; nocase; http.host; content:"junglethomas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803089/; classtype:trojan-activity;sid:83666189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.138.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803087/; classtype:trojan-activity;sid:83666187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.184.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803086/; classtype:trojan-activity;sid:83666186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.137.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803085/; classtype:trojan-activity;sid:83666185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.15.93.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803083/; classtype:trojan-activity;sid:83666183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"14.155.222.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803084/; classtype:trojan-activity;sid:83666184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.183.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803081/; classtype:trojan-activity;sid:83666181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.199.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803082/; classtype:trojan-activity;sid:83666182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"70.177.78.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803080/; classtype:trojan-activity;sid:83666180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.184.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803079/; classtype:trojan-activity;sid:83666179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.253.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803078/; classtype:trojan-activity;sid:83666178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803077/; classtype:trojan-activity;sid:83666177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.65.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803076/; classtype:trojan-activity;sid:83666176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803075/; classtype:trojan-activity;sid:83666175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.192.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803074/; classtype:trojan-activity;sid:83666174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.12.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803073/; classtype:trojan-activity;sid:83666173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.192.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803072/; classtype:trojan-activity;sid:83666172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.151.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803071/; classtype:trojan-activity;sid:83666171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"70.177.78.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803070/; classtype:trojan-activity;sid:83666170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.137.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803069/; classtype:trojan-activity;sid:83666169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.96.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803068/; classtype:trojan-activity;sid:83666168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.126.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803067/; classtype:trojan-activity;sid:83666167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.138.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803066/; classtype:trojan-activity;sid:83666166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.210.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803065/; classtype:trojan-activity;sid:83666165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.170.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803064/; classtype:trojan-activity;sid:83666164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.149.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803063/; classtype:trojan-activity;sid:83666163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.253.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803062/; classtype:trojan-activity;sid:83666162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.23.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803061/; classtype:trojan-activity;sid:83666161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803060/; classtype:trojan-activity;sid:83666160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.2.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803059/; classtype:trojan-activity;sid:83666159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.233.167.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803058/; classtype:trojan-activity;sid:83666158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.4.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803057/; classtype:trojan-activity;sid:83666157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.168.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803056/; classtype:trojan-activity;sid:83666156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.134.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803055/; classtype:trojan-activity;sid:83666155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.251.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803054/; classtype:trojan-activity;sid:83666154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.223.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803053/; classtype:trojan-activity;sid:83666153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.111.31.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803052/; classtype:trojan-activity;sid:83666152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.6.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803051/; classtype:trojan-activity;sid:83666151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.2.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803050/; classtype:trojan-activity;sid:83666150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.233.167.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803049/; classtype:trojan-activity;sid:83666149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.105.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803048/; classtype:trojan-activity;sid:83666148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.168.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803047/; classtype:trojan-activity;sid:83666147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.246.112.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803046/; classtype:trojan-activity;sid:83666146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.215.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803045/; classtype:trojan-activity;sid:83666145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803044/; classtype:trojan-activity;sid:83666144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.52.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803043/; classtype:trojan-activity;sid:83666143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.61.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803042/; classtype:trojan-activity;sid:83666142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.23.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803041/; classtype:trojan-activity;sid:83666141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.105.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803040/; classtype:trojan-activity;sid:83666140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.10.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803039/; classtype:trojan-activity;sid:83666139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.244.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803038/; classtype:trojan-activity;sid:83666138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.10.191.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803037/; classtype:trojan-activity;sid:83666137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.251.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803036/; classtype:trojan-activity;sid:83666136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.198.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803035/; classtype:trojan-activity;sid:83666135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803034/; classtype:trojan-activity;sid:83666134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.31.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803033/; classtype:trojan-activity;sid:83666133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.142.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803032/; classtype:trojan-activity;sid:83666132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.16.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803031/; classtype:trojan-activity;sid:83666131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.232.53.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803030/; classtype:trojan-activity;sid:83666130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803029/; classtype:trojan-activity;sid:83666129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.52.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803028/; classtype:trojan-activity;sid:83666128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.61.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803027/; classtype:trojan-activity;sid:83666127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.73.164.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803026/; classtype:trojan-activity;sid:83666126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.244.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803025/; classtype:trojan-activity;sid:83666125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803024/; classtype:trojan-activity;sid:83666124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.13.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803022/; classtype:trojan-activity;sid:83666122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.187.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803023/; classtype:trojan-activity;sid:83666123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803021/; classtype:trojan-activity;sid:83666121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.85.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803020/; classtype:trojan-activity;sid:83666120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.188.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803019/; classtype:trojan-activity;sid:83666119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.80.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803018/; classtype:trojan-activity;sid:83666118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.41.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803017/; classtype:trojan-activity;sid:83666117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.240.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803016/; classtype:trojan-activity;sid:83666116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.237.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803015/; classtype:trojan-activity;sid:83666115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803014/; classtype:trojan-activity;sid:83666114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.6.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803013/; classtype:trojan-activity;sid:83666113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.125.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803012/; classtype:trojan-activity;sid:83666112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.209.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803011/; classtype:trojan-activity;sid:83666111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.34.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803010/; classtype:trojan-activity;sid:83666110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.237.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803009/; classtype:trojan-activity;sid:83666109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803008/; classtype:trojan-activity;sid:83666108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.204.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803007/; classtype:trojan-activity;sid:83666107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.44.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803006/; classtype:trojan-activity;sid:83666106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.118.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803005/; classtype:trojan-activity;sid:83666105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.227.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803003/; classtype:trojan-activity;sid:83666103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803004/; classtype:trojan-activity;sid:83666104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.34.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803002/; classtype:trojan-activity;sid:83666102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.5.26"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803001/; classtype:trojan-activity;sid:83666101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.5.210.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803000/; classtype:trojan-activity;sid:83666100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.202.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802999/; classtype:trojan-activity;sid:83666099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.227.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802998/; classtype:trojan-activity;sid:83666098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.26.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802997/; classtype:trojan-activity;sid:83666097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668337528|3f|hash=vfh2fgpzebvq9nmvhfu5c1diqhg6zovvogg6cymn9ms|7c|26|7c|dl=gwzkegbr4b9iwnzqvoovbeysbjpqt1gqp32khcl1qrx|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802996/; classtype:trojan-activity;sid:83666096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.214.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802995/; classtype:trojan-activity;sid:83666095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.111.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802994/; classtype:trojan-activity;sid:83666094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.44.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802993/; classtype:trojan-activity;sid:83666093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.240.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802992/; classtype:trojan-activity;sid:83666092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.40.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802991/; classtype:trojan-activity;sid:83666091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidnr.ppc|3f|ddos"; depth:19; endswith; nocase; http.host; content:"62.72.185.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802990/; classtype:trojan-activity;sid:83666090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.2.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802988/; classtype:trojan-activity;sid:83666088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.120.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802989/; classtype:trojan-activity;sid:83666089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.189.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802987/; classtype:trojan-activity;sid:83666087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.179.181.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802986/; classtype:trojan-activity;sid:83666086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.253.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802985/; classtype:trojan-activity;sid:83666085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.7.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802984/; classtype:trojan-activity;sid:83666084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.252.199.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802983/; classtype:trojan-activity;sid:83666083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/logo2.jpg"; depth:17; endswith; nocase; http.host; content:"axsit.biz"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802982/; classtype:trojan-activity;sid:83666082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/logo.jpg"; depth:16; endswith; nocase; http.host; content:"axsit.biz"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802981/; classtype:trojan-activity;sid:83666081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.202.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802980/; classtype:trojan-activity;sid:83666080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.179.181.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802979/; classtype:trojan-activity;sid:83666079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.168.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802978/; classtype:trojan-activity;sid:83666078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.26.215.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802977/; classtype:trojan-activity;sid:83666077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.2.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802976/; classtype:trojan-activity;sid:83666076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.32.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802975/; classtype:trojan-activity;sid:83666075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.84.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802974/; classtype:trojan-activity;sid:83666074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.128.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802972/; classtype:trojan-activity;sid:83666072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.47.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802973/; classtype:trojan-activity;sid:83666073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.117.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802971/; classtype:trojan-activity;sid:83666071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.19.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802970/; classtype:trojan-activity;sid:83666070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.168.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802969/; classtype:trojan-activity;sid:83666069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.203.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802968/; classtype:trojan-activity;sid:83666068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.153.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802967/; classtype:trojan-activity;sid:83666067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.96.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802966/; classtype:trojan-activity;sid:83666066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.17.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802965/; classtype:trojan-activity;sid:83666065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.202.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802964/; classtype:trojan-activity;sid:83666064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.124.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802963/; classtype:trojan-activity;sid:83666063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.17.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802962/; classtype:trojan-activity;sid:83666062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.152.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802961/; classtype:trojan-activity;sid:83666061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.77.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802960/; classtype:trojan-activity;sid:83666060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.10.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802959/; classtype:trojan-activity;sid:83666059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.68.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802958/; classtype:trojan-activity;sid:83666058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.48.64.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802957/; classtype:trojan-activity;sid:83666057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.164.88.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802956/; classtype:trojan-activity;sid:83666056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.173.126.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802955/; classtype:trojan-activity;sid:83666055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.241.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802954/; classtype:trojan-activity;sid:83666054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.253.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802953/; classtype:trojan-activity;sid:83666053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.145.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802952/; classtype:trojan-activity;sid:83666052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.19.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802951/; classtype:trojan-activity;sid:83666051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.138.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802950/; classtype:trojan-activity;sid:83666050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.16.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802949/; classtype:trojan-activity;sid:83666049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.99.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802948/; classtype:trojan-activity;sid:83666048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.5.215.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802947/; classtype:trojan-activity;sid:83666047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.152.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802946/; classtype:trojan-activity;sid:83666046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.49.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802945/; classtype:trojan-activity;sid:83666045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.226.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802944/; classtype:trojan-activity;sid:83666044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.153.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802943/; classtype:trojan-activity;sid:83666043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.206.47.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802942/; classtype:trojan-activity;sid:83666042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.74.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802941/; classtype:trojan-activity;sid:83666041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.204.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802939/; classtype:trojan-activity;sid:83666039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.244.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802940/; classtype:trojan-activity;sid:83666040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.68.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802938/; classtype:trojan-activity;sid:83666038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802937/; classtype:trojan-activity;sid:83666037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.99.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802936/; classtype:trojan-activity;sid:83666036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.63.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802935/; classtype:trojan-activity;sid:83666035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.115.76.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802934/; classtype:trojan-activity;sid:83666034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.170.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802933/; classtype:trojan-activity;sid:83666033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668332194|3f|hash=cwyycjmb1rlksrydjcja5qqrcukeatcucdm0l2fzscp|7c|26|7c|dl=fofkfpskdznuncdjialmet6frgazzhebyngb2m0hzbl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802932/; classtype:trojan-activity;sid:83666032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.112.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802931/; classtype:trojan-activity;sid:83666031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.244.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802930/; classtype:trojan-activity;sid:83666030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"94.156.64.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802929/; classtype:trojan-activity;sid:83666029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802928/; classtype:trojan-activity;sid:83666028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dance/summa.exe"; depth:16; endswith; nocase; http.host; content:"193.233.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802927/; classtype:trojan-activity;sid:83666027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.186.60.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802926/; classtype:trojan-activity;sid:83666026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668332153|3f|hash=oilq0lcrk4z8sjrrkslvwl8gttvfxzki1be0fhfzxvx|7c|26|7c|dl=szzgzsuoooht2npjjdlxcsowiazicsa1ztonbemtna8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802925/; classtype:trojan-activity;sid:83666025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.61.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802924/; classtype:trojan-activity;sid:83666024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.99.0.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802923/; classtype:trojan-activity;sid:83666023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.91.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802920/; classtype:trojan-activity;sid:83666020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.164.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802921/; classtype:trojan-activity;sid:83666021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.69.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802922/; classtype:trojan-activity;sid:83666022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.156.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802919/; classtype:trojan-activity;sid:83666019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.196.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802918/; classtype:trojan-activity;sid:83666018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.170.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802917/; classtype:trojan-activity;sid:83666017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.169.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802916/; classtype:trojan-activity;sid:83666016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.34.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802915/; classtype:trojan-activity;sid:83666015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.175.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802914/; classtype:trojan-activity;sid:83666014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.174.173.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802913/; classtype:trojan-activity;sid:83666013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.25.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802912/; classtype:trojan-activity;sid:83666012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.219.45.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802911/; classtype:trojan-activity;sid:83666011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.91.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802910/; classtype:trojan-activity;sid:83666010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.113.6.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802908/; classtype:trojan-activity;sid:83666008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.65.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802909/; classtype:trojan-activity;sid:83666009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.22.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802907/; classtype:trojan-activity;sid:83666007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.174.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802906/; classtype:trojan-activity;sid:83666006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802905/; classtype:trojan-activity;sid:83666005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.196.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802904/; classtype:trojan-activity;sid:83666004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.76.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802903/; classtype:trojan-activity;sid:83666003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.184.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802900/; classtype:trojan-activity;sid:83666000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.148.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802901/; classtype:trojan-activity;sid:83666001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.207.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802902/; classtype:trojan-activity;sid:83666002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.248.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802899/; classtype:trojan-activity;sid:83665999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.170.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802898/; classtype:trojan-activity;sid:83665998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.206.101.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802897/; classtype:trojan-activity;sid:83665997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.248.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802896/; classtype:trojan-activity;sid:83665996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.104.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802895/; classtype:trojan-activity;sid:83665995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.209.109.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802894/; classtype:trojan-activity;sid:83665994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.160.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802893/; classtype:trojan-activity;sid:83665993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.77"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802892/; classtype:trojan-activity;sid:83665992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.198.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802891/; classtype:trojan-activity;sid:83665991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.216.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802890/; classtype:trojan-activity;sid:83665990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.104.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802889/; classtype:trojan-activity;sid:83665989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.11.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802888/; classtype:trojan-activity;sid:83665988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802887/; classtype:trojan-activity;sid:83665987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.1.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802886/; classtype:trojan-activity;sid:83665986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802884/; classtype:trojan-activity;sid:83665984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.84.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802885/; classtype:trojan-activity;sid:83665985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.77"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802883/; classtype:trojan-activity;sid:83665983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.0.225"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802882/; classtype:trojan-activity;sid:83665982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.203"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802881/; classtype:trojan-activity;sid:83665981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.97.146.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802880/; classtype:trojan-activity;sid:83665980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.11.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802879/; classtype:trojan-activity;sid:83665979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.47.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802878/; classtype:trojan-activity;sid:83665978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.216.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802877/; classtype:trojan-activity;sid:83665977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.89.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802875/; classtype:trojan-activity;sid:83665975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.82.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802876/; classtype:trojan-activity;sid:83665976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.30.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802874/; classtype:trojan-activity;sid:83665974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"40.133.224.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802873/; classtype:trojan-activity;sid:83665973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.7.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802872/; classtype:trojan-activity;sid:83665972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.190.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802870/; classtype:trojan-activity;sid:83665970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.133.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802871/; classtype:trojan-activity;sid:83665971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.3.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802869/; classtype:trojan-activity;sid:83665969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.3.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802868/; classtype:trojan-activity;sid:83665968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.182.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802867/; classtype:trojan-activity;sid:83665967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.76.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802866/; classtype:trojan-activity;sid:83665966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.225"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802865/; classtype:trojan-activity;sid:83665965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.165.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802864/; classtype:trojan-activity;sid:83665964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.43.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802863/; classtype:trojan-activity;sid:83665963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.194.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802862/; classtype:trojan-activity;sid:83665962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.190.28.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802860/; classtype:trojan-activity;sid:83665960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.230.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802861/; classtype:trojan-activity;sid:83665961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.8.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802859/; classtype:trojan-activity;sid:83665959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.199.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802858/; classtype:trojan-activity;sid:83665958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.40.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802857/; classtype:trojan-activity;sid:83665957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.252.199.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802856/; classtype:trojan-activity;sid:83665956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.53.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802855/; classtype:trojan-activity;sid:83665955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.174.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802854/; classtype:trojan-activity;sid:83665954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802853/; classtype:trojan-activity;sid:83665953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.67.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802852/; classtype:trojan-activity;sid:83665952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.194.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802851/; classtype:trojan-activity;sid:83665951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forum/index.php"; depth:16; endswith; nocase; http.host; content:"senten.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802850/; classtype:trojan-activity;sid:83665950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.43.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802849/; classtype:trojan-activity;sid:83665949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802848/; classtype:trojan-activity;sid:83665948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.255.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802847/; classtype:trojan-activity;sid:83665947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.116.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802846/; classtype:trojan-activity;sid:83665946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.252.73.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802843/; classtype:trojan-activity;sid:83665943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.169.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802844/; classtype:trojan-activity;sid:83665944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.184.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802845/; classtype:trojan-activity;sid:83665945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.55.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802842/; classtype:trojan-activity;sid:83665942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.100.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802841/; classtype:trojan-activity;sid:83665941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.186.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802840/; classtype:trojan-activity;sid:83665940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.190.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802839/; classtype:trojan-activity;sid:83665939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.199.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802838/; classtype:trojan-activity;sid:83665938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.40.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802837/; classtype:trojan-activity;sid:83665937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.116.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802836/; classtype:trojan-activity;sid:83665936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.104.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802835/; classtype:trojan-activity;sid:83665935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.121.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802833/; classtype:trojan-activity;sid:83665933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.177.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802834/; classtype:trojan-activity;sid:83665934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.191.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802832/; classtype:trojan-activity;sid:83665932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.255.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802831/; classtype:trojan-activity;sid:83665931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.190.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802830/; classtype:trojan-activity;sid:83665930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.56.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802829/; classtype:trojan-activity;sid:83665929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.230.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802828/; classtype:trojan-activity;sid:83665928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.124.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802827/; classtype:trojan-activity;sid:83665927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.130.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802826/; classtype:trojan-activity;sid:83665926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.79.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802825/; classtype:trojan-activity;sid:83665925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802824/; classtype:trojan-activity;sid:83665924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.76.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802823/; classtype:trojan-activity;sid:83665923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668325141|3f|hash=54rnifz3exw3zoyyrycyjjbbeottth4awm8x2qev4xh|7c|26|7c|dl=zwljqys2gzlezz0cd3gak112p0ynnszfgrepl6w0kx0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802822/; classtype:trojan-activity;sid:83665922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.arm4"; depth:22; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802821/; classtype:trojan-activity;sid:83665921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.mpsl"; depth:22; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802820/; classtype:trojan-activity;sid:83665920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.ppc"; depth:21; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802818/; classtype:trojan-activity;sid:83665918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.x86"; depth:21; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802819/; classtype:trojan-activity;sid:83665919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.arm7"; depth:22; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802812/; classtype:trojan-activity;sid:83665912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.arm5"; depth:22; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802813/; classtype:trojan-activity;sid:83665913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.mips"; depth:22; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802814/; classtype:trojan-activity;sid:83665914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"185.216.70.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802815/; classtype:trojan-activity;sid:83665915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.sparc"; depth:23; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802816/; classtype:trojan-activity;sid:83665916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.arm6"; depth:22; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802817/; classtype:trojan-activity;sid:83665917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86_64"; depth:12; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802808/; classtype:trojan-activity;sid:83665908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.x86"; depth:9; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802809/; classtype:trojan-activity;sid:83665909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mil"; depth:4; endswith; nocase; http.host; content:"91.92.240.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802810/; classtype:trojan-activity;sid:83665910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mips"; depth:10; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802811/; classtype:trojan-activity;sid:83665911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802803/; classtype:trojan-activity;sid:83665903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm.nn"; depth:7; endswith; nocase; http.host; content:"94.156.64.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802804/; classtype:trojan-activity;sid:83665904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802805/; classtype:trojan-activity;sid:83665905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mil"; depth:4; endswith; nocase; http.host; content:"94.156.67.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802806/; classtype:trojan-activity;sid:83665906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.nn"; depth:8; endswith; nocase; http.host; content:"94.156.67.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802807/; classtype:trojan-activity;sid:83665907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802801/; classtype:trojan-activity;sid:83665901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mil"; depth:4; endswith; nocase; http.host; content:"94.156.64.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802802/; classtype:trojan-activity;sid:83665902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802797/; classtype:trojan-activity;sid:83665897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm"; depth:9; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802798/; classtype:trojan-activity;sid:83665898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802799/; classtype:trojan-activity;sid:83665899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.nn"; depth:8; endswith; nocase; http.host; content:"94.156.64.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802800/; classtype:trojan-activity;sid:83665900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm.nn"; depth:7; endswith; nocase; http.host; content:"94.156.67.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802795/; classtype:trojan-activity;sid:83665895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802796/; classtype:trojan-activity;sid:83665896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802790/; classtype:trojan-activity;sid:83665890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7.nn"; depth:8; endswith; nocase; http.host; content:"94.156.64.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802791/; classtype:trojan-activity;sid:83665891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm7"; depth:10; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802792/; classtype:trojan-activity;sid:83665892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm7"; depth:10; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802793/; classtype:trojan-activity;sid:83665893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5.nn"; depth:8; endswith; nocase; http.host; content:"94.156.67.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802794/; classtype:trojan-activity;sid:83665894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802785/; classtype:trojan-activity;sid:83665885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm6"; depth:10; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802786/; classtype:trojan-activity;sid:83665886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.mpsl"; depth:10; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802787/; classtype:trojan-activity;sid:83665887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7.nn"; depth:8; endswith; nocase; http.host; content:"94.156.67.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802788/; classtype:trojan-activity;sid:83665888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802789/; classtype:trojan-activity;sid:83665889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802782/; classtype:trojan-activity;sid:83665882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm"; depth:9; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802783/; classtype:trojan-activity;sid:83665883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.135.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802784/; classtype:trojan-activity;sid:83665884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.arm5"; depth:10; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802780/; classtype:trojan-activity;sid:83665880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5.nn"; depth:8; endswith; nocase; http.host; content:"94.156.64.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802781/; classtype:trojan-activity;sid:83665881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802777/; classtype:trojan-activity;sid:83665877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.124.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802778/; classtype:trojan-activity;sid:83665878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802779/; classtype:trojan-activity;sid:83665879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.m68k"; depth:10; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802772/; classtype:trojan-activity;sid:83665872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.sh4"; depth:9; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802773/; classtype:trojan-activity;sid:83665873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802774/; classtype:trojan-activity;sid:83665874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802775/; classtype:trojan-activity;sid:83665875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802776/; classtype:trojan-activity;sid:83665876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6.nn"; depth:8; endswith; nocase; http.host; content:"94.156.64.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802770/; classtype:trojan-activity;sid:83665870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.spc"; depth:9; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802771/; classtype:trojan-activity;sid:83665871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbg"; depth:4; endswith; nocase; http.host; content:"94.156.67.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802765/; classtype:trojan-activity;sid:83665865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6.nn"; depth:8; endswith; nocase; http.host; content:"94.156.67.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802766/; classtype:trojan-activity;sid:83665866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.ppc"; depth:9; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802767/; classtype:trojan-activity;sid:83665867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.42.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802768/; classtype:trojan-activity;sid:83665868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.m68k"; depth:10; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802769/; classtype:trojan-activity;sid:83665869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh4"; depth:9; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802763/; classtype:trojan-activity;sid:83665863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802764/; classtype:trojan-activity;sid:83665864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802762/; classtype:trojan-activity;sid:83665862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlxx.spc"; depth:9; endswith; nocase; http.host; content:"93.123.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802760/; classtype:trojan-activity;sid:83665860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"141.98.7.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802761/; classtype:trojan-activity;sid:83665861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"198.98.51.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802759/; classtype:trojan-activity;sid:83665859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.86.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802758/; classtype:trojan-activity;sid:83665858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802756/; classtype:trojan-activity;sid:83665856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.26.131.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802757/; classtype:trojan-activity;sid:83665857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.76.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802755/; classtype:trojan-activity;sid:83665855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802754/; classtype:trojan-activity;sid:83665854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.90.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802753/; classtype:trojan-activity;sid:83665853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802752/; classtype:trojan-activity;sid:83665852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.3.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802751/; classtype:trojan-activity;sid:83665851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.131.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802750/; classtype:trojan-activity;sid:83665850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.254.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802749/; classtype:trojan-activity;sid:83665849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.125.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802748/; classtype:trojan-activity;sid:83665848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.3.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802747/; classtype:trojan-activity;sid:83665847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.60.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802746/; classtype:trojan-activity;sid:83665846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.5.213.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802745/; classtype:trojan-activity;sid:83665845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.13.2.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802744/; classtype:trojan-activity;sid:83665844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.158.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802743/; classtype:trojan-activity;sid:83665843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.200.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802742/; classtype:trojan-activity;sid:83665842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.39.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802741/; classtype:trojan-activity;sid:83665841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.161.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802739/; classtype:trojan-activity;sid:83665839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.19.34"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802740/; classtype:trojan-activity;sid:83665840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.117.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802738/; classtype:trojan-activity;sid:83665838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.40.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802737/; classtype:trojan-activity;sid:83665837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.250.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802736/; classtype:trojan-activity;sid:83665836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.11.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802735/; classtype:trojan-activity;sid:83665835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.204.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802734/; classtype:trojan-activity;sid:83665834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.254.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802733/; classtype:trojan-activity;sid:83665833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.78.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802732/; classtype:trojan-activity;sid:83665832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.90.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802731/; classtype:trojan-activity;sid:83665831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.197.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802730/; classtype:trojan-activity;sid:83665830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.122.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802729/; classtype:trojan-activity;sid:83665829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.40.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802728/; classtype:trojan-activity;sid:83665828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.13.2.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802727/; classtype:trojan-activity;sid:83665827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.22.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802725/; classtype:trojan-activity;sid:83665825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.60.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802726/; classtype:trojan-activity;sid:83665826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.75.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802724/; classtype:trojan-activity;sid:83665824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.200.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802723/; classtype:trojan-activity;sid:83665823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.227.68.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802722/; classtype:trojan-activity;sid:83665822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.22.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802721/; classtype:trojan-activity;sid:83665821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.94.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802720/; classtype:trojan-activity;sid:83665820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.24.129.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802719/; classtype:trojan-activity;sid:83665819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.107.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802717/; classtype:trojan-activity;sid:83665817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.165.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802718/; classtype:trojan-activity;sid:83665818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.112.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802715/; classtype:trojan-activity;sid:83665815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.252.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802716/; classtype:trojan-activity;sid:83665816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q5mdd5/func.exe"; depth:16; endswith; nocase; http.host; content:"168.138.211.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802713/; classtype:trojan-activity;sid:83665813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oufma/razdva.exe"; depth:17; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802714/; classtype:trojan-activity;sid:83665814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.238.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802712/; classtype:trojan-activity;sid:83665812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.11.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802711/; classtype:trojan-activity;sid:83665811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.146.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802710/; classtype:trojan-activity;sid:83665810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.78.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802709/; classtype:trojan-activity;sid:83665809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.178.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802708/; classtype:trojan-activity;sid:83665808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.69.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802707/; classtype:trojan-activity;sid:83665807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.160.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802706/; classtype:trojan-activity;sid:83665806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.184.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802705/; classtype:trojan-activity;sid:83665805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.32.179.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802704/; classtype:trojan-activity;sid:83665804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.132.186.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802703/; classtype:trojan-activity;sid:83665803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802701/; classtype:trojan-activity;sid:83665801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802702/; classtype:trojan-activity;sid:83665802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802700/; classtype:trojan-activity;sid:83665800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802698/; classtype:trojan-activity;sid:83665798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802699/; classtype:trojan-activity;sid:83665799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.48.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802697/; classtype:trojan-activity;sid:83665797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.137.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802695/; classtype:trojan-activity;sid:83665795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.158.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802696/; classtype:trojan-activity;sid:83665796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.96.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802694/; classtype:trojan-activity;sid:83665794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802693/; classtype:trojan-activity;sid:83665793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86_64"; depth:55; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802692/; classtype:trojan-activity;sid:83665792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; depth:53; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802690/; classtype:trojan-activity;sid:83665790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802691/; classtype:trojan-activity;sid:83665791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802689/; classtype:trojan-activity;sid:83665789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802684/; classtype:trojan-activity;sid:83665784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802685/; classtype:trojan-activity;sid:83665785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm"; depth:52; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802686/; classtype:trojan-activity;sid:83665786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802687/; classtype:trojan-activity;sid:83665787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802688/; classtype:trojan-activity;sid:83665788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"185.196.10.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802683/; classtype:trojan-activity;sid:83665783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.178.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802682/; classtype:trojan-activity;sid:83665782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.36.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802681/; classtype:trojan-activity;sid:83665781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.160.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802680/; classtype:trojan-activity;sid:83665780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.180.202.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802679/; classtype:trojan-activity;sid:83665779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.32.179.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802677/; classtype:trojan-activity;sid:83665777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.119.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802678/; classtype:trojan-activity;sid:83665778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.158.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802676/; classtype:trojan-activity;sid:83665776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.153.67.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802675/; classtype:trojan-activity;sid:83665775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.249.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802674/; classtype:trojan-activity;sid:83665774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.70.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802673/; classtype:trojan-activity;sid:83665773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shithirointhehouse.sh"; depth:22; endswith; nocase; http.host; content:"45.195.57.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802672/; classtype:trojan-activity;sid:83665772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.sh"; depth:20; endswith; nocase; http.host; content:"137.184.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802671/; classtype:trojan-activity;sid:83665771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802670/; classtype:trojan-activity;sid:83665770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.136.78.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802669/; classtype:trojan-activity;sid:83665769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.11.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802668/; classtype:trojan-activity;sid:83665768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.47.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802667/; classtype:trojan-activity;sid:83665767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.133.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802666/; classtype:trojan-activity;sid:83665766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802665/; classtype:trojan-activity;sid:83665765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.106.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802664/; classtype:trojan-activity;sid:83665764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.31"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802663/; classtype:trojan-activity;sid:83665763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.86.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802661/; classtype:trojan-activity;sid:83665761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.174.173.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802662/; classtype:trojan-activity;sid:83665762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802660/; classtype:trojan-activity;sid:83665760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.63.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802659/; classtype:trojan-activity;sid:83665759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.37.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802658/; classtype:trojan-activity;sid:83665758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.218.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802657/; classtype:trojan-activity;sid:83665757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.46.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802656/; classtype:trojan-activity;sid:83665756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.148.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802655/; classtype:trojan-activity;sid:83665755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802654/; classtype:trojan-activity;sid:83665754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.47.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802653/; classtype:trojan-activity;sid:83665753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802652/; classtype:trojan-activity;sid:83665752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/gzccstordcg.mp3"; depth:22; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802650/; classtype:trojan-activity;sid:83665750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/jckspaexp.mp3"; depth:20; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802651/; classtype:trojan-activity;sid:83665751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/unjhtykje.pdf"; depth:20; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802647/; classtype:trojan-activity;sid:83665747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/sthncfhh.wav"; depth:19; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802648/; classtype:trojan-activity;sid:83665748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/vvpohcosd.pdf"; depth:20; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802649/; classtype:trojan-activity;sid:83665749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/roomsitepro.zip"; depth:22; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802646/; classtype:trojan-activity;sid:83665746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/ussqlnvegho.pdf"; depth:22; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802645/; classtype:trojan-activity;sid:83665745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/bitspecializedpro.zip"; depth:28; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802644/; classtype:trojan-activity;sid:83665744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/lotuncommon.exe"; depth:22; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802642/; classtype:trojan-activity;sid:83665742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slite/sporttraining.exe"; depth:24; endswith; nocase; http.host; content:"178.208.87.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802643/; classtype:trojan-activity;sid:83665743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.91.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802641/; classtype:trojan-activity;sid:83665741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.111.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802640/; classtype:trojan-activity;sid:83665740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.70.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802639/; classtype:trojan-activity;sid:83665739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802638/; classtype:trojan-activity;sid:83665738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.63.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802637/; classtype:trojan-activity;sid:83665737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.181.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802636/; classtype:trojan-activity;sid:83665736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.218.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802635/; classtype:trojan-activity;sid:83665735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.76.125"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802634/; classtype:trojan-activity;sid:83665734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.25.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802633/; classtype:trojan-activity;sid:83665733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.251.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802632/; classtype:trojan-activity;sid:83665732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.150.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802631/; classtype:trojan-activity;sid:83665731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xilkcfps"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802630/; classtype:trojan-activity;sid:83665730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.120.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802629/; classtype:trojan-activity;sid:83665729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.111.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802628/; classtype:trojan-activity;sid:83665728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.181.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802627/; classtype:trojan-activity;sid:83665727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802626/; classtype:trojan-activity;sid:83665726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isetup5.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802625/; classtype:trojan-activity;sid:83665725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bffdd0254a78609afd4093083f090e2d/4767d2e713f2021e8fe856e3ea638b58.exe"; depth:70; endswith; nocase; http.host; content:"junglethomas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802623/; classtype:trojan-activity;sid:83665723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e20fe52243653c63964c14fedb17fbc9/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802624/; classtype:trojan-activity;sid:83665724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mine/amert00.exe"; depth:17; endswith; nocase; http.host; content:"193.233.132.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802621/; classtype:trojan-activity;sid:83665721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a5ed7506dc396756665432dda16748a4/6779d89b7a368f4f3f340b50a9d18d71.exe"; depth:70; endswith; nocase; http.host; content:"jonathantwo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802622/; classtype:trojan-activity;sid:83665722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.230.152.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802620/; classtype:trojan-activity;sid:83665720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.14.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802619/; classtype:trojan-activity;sid:83665719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.251.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802618/; classtype:trojan-activity;sid:83665718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updater.exe"; depth:12; endswith; nocase; http.host; content:"ec2-16-171-25-219.eu-north-1.compute.amazonaws.com"; depth:50; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802617/; classtype:trojan-activity;sid:83665717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.36.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802616/; classtype:trojan-activity;sid:83665716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.176.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802615/; classtype:trojan-activity;sid:83665715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.142.55.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802614/; classtype:trojan-activity;sid:83665714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.227.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802613/; classtype:trojan-activity;sid:83665713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.83.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802612/; classtype:trojan-activity;sid:83665712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"43.250.85.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802611/; classtype:trojan-activity;sid:83665711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.254.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802610/; classtype:trojan-activity;sid:83665710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.177.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802609/; classtype:trojan-activity;sid:83665709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.191.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802607/; classtype:trojan-activity;sid:83665707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.230.152.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802608/; classtype:trojan-activity;sid:83665708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.70.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802606/; classtype:trojan-activity;sid:83665706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.177.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802603/; classtype:trojan-activity;sid:83665703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.175.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802604/; classtype:trojan-activity;sid:83665704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.173.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802605/; classtype:trojan-activity;sid:83665705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.227.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802601/; classtype:trojan-activity;sid:83665701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.0.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802602/; classtype:trojan-activity;sid:83665702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.254.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802600/; classtype:trojan-activity;sid:83665700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.183.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802599/; classtype:trojan-activity;sid:83665699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.177.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802598/; classtype:trojan-activity;sid:83665698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.247.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802597/; classtype:trojan-activity;sid:83665697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.178.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802596/; classtype:trojan-activity;sid:83665696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.83.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802595/; classtype:trojan-activity;sid:83665695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.13.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802594/; classtype:trojan-activity;sid:83665694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.253.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802593/; classtype:trojan-activity;sid:83665693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.144.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802592/; classtype:trojan-activity;sid:83665692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updater.exe"; depth:12; endswith; nocase; http.host; content:"16.171.25.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802591/; classtype:trojan-activity;sid:83665691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.142.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802590/; classtype:trojan-activity;sid:83665690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.183.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802589/; classtype:trojan-activity;sid:83665689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.144.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802588/; classtype:trojan-activity;sid:83665688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.251.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802587/; classtype:trojan-activity;sid:83665687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.254.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802586/; classtype:trojan-activity;sid:83665686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.123.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802585/; classtype:trojan-activity;sid:83665685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.245.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802584/; classtype:trojan-activity;sid:83665684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.147.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802583/; classtype:trojan-activity;sid:83665683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.152.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802581/; classtype:trojan-activity;sid:83665681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.161.24.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802582/; classtype:trojan-activity;sid:83665682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.244.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802580/; classtype:trojan-activity;sid:83665680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.81.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802579/; classtype:trojan-activity;sid:83665679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.193.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802578/; classtype:trojan-activity;sid:83665678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.235.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802577/; classtype:trojan-activity;sid:83665677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.144.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802576/; classtype:trojan-activity;sid:83665676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.98.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802575/; classtype:trojan-activity;sid:83665675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.172.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802574/; classtype:trojan-activity;sid:83665674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.199.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802573/; classtype:trojan-activity;sid:83665673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.223.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802572/; classtype:trojan-activity;sid:83665672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.126.111.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802571/; classtype:trojan-activity;sid:83665671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.153.70.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802570/; classtype:trojan-activity;sid:83665670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.160.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802569/; classtype:trojan-activity;sid:83665669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.254.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802568/; classtype:trojan-activity;sid:83665668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payment-pdf.zip"; depth:16; endswith; nocase; http.host; content:"sinatrafoods.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802567/; classtype:trojan-activity;sid:83665667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802566/; classtype:trojan-activity;sid:83665666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.227.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802565/; classtype:trojan-activity;sid:83665665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.244.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802564/; classtype:trojan-activity;sid:83665664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.22.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802563/; classtype:trojan-activity;sid:83665663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.8.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802562/; classtype:trojan-activity;sid:83665662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.254.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802561/; classtype:trojan-activity;sid:83665661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.223.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802559/; classtype:trojan-activity;sid:83665659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.22.14"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802560/; classtype:trojan-activity;sid:83665660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.159.4.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802558/; classtype:trojan-activity;sid:83665658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.23.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802557/; classtype:trojan-activity;sid:83665657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.76.133"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802556/; classtype:trojan-activity;sid:83665656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.83.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802555/; classtype:trojan-activity;sid:83665655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.96.50.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802554/; classtype:trojan-activity;sid:83665654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.35.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802553/; classtype:trojan-activity;sid:83665653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802552/; classtype:trojan-activity;sid:83665652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.83.91.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802551/; classtype:trojan-activity;sid:83665651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.30.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802550/; classtype:trojan-activity;sid:83665650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.227.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802549/; classtype:trojan-activity;sid:83665649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.83.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802548/; classtype:trojan-activity;sid:83665648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.254.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802547/; classtype:trojan-activity;sid:83665647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.227.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802544/; classtype:trojan-activity;sid:83665644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.232.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802545/; classtype:trojan-activity;sid:83665645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.51.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802546/; classtype:trojan-activity;sid:83665646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.23.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802543/; classtype:trojan-activity;sid:83665643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.76.133"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802542/; classtype:trojan-activity;sid:83665642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.80.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802541/; classtype:trojan-activity;sid:83665641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.83.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802540/; classtype:trojan-activity;sid:83665640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802539/; classtype:trojan-activity;sid:83665639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802538/; classtype:trojan-activity;sid:83665638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.45.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802537/; classtype:trojan-activity;sid:83665637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668261214|3f|hash=ps5ptwza1sy5dbflywznsxkvyw34jfqpaw1qsbqnxkd|7c|26|7c|dl=esjfofugnkcftrd4oxu6vzqda4tpzk1rila7pexzeag|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802536/; classtype:trojan-activity;sid:83665636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.160.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802535/; classtype:trojan-activity;sid:83665635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802534/; classtype:trojan-activity;sid:83665634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.232.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802533/; classtype:trojan-activity;sid:83665633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.217.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802530/; classtype:trojan-activity;sid:83665630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.29.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802531/; classtype:trojan-activity;sid:83665631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.107.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802532/; classtype:trojan-activity;sid:83665632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.199.64.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802529/; classtype:trojan-activity;sid:83665629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.238.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802528/; classtype:trojan-activity;sid:83665628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.73.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802527/; classtype:trojan-activity;sid:83665627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.80.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802526/; classtype:trojan-activity;sid:83665626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.69.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802525/; classtype:trojan-activity;sid:83665625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.45.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802524/; classtype:trojan-activity;sid:83665624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802523/; classtype:trojan-activity;sid:83665623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.63.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802522/; classtype:trojan-activity;sid:83665622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.76.160"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802521/; classtype:trojan-activity;sid:83665621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.104.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802520/; classtype:trojan-activity;sid:83665620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.127.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802519/; classtype:trojan-activity;sid:83665619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.69.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802518/; classtype:trojan-activity;sid:83665618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.153.69.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802517/; classtype:trojan-activity;sid:83665617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.26.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802516/; classtype:trojan-activity;sid:83665616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.51.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802515/; classtype:trojan-activity;sid:83665615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.154.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802514/; classtype:trojan-activity;sid:83665614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.41.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802513/; classtype:trojan-activity;sid:83665613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.168.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802512/; classtype:trojan-activity;sid:83665612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.217.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802511/; classtype:trojan-activity;sid:83665611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"189.85.33.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802510/; classtype:trojan-activity;sid:83665610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.127.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802509/; classtype:trojan-activity;sid:83665609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.10.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802508/; classtype:trojan-activity;sid:83665608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.9.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802507/; classtype:trojan-activity;sid:83665607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.192.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802505/; classtype:trojan-activity;sid:83665605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.33.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802506/; classtype:trojan-activity;sid:83665606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.29.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802504/; classtype:trojan-activity;sid:83665604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.154.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802503/; classtype:trojan-activity;sid:83665603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802502/; classtype:trojan-activity;sid:83665602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.192.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802500/; classtype:trojan-activity;sid:83665600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.144.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802501/; classtype:trojan-activity;sid:83665601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.21.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802498/; classtype:trojan-activity;sid:83665598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.26.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802499/; classtype:trojan-activity;sid:83665599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.184.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802497/; classtype:trojan-activity;sid:83665597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.35.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802496/; classtype:trojan-activity;sid:83665596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.119.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802495/; classtype:trojan-activity;sid:83665595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.33.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802494/; classtype:trojan-activity;sid:83665594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.45.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802493/; classtype:trojan-activity;sid:83665593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.119.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802492/; classtype:trojan-activity;sid:83665592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.64.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802491/; classtype:trojan-activity;sid:83665591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.29.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802490/; classtype:trojan-activity;sid:83665590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.217.39.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802489/; classtype:trojan-activity;sid:83665589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.196.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802488/; classtype:trojan-activity;sid:83665588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.234.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802487/; classtype:trojan-activity;sid:83665587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.33.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802486/; classtype:trojan-activity;sid:83665586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.35.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802485/; classtype:trojan-activity;sid:83665585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.50.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802484/; classtype:trojan-activity;sid:83665584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.16.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802483/; classtype:trojan-activity;sid:83665583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.192.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802482/; classtype:trojan-activity;sid:83665582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.44.24.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802481/; classtype:trojan-activity;sid:83665581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.78.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802480/; classtype:trojan-activity;sid:83665580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.9.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802479/; classtype:trojan-activity;sid:83665579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.66.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802478/; classtype:trojan-activity;sid:83665578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.149.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802477/; classtype:trojan-activity;sid:83665577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.184.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802476/; classtype:trojan-activity;sid:83665576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.9.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802475/; classtype:trojan-activity;sid:83665575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.35.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802474/; classtype:trojan-activity;sid:83665574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.196.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802473/; classtype:trojan-activity;sid:83665573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.176.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802472/; classtype:trojan-activity;sid:83665572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.212.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802471/; classtype:trojan-activity;sid:83665571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.64.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802470/; classtype:trojan-activity;sid:83665570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.139.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802469/; classtype:trojan-activity;sid:83665569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.248.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802468/; classtype:trojan-activity;sid:83665568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.219.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802466/; classtype:trojan-activity;sid:83665566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.213.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802467/; classtype:trojan-activity;sid:83665567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.2.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802465/; classtype:trojan-activity;sid:83665565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.188.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802464/; classtype:trojan-activity;sid:83665564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.234.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802463/; classtype:trojan-activity;sid:83665563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.177.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802462/; classtype:trojan-activity;sid:83665562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.76.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802461/; classtype:trojan-activity;sid:83665561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.176.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802460/; classtype:trojan-activity;sid:83665560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.205.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802459/; classtype:trojan-activity;sid:83665559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.239.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802458/; classtype:trojan-activity;sid:83665558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.213.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802457/; classtype:trojan-activity;sid:83665557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.139.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802456/; classtype:trojan-activity;sid:83665556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.212.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802454/; classtype:trojan-activity;sid:83665554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.188.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802455/; classtype:trojan-activity;sid:83665555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.203.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802452/; classtype:trojan-activity;sid:83665552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.136.85.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802453/; classtype:trojan-activity;sid:83665553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.145.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802451/; classtype:trojan-activity;sid:83665551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.106.146.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802450/; classtype:trojan-activity;sid:83665550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.121.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802449/; classtype:trojan-activity;sid:83665549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802448/; classtype:trojan-activity;sid:83665548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802447/; classtype:trojan-activity;sid:83665547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.127.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802446/; classtype:trojan-activity;sid:83665546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802445/; classtype:trojan-activity;sid:83665545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.69.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802444/; classtype:trojan-activity;sid:83665544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.95.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802443/; classtype:trojan-activity;sid:83665543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.206.101.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802442/; classtype:trojan-activity;sid:83665542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.126.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802441/; classtype:trojan-activity;sid:83665541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.252.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802440/; classtype:trojan-activity;sid:83665540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.169.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802439/; classtype:trojan-activity;sid:83665539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.72.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802438/; classtype:trojan-activity;sid:83665538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802436/; classtype:trojan-activity;sid:83665536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802437/; classtype:trojan-activity;sid:83665537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.177.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802435/; classtype:trojan-activity;sid:83665535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.13.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802434/; classtype:trojan-activity;sid:83665534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.192.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802433/; classtype:trojan-activity;sid:83665533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802432/; classtype:trojan-activity;sid:83665532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.41.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802431/; classtype:trojan-activity;sid:83665531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.103.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802430/; classtype:trojan-activity;sid:83665530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802429/; classtype:trojan-activity;sid:83665529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.127.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802428/; classtype:trojan-activity;sid:83665528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.199.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802427/; classtype:trojan-activity;sid:83665527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.234.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802426/; classtype:trojan-activity;sid:83665526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"phr.schedule.golfballnutz.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802425/; classtype:trojan-activity;sid:83665525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.20.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802424/; classtype:trojan-activity;sid:83665524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.174.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802422/; classtype:trojan-activity;sid:83665522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.83.173.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802423/; classtype:trojan-activity;sid:83665523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.138.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802421/; classtype:trojan-activity;sid:83665521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.13.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802420/; classtype:trojan-activity;sid:83665520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.10.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802419/; classtype:trojan-activity;sid:83665519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.17.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802418/; classtype:trojan-activity;sid:83665518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.169.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802417/; classtype:trojan-activity;sid:83665517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.252.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802416/; classtype:trojan-activity;sid:83665516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.205.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802415/; classtype:trojan-activity;sid:83665515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.190.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802414/; classtype:trojan-activity;sid:83665514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.236.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802412/; classtype:trojan-activity;sid:83665512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802413/; classtype:trojan-activity;sid:83665513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.199.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802411/; classtype:trojan-activity;sid:83665511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.47.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802410/; classtype:trojan-activity;sid:83665510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.20.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802408/; classtype:trojan-activity;sid:83665508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.241.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802409/; classtype:trojan-activity;sid:83665509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.234.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802407/; classtype:trojan-activity;sid:83665507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.241.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802406/; classtype:trojan-activity;sid:83665506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.199.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802405/; classtype:trojan-activity;sid:83665505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.240.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802404/; classtype:trojan-activity;sid:83665504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802403/; classtype:trojan-activity;sid:83665503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.188.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802401/; classtype:trojan-activity;sid:83665501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.228.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802402/; classtype:trojan-activity;sid:83665502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.59.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802400/; classtype:trojan-activity;sid:83665500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.190.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802399/; classtype:trojan-activity;sid:83665499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.17.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802397/; classtype:trojan-activity;sid:83665497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.17.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802398/; classtype:trojan-activity;sid:83665498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.236.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802396/; classtype:trojan-activity;sid:83665496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.61.91.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802395/; classtype:trojan-activity;sid:83665495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.177.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802394/; classtype:trojan-activity;sid:83665494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.81.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802393/; classtype:trojan-activity;sid:83665493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.241.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802392/; classtype:trojan-activity;sid:83665492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.168.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802391/; classtype:trojan-activity;sid:83665491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.30.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802390/; classtype:trojan-activity;sid:83665490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.70.31.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802389/; classtype:trojan-activity;sid:83665489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.5.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802388/; classtype:trojan-activity;sid:83665488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.188.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802387/; classtype:trojan-activity;sid:83665487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.61.91.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802386/; classtype:trojan-activity;sid:83665486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.154.92.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802385/; classtype:trojan-activity;sid:83665485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.177.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802384/; classtype:trojan-activity;sid:83665484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.63.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802383/; classtype:trojan-activity;sid:83665483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.178.35.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802382/; classtype:trojan-activity;sid:83665482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.245.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802379/; classtype:trojan-activity;sid:83665479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.241.50.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802380/; classtype:trojan-activity;sid:83665480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.206.195.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802381/; classtype:trojan-activity;sid:83665481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.17.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802377/; classtype:trojan-activity;sid:83665477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.62.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802378/; classtype:trojan-activity;sid:83665478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.133.208.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802376/; classtype:trojan-activity;sid:83665476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.162.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802375/; classtype:trojan-activity;sid:83665475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.58.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802373/; classtype:trojan-activity;sid:83665473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.5.117"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802374/; classtype:trojan-activity;sid:83665474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.230.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802372/; classtype:trojan-activity;sid:83665472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.106.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802371/; classtype:trojan-activity;sid:83665471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.198.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802370/; classtype:trojan-activity;sid:83665470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.229.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802369/; classtype:trojan-activity;sid:83665469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.210.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802368/; classtype:trojan-activity;sid:83665468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.232.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802367/; classtype:trojan-activity;sid:83665467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802366/; classtype:trojan-activity;sid:83665466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.57.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802365/; classtype:trojan-activity;sid:83665465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.232.19.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802364/; classtype:trojan-activity;sid:83665464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.103.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802363/; classtype:trojan-activity;sid:83665463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.69.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802362/; classtype:trojan-activity;sid:83665462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.165.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802361/; classtype:trojan-activity;sid:83665461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.23.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802360/; classtype:trojan-activity;sid:83665460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.133.208.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802359/; classtype:trojan-activity;sid:83665459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.60.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802358/; classtype:trojan-activity;sid:83665458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802357/; classtype:trojan-activity;sid:83665457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.230.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802356/; classtype:trojan-activity;sid:83665456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.82.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802355/; classtype:trojan-activity;sid:83665455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.106.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802354/; classtype:trojan-activity;sid:83665454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.58.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802353/; classtype:trojan-activity;sid:83665453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.94.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802352/; classtype:trojan-activity;sid:83665452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.250.85.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802351/; classtype:trojan-activity;sid:83665451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.138.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802350/; classtype:trojan-activity;sid:83665450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.170.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802349/; classtype:trojan-activity;sid:83665449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802348/; classtype:trojan-activity;sid:83665448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.190.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802347/; classtype:trojan-activity;sid:83665447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.238.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802346/; classtype:trojan-activity;sid:83665446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.208.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802345/; classtype:trojan-activity;sid:83665445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.195.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802344/; classtype:trojan-activity;sid:83665444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.227.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802343/; classtype:trojan-activity;sid:83665443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.63.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802342/; classtype:trojan-activity;sid:83665442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.232.19.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802341/; classtype:trojan-activity;sid:83665441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.69.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802340/; classtype:trojan-activity;sid:83665440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.230.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802339/; classtype:trojan-activity;sid:83665439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.60.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802338/; classtype:trojan-activity;sid:83665438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.214.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802337/; classtype:trojan-activity;sid:83665437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.228.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802336/; classtype:trojan-activity;sid:83665436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.254.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802335/; classtype:trojan-activity;sid:83665435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.62.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802334/; classtype:trojan-activity;sid:83665434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802333/; classtype:trojan-activity;sid:83665433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.246.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802330/; classtype:trojan-activity;sid:83665430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.239.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802331/; classtype:trojan-activity;sid:83665431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.228.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802332/; classtype:trojan-activity;sid:83665432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xupyfh4lxpsu"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802329/; classtype:trojan-activity;sid:83665429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.191.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802328/; classtype:trojan-activity;sid:83665428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.172.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802327/; classtype:trojan-activity;sid:83665427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.227.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802326/; classtype:trojan-activity;sid:83665426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.62.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802325/; classtype:trojan-activity;sid:83665425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.249.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802324/; classtype:trojan-activity;sid:83665424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xcdttzo4lfye"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802323/; classtype:trojan-activity;sid:83665423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.254.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802322/; classtype:trojan-activity;sid:83665422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.165.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802321/; classtype:trojan-activity;sid:83665421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668312565|3f|hash=d0hrpkk3uyrtgaz0vaw1moj4d8hdaabsacybgooz2mz|7c|26|7c|dl=z92jh1zacidzkqoctgik0uzmpxrs1bpz7r1xlasiprh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802320/; classtype:trojan-activity;sid:83665420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.218.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802319/; classtype:trojan-activity;sid:83665419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.246.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802318/; classtype:trojan-activity;sid:83665418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.221.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802317/; classtype:trojan-activity;sid:83665417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.76.156"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802316/; classtype:trojan-activity;sid:83665416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.120.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802315/; classtype:trojan-activity;sid:83665415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.153.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802314/; classtype:trojan-activity;sid:83665414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.242.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802313/; classtype:trojan-activity;sid:83665413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.217.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802312/; classtype:trojan-activity;sid:83665412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.165.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802311/; classtype:trojan-activity;sid:83665411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.218.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802310/; classtype:trojan-activity;sid:83665410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.47.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802309/; classtype:trojan-activity;sid:83665409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.173.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802307/; classtype:trojan-activity;sid:83665407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802308/; classtype:trojan-activity;sid:83665408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.238.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802306/; classtype:trojan-activity;sid:83665406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.98.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802305/; classtype:trojan-activity;sid:83665405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.135.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802304/; classtype:trojan-activity;sid:83665404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.160.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802303/; classtype:trojan-activity;sid:83665403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.99.201.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802302/; classtype:trojan-activity;sid:83665402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.210.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802301/; classtype:trojan-activity;sid:83665401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802300/; classtype:trojan-activity;sid:83665400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.56.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802299/; classtype:trojan-activity;sid:83665399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.165.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802298/; classtype:trojan-activity;sid:83665398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"135.129.214.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802297/; classtype:trojan-activity;sid:83665397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.238.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802296/; classtype:trojan-activity;sid:83665396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.0.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802295/; classtype:trojan-activity;sid:83665395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.238.223.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802294/; classtype:trojan-activity;sid:83665394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.98.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802293/; classtype:trojan-activity;sid:83665393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.73.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802292/; classtype:trojan-activity;sid:83665392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.69.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802291/; classtype:trojan-activity;sid:83665391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.115.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802290/; classtype:trojan-activity;sid:83665390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.41.83.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802289/; classtype:trojan-activity;sid:83665389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"135.129.214.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802288/; classtype:trojan-activity;sid:83665388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.0.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802286/; classtype:trojan-activity;sid:83665386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.165.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802287/; classtype:trojan-activity;sid:83665387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.56.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802285/; classtype:trojan-activity;sid:83665385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.83.54.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802284/; classtype:trojan-activity;sid:83665384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"qhu.catching.fishingrealinvestments.com"; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802283/; classtype:trojan-activity;sid:83665383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.141.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802282/; classtype:trojan-activity;sid:83665382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.254.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802281/; classtype:trojan-activity;sid:83665381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.66.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802280/; classtype:trojan-activity;sid:83665380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.227.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802279/; classtype:trojan-activity;sid:83665379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"195.158.11.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802276/; classtype:trojan-activity;sid:83665376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.37.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802277/; classtype:trojan-activity;sid:83665377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.69.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802278/; classtype:trojan-activity;sid:83665378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.91.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802275/; classtype:trojan-activity;sid:83665375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802274/; classtype:trojan-activity;sid:83665374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.45.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802273/; classtype:trojan-activity;sid:83665373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.83.54.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802272/; classtype:trojan-activity;sid:83665372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.210.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802271/; classtype:trojan-activity;sid:83665371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.84.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802270/; classtype:trojan-activity;sid:83665370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.210.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802269/; classtype:trojan-activity;sid:83665369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.2.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802268/; classtype:trojan-activity;sid:83665368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.203.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802267/; classtype:trojan-activity;sid:83665367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.254.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802266/; classtype:trojan-activity;sid:83665366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.195.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802265/; classtype:trojan-activity;sid:83665365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.206.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802262/; classtype:trojan-activity;sid:83665362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.21.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802263/; classtype:trojan-activity;sid:83665363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.187.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802264/; classtype:trojan-activity;sid:83665364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.77.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802261/; classtype:trojan-activity;sid:83665361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.45.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802260/; classtype:trojan-activity;sid:83665360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.13.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802259/; classtype:trojan-activity;sid:83665359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a14407a2"; depth:9; endswith; nocase; http.host; content:"45.32.18.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802258/; classtype:trojan-activity;sid:83665358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.214.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802257/; classtype:trojan-activity;sid:83665357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.91.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802256/; classtype:trojan-activity;sid:83665356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.68.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802255/; classtype:trojan-activity;sid:83665355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.84.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802254/; classtype:trojan-activity;sid:83665354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.210.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802253/; classtype:trojan-activity;sid:83665353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.85.94.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802252/; classtype:trojan-activity;sid:83665352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.190.46.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802251/; classtype:trojan-activity;sid:83665351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802250/; classtype:trojan-activity;sid:83665350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.203.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802249/; classtype:trojan-activity;sid:83665349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.68.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802248/; classtype:trojan-activity;sid:83665348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.127.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802247/; classtype:trojan-activity;sid:83665347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802246/; classtype:trojan-activity;sid:83665346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.219.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802245/; classtype:trojan-activity;sid:83665345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.61.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802244/; classtype:trojan-activity;sid:83665344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.194.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802243/; classtype:trojan-activity;sid:83665343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.157.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802242/; classtype:trojan-activity;sid:83665342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.142.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802241/; classtype:trojan-activity;sid:83665341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.249.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802240/; classtype:trojan-activity;sid:83665340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xc4fpss7g129"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802239/; classtype:trojan-activity;sid:83665339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.85.94.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802238/; classtype:trojan-activity;sid:83665338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.121.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802237/; classtype:trojan-activity;sid:83665337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.206.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802236/; classtype:trojan-activity;sid:83665336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.33.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802235/; classtype:trojan-activity;sid:83665335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.61.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802234/; classtype:trojan-activity;sid:83665334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.22.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802233/; classtype:trojan-activity;sid:83665333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.157.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802232/; classtype:trojan-activity;sid:83665332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.238.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802231/; classtype:trojan-activity;sid:83665331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.145.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802230/; classtype:trojan-activity;sid:83665330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.21.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802228/; classtype:trojan-activity;sid:83665328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.200.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802229/; classtype:trojan-activity;sid:83665329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.128.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802227/; classtype:trojan-activity;sid:83665327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.43.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802226/; classtype:trojan-activity;sid:83665326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.121.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802224/; classtype:trojan-activity;sid:83665324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802225/; classtype:trojan-activity;sid:83665325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.103.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802223/; classtype:trojan-activity;sid:83665323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.22.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802221/; classtype:trojan-activity;sid:83665321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.172.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802222/; classtype:trojan-activity;sid:83665322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.185.196.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802220/; classtype:trojan-activity;sid:83665320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.36.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802219/; classtype:trojan-activity;sid:83665319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.190.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802218/; classtype:trojan-activity;sid:83665318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.21.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802217/; classtype:trojan-activity;sid:83665317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.128.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802216/; classtype:trojan-activity;sid:83665316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.35.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802215/; classtype:trojan-activity;sid:83665315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.254.85.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802214/; classtype:trojan-activity;sid:83665314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.7.255.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802213/; classtype:trojan-activity;sid:83665313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.211.65.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802212/; classtype:trojan-activity;sid:83665312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.35.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802211/; classtype:trojan-activity;sid:83665311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.56.97.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802210/; classtype:trojan-activity;sid:83665310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.189.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802208/; classtype:trojan-activity;sid:83665308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.31.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802209/; classtype:trojan-activity;sid:83665309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.35.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802207/; classtype:trojan-activity;sid:83665307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.254.85.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802206/; classtype:trojan-activity;sid:83665306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.128.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802205/; classtype:trojan-activity;sid:83665305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.252.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802204/; classtype:trojan-activity;sid:83665304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802203/; classtype:trojan-activity;sid:83665303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.235.81.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802202/; classtype:trojan-activity;sid:83665302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.215.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802198/; classtype:trojan-activity;sid:83665298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.29.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802199/; classtype:trojan-activity;sid:83665299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.126.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802200/; classtype:trojan-activity;sid:83665300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.17.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802201/; classtype:trojan-activity;sid:83665301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.40.9.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802197/; classtype:trojan-activity;sid:83665297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.61.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802196/; classtype:trojan-activity;sid:83665296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.253.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802195/; classtype:trojan-activity;sid:83665295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.189.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802194/; classtype:trojan-activity;sid:83665294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.23.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802193/; classtype:trojan-activity;sid:83665293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.46.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802192/; classtype:trojan-activity;sid:83665292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.61.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802191/; classtype:trojan-activity;sid:83665291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.18.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802190/; classtype:trojan-activity;sid:83665290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.40.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802189/; classtype:trojan-activity;sid:83665289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.67.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802188/; classtype:trojan-activity;sid:83665288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.215.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802187/; classtype:trojan-activity;sid:83665287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.246.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802186/; classtype:trojan-activity;sid:83665286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.75.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802185/; classtype:trojan-activity;sid:83665285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.208.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802183/; classtype:trojan-activity;sid:83665283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.203.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802184/; classtype:trojan-activity;sid:83665284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.248.17.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802182/; classtype:trojan-activity;sid:83665282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.250.106.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802181/; classtype:trojan-activity;sid:83665281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.111.21.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802179/; classtype:trojan-activity;sid:83665279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.232.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802180/; classtype:trojan-activity;sid:83665280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.237.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802178/; classtype:trojan-activity;sid:83665278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802177/; classtype:trojan-activity;sid:83665277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.138.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802176/; classtype:trojan-activity;sid:83665276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.23.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802175/; classtype:trojan-activity;sid:83665275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.162.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802174/; classtype:trojan-activity;sid:83665274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.40.9.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802173/; classtype:trojan-activity;sid:83665273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.67.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802172/; classtype:trojan-activity;sid:83665272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.253.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802171/; classtype:trojan-activity;sid:83665271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.31.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802170/; classtype:trojan-activity;sid:83665270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.35.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802169/; classtype:trojan-activity;sid:83665269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.208.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802168/; classtype:trojan-activity;sid:83665268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.12.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802167/; classtype:trojan-activity;sid:83665267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.80.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802166/; classtype:trojan-activity;sid:83665266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.246.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802165/; classtype:trojan-activity;sid:83665265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802164/; classtype:trojan-activity;sid:83665264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.138.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802163/; classtype:trojan-activity;sid:83665263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.195.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802162/; classtype:trojan-activity;sid:83665262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.18.158"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802161/; classtype:trojan-activity;sid:83665261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.68.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802160/; classtype:trojan-activity;sid:83665260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xkzufkhcu2yn"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802159/; classtype:trojan-activity;sid:83665259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.102.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802158/; classtype:trojan-activity;sid:83665258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.120.132.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802157/; classtype:trojan-activity;sid:83665257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.191.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802156/; classtype:trojan-activity;sid:83665256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.253.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802155/; classtype:trojan-activity;sid:83665255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.153.72.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802154/; classtype:trojan-activity;sid:83665254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.40.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802153/; classtype:trojan-activity;sid:83665253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.148.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802152/; classtype:trojan-activity;sid:83665252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.103.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802151/; classtype:trojan-activity;sid:83665251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.148.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802150/; classtype:trojan-activity;sid:83665250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.107.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802149/; classtype:trojan-activity;sid:83665249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.35.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802148/; classtype:trojan-activity;sid:83665248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.5.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802147/; classtype:trojan-activity;sid:83665247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm"; depth:12; endswith; nocase; http.host; content:"45.142.182.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802146/; classtype:trojan-activity;sid:83665246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.sh4"; depth:12; endswith; nocase; http.host; content:"45.142.182.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802145/; classtype:trojan-activity;sid:83665245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.148.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802144/; classtype:trojan-activity;sid:83665244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802143/; classtype:trojan-activity;sid:83665243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.0.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802142/; classtype:trojan-activity;sid:83665242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.9.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802141/; classtype:trojan-activity;sid:83665241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802140/; classtype:trojan-activity;sid:83665240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.184.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802139/; classtype:trojan-activity;sid:83665239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.24.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802138/; classtype:trojan-activity;sid:83665238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.6.129"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802137/; classtype:trojan-activity;sid:83665237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.142.182.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802135/; classtype:trojan-activity;sid:83665235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.142.182.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802136/; classtype:trojan-activity;sid:83665236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802134/; classtype:trojan-activity;sid:83665234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802133/; classtype:trojan-activity;sid:83665233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nano"; depth:5; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802129/; classtype:trojan-activity;sid:83665229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnetd"; depth:8; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802130/; classtype:trojan-activity;sid:83665230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802131/; classtype:trojan-activity;sid:83665231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802132/; classtype:trojan-activity;sid:83665232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pc"; depth:3; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802125/; classtype:trojan-activity;sid:83665225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802126/; classtype:trojan-activity;sid:83665226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/var"; depth:4; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802127/; classtype:trojan-activity;sid:83665227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"141.11.228.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802128/; classtype:trojan-activity;sid:83665228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.221.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802124/; classtype:trojan-activity;sid:83665224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.0.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802123/; classtype:trojan-activity;sid:83665223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.148.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802122/; classtype:trojan-activity;sid:83665222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.24.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802121/; classtype:trojan-activity;sid:83665221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1224867394376306720/1224867507865915503/sky-beta-setup.zip|3f|ex=661f0dc2|7c|26|7c|is=660c98c2|7c|26|7c|hm=547f1c34e4ba5e41445b013d500f49f2f16bb0f9c56dcdc59853040472aae46d|7c|26|7c|"; depth:194; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802120/; classtype:trojan-activity;sid:83665220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cats.txt"; depth:9; endswith; nocase; http.host; content:"habarileo.co.tz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802116/; classtype:trojan-activity;sid:83665216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.34.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802117/; classtype:trojan-activity;sid:83665217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.184.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802118/; classtype:trojan-activity;sid:83665218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.6.129"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802119/; classtype:trojan-activity;sid:83665219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.137.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802115/; classtype:trojan-activity;sid:83665215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.25.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802114/; classtype:trojan-activity;sid:83665214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.34.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802113/; classtype:trojan-activity;sid:83665213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.6.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802112/; classtype:trojan-activity;sid:83665212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.140.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802110/; classtype:trojan-activity;sid:83665210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.156.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802111/; classtype:trojan-activity;sid:83665211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xheumhtjdfig"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802109/; classtype:trojan-activity;sid:83665209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.74.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802108/; classtype:trojan-activity;sid:83665208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.73.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802107/; classtype:trojan-activity;sid:83665207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.154.7.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802106/; classtype:trojan-activity;sid:83665206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668301207|3f|hash=tuqb2kqlnronwwzxievr0gqi7gzkjdr8q0gnkonbzz8|7c|26|7c|dl=7svpjjyp2jeoig4ai7bbxmdy6qzi30vkjzqze7edkmw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802105/; classtype:trojan-activity;sid:83665205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802104/; classtype:trojan-activity;sid:83665204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.43.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802103/; classtype:trojan-activity;sid:83665203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.254.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802102/; classtype:trojan-activity;sid:83665202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.107.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802101/; classtype:trojan-activity;sid:83665201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.136.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802100/; classtype:trojan-activity;sid:83665200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.68.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802098/; classtype:trojan-activity;sid:83665198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.221.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802099/; classtype:trojan-activity;sid:83665199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.87.141"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802097/; classtype:trojan-activity;sid:83665197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.34.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802096/; classtype:trojan-activity;sid:83665196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.8.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802095/; classtype:trojan-activity;sid:83665195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.59.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802094/; classtype:trojan-activity;sid:83665194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.105.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802093/; classtype:trojan-activity;sid:83665193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.188.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802092/; classtype:trojan-activity;sid:83665192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.211.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802091/; classtype:trojan-activity;sid:83665191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.190.46.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802090/; classtype:trojan-activity;sid:83665190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.140.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802089/; classtype:trojan-activity;sid:83665189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.81.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802088/; classtype:trojan-activity;sid:83665188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.188.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802087/; classtype:trojan-activity;sid:83665187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"kvss.2023.ebeenj.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802086/; classtype:trojan-activity;sid:83665186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.103.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802085/; classtype:trojan-activity;sid:83665185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.246.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802084/; classtype:trojan-activity;sid:83665184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.136.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802083/; classtype:trojan-activity;sid:83665183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.190.46.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802082/; classtype:trojan-activity;sid:83665182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802081/; classtype:trojan-activity;sid:83665181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xtpt79jkvvle"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802080/; classtype:trojan-activity;sid:83665180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.232.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802079/; classtype:trojan-activity;sid:83665179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.246.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802078/; classtype:trojan-activity;sid:83665178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.81.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802077/; classtype:trojan-activity;sid:83665177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.143.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802076/; classtype:trojan-activity;sid:83665176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.80.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802072/; classtype:trojan-activity;sid:83665172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.127.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802073/; classtype:trojan-activity;sid:83665173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.168.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802074/; classtype:trojan-activity;sid:83665174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.210.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802075/; classtype:trojan-activity;sid:83665175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668296994|3f|hash=iz16lz03bv6dak6zjun9snuz2ka5q2gckehsorisoil|7c|26|7c|dl=9oc3r4zozczubmmnyby1nsefkcyfze5potzzjbw2sux|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802071/; classtype:trojan-activity;sid:83665171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.147.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802070/; classtype:trojan-activity;sid:83665170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.70.31.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802069/; classtype:trojan-activity;sid:83665169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/n3.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802056/; classtype:trojan-activity;sid:83665156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/ph.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802057/; classtype:trojan-activity;sid:83665157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/wx1.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802058/; classtype:trojan-activity;sid:83665158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rinp.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802059/; classtype:trojan-activity;sid:83665159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rz.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802060/; classtype:trojan-activity;sid:83665160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rup.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802061/; classtype:trojan-activity;sid:83665161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/r1.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802062/; classtype:trojan-activity;sid:83665162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/ps1.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802063/; classtype:trojan-activity;sid:83665163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/np.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802064/; classtype:trojan-activity;sid:83665164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rmup.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802065/; classtype:trojan-activity;sid:83665165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rr2.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802066/; classtype:trojan-activity;sid:83665166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rme.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802067/; classtype:trojan-activity;sid:83665167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rs.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802068/; classtype:trojan-activity;sid:83665168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/t3.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802051/; classtype:trojan-activity;sid:83665151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rmz.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802052/; classtype:trojan-activity;sid:83665152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/r.txt"; depth:20; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802053/; classtype:trojan-activity;sid:83665153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/arhvn.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802054/; classtype:trojan-activity;sid:83665154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/rm.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802055/; classtype:trojan-activity;sid:83665155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/q1.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802049/; classtype:trojan-activity;sid:83665149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/pr.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802050/; classtype:trojan-activity;sid:83665150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/l8.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802042/; classtype:trojan-activity;sid:83665142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.143.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802043/; classtype:trojan-activity;sid:83665143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/njz.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802044/; classtype:trojan-activity;sid:83665144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/q7.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802045/; classtype:trojan-activity;sid:83665145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/lx6.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802046/; classtype:trojan-activity;sid:83665146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/p.txt"; depth:20; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802047/; classtype:trojan-activity;sid:83665147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/async.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802048/; classtype:trojan-activity;sid:83665148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/nj.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802039/; classtype:trojan-activity;sid:83665139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/ny0.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802040/; classtype:trojan-activity;sid:83665140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/dcr.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802041/; classtype:trojan-activity;sid:83665141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/nx.txt"; depth:21; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802035/; classtype:trojan-activity;sid:83665135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/njx.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802036/; classtype:trojan-activity;sid:83665136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/zx2.txt"; depth:22; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802037/; classtype:trojan-activity;sid:83665137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tester/rak/gr/arrw.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802038/; classtype:trojan-activity;sid:83665138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.16.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802033/; classtype:trojan-activity;sid:83665133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.154.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802032/; classtype:trojan-activity;sid:83665132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.37.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802031/; classtype:trojan-activity;sid:83665131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.115.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802030/; classtype:trojan-activity;sid:83665130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.238.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802029/; classtype:trojan-activity;sid:83665129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.39.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802028/; classtype:trojan-activity;sid:83665128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.28.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802027/; classtype:trojan-activity;sid:83665127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.16.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802026/; classtype:trojan-activity;sid:83665126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.154.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802025/; classtype:trojan-activity;sid:83665125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.161.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802024/; classtype:trojan-activity;sid:83665124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.199.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802023/; classtype:trojan-activity;sid:83665123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.5.210.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802022/; classtype:trojan-activity;sid:83665122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.251.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802021/; classtype:trojan-activity;sid:83665121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.70.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802020/; classtype:trojan-activity;sid:83665120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.132.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802019/; classtype:trojan-activity;sid:83665119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.144.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802018/; classtype:trojan-activity;sid:83665118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xj1kb4n84mdk"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802017/; classtype:trojan-activity;sid:83665117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.170.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802016/; classtype:trojan-activity;sid:83665116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.7.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802014/; classtype:trojan-activity;sid:83665114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.208.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802015/; classtype:trojan-activity;sid:83665115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.128.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802013/; classtype:trojan-activity;sid:83665113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.99.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802012/; classtype:trojan-activity;sid:83665112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.110.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802011/; classtype:trojan-activity;sid:83665111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.154.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802010/; classtype:trojan-activity;sid:83665110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.251.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802009/; classtype:trojan-activity;sid:83665109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.185.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802008/; classtype:trojan-activity;sid:83665108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.239.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802007/; classtype:trojan-activity;sid:83665107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.11.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802006/; classtype:trojan-activity;sid:83665106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.104.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802005/; classtype:trojan-activity;sid:83665105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.99.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802004/; classtype:trojan-activity;sid:83665104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.154.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802003/; classtype:trojan-activity;sid:83665103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.249.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802002/; classtype:trojan-activity;sid:83665102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.132.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802001/; classtype:trojan-activity;sid:83665101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.70.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802000/; classtype:trojan-activity;sid:83665100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips|3f|ddos"; depth:13; endswith; nocase; http.host; content:"94.156.8.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801999/; classtype:trojan-activity;sid:83665099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.61.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801998/; classtype:trojan-activity;sid:83665098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801997/; classtype:trojan-activity;sid:83665097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.18.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801996/; classtype:trojan-activity;sid:83665096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.11.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801995/; classtype:trojan-activity;sid:83665095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.17.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801994/; classtype:trojan-activity;sid:83665094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801992/; classtype:trojan-activity;sid:83665092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801993/; classtype:trojan-activity;sid:83665093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801982/; classtype:trojan-activity;sid:83665082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801983/; classtype:trojan-activity;sid:83665083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801984/; classtype:trojan-activity;sid:83665084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801985/; classtype:trojan-activity;sid:83665085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801986/; classtype:trojan-activity;sid:83665086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801987/; classtype:trojan-activity;sid:83665087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801988/; classtype:trojan-activity;sid:83665088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801989/; classtype:trojan-activity;sid:83665089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801990/; classtype:trojan-activity;sid:83665090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801991/; classtype:trojan-activity;sid:83665091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"93.123.85.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801981/; classtype:trojan-activity;sid:83665081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.107.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801979/; classtype:trojan-activity;sid:83665079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.242.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801980/; classtype:trojan-activity;sid:83665080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.253.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801978/; classtype:trojan-activity;sid:83665078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801977/; classtype:trojan-activity;sid:83665077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.41.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801976/; classtype:trojan-activity;sid:83665076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.170.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801975/; classtype:trojan-activity;sid:83665075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801974/; classtype:trojan-activity;sid:83665074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.180.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801973/; classtype:trojan-activity;sid:83665073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.94.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801972/; classtype:trojan-activity;sid:83665072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irptymycrqa230.bin"; depth:19; endswith; nocase; http.host; content:"172.93.222.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801971/; classtype:trojan-activity;sid:83665071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhodcifhukdpvubgl165.bin"; depth:25; endswith; nocase; http.host; content:"172.93.222.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801970/; classtype:trojan-activity;sid:83665070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gre.bin"; depth:8; endswith; nocase; http.host; content:"easxal.gr"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801969/; classtype:trojan-activity;sid:83665069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.4.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801968/; classtype:trojan-activity;sid:83665068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.228.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801967/; classtype:trojan-activity;sid:83665067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.17.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801966/; classtype:trojan-activity;sid:83665066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; depth:45; endswith; nocase; http.host; content:"192.227.94.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801965/; classtype:trojan-activity;sid:83665065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; depth:42; endswith; nocase; http.host; content:"192.227.94.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801963/; classtype:trojan-activity;sid:83665063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; depth:46; endswith; nocase; http.host; content:"192.227.94.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801964/; classtype:trojan-activity;sid:83665064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; depth:46; endswith; nocase; http.host; content:"192.227.94.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801959/; classtype:trojan-activity;sid:83665059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; depth:45; endswith; nocase; http.host; content:"192.227.94.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801960/; classtype:trojan-activity;sid:83665060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; depth:50; endswith; nocase; http.host; content:"192.227.94.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801961/; classtype:trojan-activity;sid:83665061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; depth:45; endswith; nocase; http.host; content:"192.227.94.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801962/; classtype:trojan-activity;sid:83665062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.242.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801958/; classtype:trojan-activity;sid:83665058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.94.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801957/; classtype:trojan-activity;sid:83665057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.75.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801956/; classtype:trojan-activity;sid:83665056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.233.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801955/; classtype:trojan-activity;sid:83665055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.170.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801954/; classtype:trojan-activity;sid:83665054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.20.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801953/; classtype:trojan-activity;sid:83665053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.154.6.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801952/; classtype:trojan-activity;sid:83665052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.166.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801951/; classtype:trojan-activity;sid:83665051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.61.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801950/; classtype:trojan-activity;sid:83665050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.67.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801949/; classtype:trojan-activity;sid:83665049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.249.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801947/; classtype:trojan-activity;sid:83665047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.196.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801948/; classtype:trojan-activity;sid:83665048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.182.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801946/; classtype:trojan-activity;sid:83665046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.249.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801945/; classtype:trojan-activity;sid:83665045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.178.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801944/; classtype:trojan-activity;sid:83665044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.104.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801943/; classtype:trojan-activity;sid:83665043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/done.txt"; depth:9; endswith; nocase; http.host; content:"imanikuu.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801942/; classtype:trojan-activity;sid:83665042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.67.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801941/; classtype:trojan-activity;sid:83665041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.160.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801940/; classtype:trojan-activity;sid:83665040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/open.txt"; depth:9; endswith; nocase; http.host; content:"imanikuu.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801938/; classtype:trojan-activity;sid:83665038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.166.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801939/; classtype:trojan-activity;sid:83665039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.50.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801937/; classtype:trojan-activity;sid:83665037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.100.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801936/; classtype:trojan-activity;sid:83665036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.207.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801935/; classtype:trojan-activity;sid:83665035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.207.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801934/; classtype:trojan-activity;sid:83665034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.61.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801933/; classtype:trojan-activity;sid:83665033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.56.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801932/; classtype:trojan-activity;sid:83665032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.181.9.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801931/; classtype:trojan-activity;sid:83665031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.160.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801930/; classtype:trojan-activity;sid:83665030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.208.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801929/; classtype:trojan-activity;sid:83665029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.139.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801928/; classtype:trojan-activity;sid:83665028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.35.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801926/; classtype:trojan-activity;sid:83665026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.169.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801927/; classtype:trojan-activity;sid:83665027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.213.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801925/; classtype:trojan-activity;sid:83665025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.189.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801924/; classtype:trojan-activity;sid:83665024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.255.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801923/; classtype:trojan-activity;sid:83665023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.85.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801922/; classtype:trojan-activity;sid:83665022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.87.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801921/; classtype:trojan-activity;sid:83665021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.15.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801920/; classtype:trojan-activity;sid:83665020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.56.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801919/; classtype:trojan-activity;sid:83665019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.110.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801918/; classtype:trojan-activity;sid:83665018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.208.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801917/; classtype:trojan-activity;sid:83665017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.173.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801916/; classtype:trojan-activity;sid:83665016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.71.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801915/; classtype:trojan-activity;sid:83665015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.38.208.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801914/; classtype:trojan-activity;sid:83665014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.54.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801913/; classtype:trojan-activity;sid:83665013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.95.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801912/; classtype:trojan-activity;sid:83665012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.189.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801911/; classtype:trojan-activity;sid:83665011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.79.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801910/; classtype:trojan-activity;sid:83665010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/111.exe"; depth:10; endswith; nocase; http.host; content:"poitepotooos.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801909/; classtype:trojan-activity;sid:83665009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.93.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801908/; classtype:trojan-activity;sid:83665008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.154.7.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801907/; classtype:trojan-activity;sid:83665007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.71.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801906/; classtype:trojan-activity;sid:83665006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.55.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801905/; classtype:trojan-activity;sid:83665005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.173.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801904/; classtype:trojan-activity;sid:83665004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.95.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801903/; classtype:trojan-activity;sid:83665003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.62.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801902/; classtype:trojan-activity;sid:83665002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.153.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801901/; classtype:trojan-activity;sid:83665001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.99.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801900/; classtype:trojan-activity;sid:83665000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.84.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801899/; classtype:trojan-activity;sid:83664999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.178.116.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801898/; classtype:trojan-activity;sid:83664998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gdrwaedw.exe"; depth:13; endswith; nocase; http.host; content:"r2.ohyoulookstupid.win"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801897/; classtype:trojan-activity;sid:83664997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.9.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801896/; classtype:trojan-activity;sid:83664996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.9.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801895/; classtype:trojan-activity;sid:83664995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.93.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801894/; classtype:trojan-activity;sid:83664994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.58.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801893/; classtype:trojan-activity;sid:83664993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.99.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801892/; classtype:trojan-activity;sid:83664992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.45.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801890/; classtype:trojan-activity;sid:83664990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.252.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801891/; classtype:trojan-activity;sid:83664991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801889/; classtype:trojan-activity;sid:83664989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801888/; classtype:trojan-activity;sid:83664988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.207.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801887/; classtype:trojan-activity;sid:83664987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.214.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801886/; classtype:trojan-activity;sid:83664986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.55.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801885/; classtype:trojan-activity;sid:83664985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.62.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801884/; classtype:trojan-activity;sid:83664984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.73.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801882/; classtype:trojan-activity;sid:83664982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.147.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801883/; classtype:trojan-activity;sid:83664983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801881/; classtype:trojan-activity;sid:83664981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.214.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801880/; classtype:trojan-activity;sid:83664980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pufpufooootools/150_clwwfhzotee"; depth:32; endswith; nocase; http.host; content:"leibk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801879/; classtype:trojan-activity;sid:83664979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.58.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801878/; classtype:trojan-activity;sid:83664978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.147.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801877/; classtype:trojan-activity;sid:83664977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.155.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801876/; classtype:trojan-activity;sid:83664976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.184.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801875/; classtype:trojan-activity;sid:83664975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.107.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801874/; classtype:trojan-activity;sid:83664974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.43.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801873/; classtype:trojan-activity;sid:83664973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.104.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801872/; classtype:trojan-activity;sid:83664972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.47.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801869/; classtype:trojan-activity;sid:83664969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801870/; classtype:trojan-activity;sid:83664970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.36.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801871/; classtype:trojan-activity;sid:83664971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.190.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801868/; classtype:trojan-activity;sid:83664968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.112.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801867/; classtype:trojan-activity;sid:83664967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.238.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801866/; classtype:trojan-activity;sid:83664966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.21.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801865/; classtype:trojan-activity;sid:83664965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.146.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801863/; classtype:trojan-activity;sid:83664963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.155.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801864/; classtype:trojan-activity;sid:83664964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.171.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801862/; classtype:trojan-activity;sid:83664962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.36.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801861/; classtype:trojan-activity;sid:83664961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.93.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801858/; classtype:trojan-activity;sid:83664958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.146.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801859/; classtype:trojan-activity;sid:83664959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.158.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801860/; classtype:trojan-activity;sid:83664960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686_1"; depth:7; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801854/; classtype:trojan-activity;sid:83664954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801855/; classtype:trojan-activity;sid:83664955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801856/; classtype:trojan-activity;sid:83664956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"87.246.7.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801857/; classtype:trojan-activity;sid:83664957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801847/; classtype:trojan-activity;sid:83664947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801848/; classtype:trojan-activity;sid:83664948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801849/; classtype:trojan-activity;sid:83664949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801850/; classtype:trojan-activity;sid:83664950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801851/; classtype:trojan-activity;sid:83664951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801852/; classtype:trojan-activity;sid:83664952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801853/; classtype:trojan-activity;sid:83664953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.115.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801843/; classtype:trojan-activity;sid:83664943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801844/; classtype:trojan-activity;sid:83664944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.47.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801845/; classtype:trojan-activity;sid:83664945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801846/; classtype:trojan-activity;sid:83664946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801841/; classtype:trojan-activity;sid:83664941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"45.87.153.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801842/; classtype:trojan-activity;sid:83664942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.246.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801839/; classtype:trojan-activity;sid:83664939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.239.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801840/; classtype:trojan-activity;sid:83664940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.182.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801837/; classtype:trojan-activity;sid:83664937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.17.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801838/; classtype:trojan-activity;sid:83664938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.7.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801836/; classtype:trojan-activity;sid:83664936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801835/; classtype:trojan-activity;sid:83664935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.206.197.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801834/; classtype:trojan-activity;sid:83664934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.176.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801833/; classtype:trojan-activity;sid:83664933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.37.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801832/; classtype:trojan-activity;sid:83664932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.144.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801831/; classtype:trojan-activity;sid:83664931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.172.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801830/; classtype:trojan-activity;sid:83664930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801829/; classtype:trojan-activity;sid:83664929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mstsc.exe"; depth:10; endswith; nocase; http.host; content:"154.201.74.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801828/; classtype:trojan-activity;sid:83664928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckjewishpeople.sh"; depth:20; endswith; nocase; http.host; content:"146.190.171.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801827/; classtype:trojan-activity;sid:83664927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.88.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801826/; classtype:trojan-activity;sid:83664926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.77.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801825/; classtype:trojan-activity;sid:83664925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.19.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801824/; classtype:trojan-activity;sid:83664924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/crypted_097f1784.exe"; depth:28; endswith; nocase; http.host; content:"193.233.132.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801823/; classtype:trojan-activity;sid:83664923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.47.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801822/; classtype:trojan-activity;sid:83664922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.138.222.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801821/; classtype:trojan-activity;sid:83664921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"ujjz.schedule.golfballnutz.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801820/; classtype:trojan-activity;sid:83664920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.228.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801819/; classtype:trojan-activity;sid:83664919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.187.73.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801818/; classtype:trojan-activity;sid:83664918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.92.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801817/; classtype:trojan-activity;sid:83664917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.209.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801816/; classtype:trojan-activity;sid:83664916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.144.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801815/; classtype:trojan-activity;sid:83664915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.35.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801814/; classtype:trojan-activity;sid:83664914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.192.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801813/; classtype:trojan-activity;sid:83664913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.88.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801812/; classtype:trojan-activity;sid:83664912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.138.222.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801811/; classtype:trojan-activity;sid:83664911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.77.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801810/; classtype:trojan-activity;sid:83664910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.19.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801809/; classtype:trojan-activity;sid:83664909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.47.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801808/; classtype:trojan-activity;sid:83664908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.42.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801807/; classtype:trojan-activity;sid:83664907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.85.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801805/; classtype:trojan-activity;sid:83664905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.195.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801806/; classtype:trojan-activity;sid:83664906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.150.181.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801804/; classtype:trojan-activity;sid:83664904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.100.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801803/; classtype:trojan-activity;sid:83664903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.35.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801802/; classtype:trojan-activity;sid:83664902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.182.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801801/; classtype:trojan-activity;sid:83664901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.34.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801798/; classtype:trojan-activity;sid:83664898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.192.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801799/; classtype:trojan-activity;sid:83664899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.172.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801800/; classtype:trojan-activity;sid:83664900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc5294803_668283477|3f|hash=xhai5tb9yocfxczrrk2anyzguv1rsr4smnozmkpot3z|7c|26|7c|dl=v6laonmdtrmnksztvodj4dg5vkgcf2jtzwajthbonrz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:166; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801797/; classtype:trojan-activity;sid:83664897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.139.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801796/; classtype:trojan-activity;sid:83664896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.136.87.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801795/; classtype:trojan-activity;sid:83664895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.205.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801794/; classtype:trojan-activity;sid:83664894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.207.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801793/; classtype:trojan-activity;sid:83664893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.224.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801792/; classtype:trojan-activity;sid:83664892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.25.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801791/; classtype:trojan-activity;sid:83664891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.85.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801790/; classtype:trojan-activity;sid:83664890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/pdf/june.exe"; depth:18; endswith; nocase; http.host; content:"vi.fishoaks.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801789/; classtype:trojan-activity;sid:83664889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.80.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801788/; classtype:trojan-activity;sid:83664888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.204.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801787/; classtype:trojan-activity;sid:83664887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.184.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801786/; classtype:trojan-activity;sid:83664886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.127.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801785/; classtype:trojan-activity;sid:83664885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.229.174.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801784/; classtype:trojan-activity;sid:83664884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.206.198.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801783/; classtype:trojan-activity;sid:83664883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.121.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801782/; classtype:trojan-activity;sid:83664882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.189.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801781/; classtype:trojan-activity;sid:83664881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.41.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801780/; classtype:trojan-activity;sid:83664880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.50.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801779/; classtype:trojan-activity;sid:83664879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.204.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801778/; classtype:trojan-activity;sid:83664878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.247.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801776/; classtype:trojan-activity;sid:83664876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.73.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801777/; classtype:trojan-activity;sid:83664877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.0.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801775/; classtype:trojan-activity;sid:83664875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.24.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801774/; classtype:trojan-activity;sid:83664874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.64.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801773/; classtype:trojan-activity;sid:83664873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/crypted_33cb9091.exe"; depth:28; endswith; nocase; http.host; content:"193.233.132.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801772/; classtype:trojan-activity;sid:83664872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.229.174.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801771/; classtype:trojan-activity;sid:83664871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.115.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801770/; classtype:trojan-activity;sid:83664870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.19.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801769/; classtype:trojan-activity;sid:83664869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.189.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801768/; classtype:trojan-activity;sid:83664868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.73.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801767/; classtype:trojan-activity;sid:83664867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/violetx86"; depth:15; endswith; nocase; http.host; content:"45.88.90.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801766/; classtype:trojan-activity;sid:83664866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.172.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801765/; classtype:trojan-activity;sid:83664865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"194.28.162.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801764/; classtype:trojan-activity;sid:83664864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.65.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801763/; classtype:trojan-activity;sid:83664863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.247.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801762/; classtype:trojan-activity;sid:83664862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.172.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801761/; classtype:trojan-activity;sid:83664861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.24.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801760/; classtype:trojan-activity;sid:83664860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.175.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801759/; classtype:trojan-activity;sid:83664859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.2.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801758/; classtype:trojan-activity;sid:83664858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.64.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801757/; classtype:trojan-activity;sid:83664857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"znyn.schedule.golfballnutz.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801756/; classtype:trojan-activity;sid:83664856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.84.189.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801755/; classtype:trojan-activity;sid:83664855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.84.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801753/; classtype:trojan-activity;sid:83664853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.229.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801754/; classtype:trojan-activity;sid:83664854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.79.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801751/; classtype:trojan-activity;sid:83664851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.82.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801752/; classtype:trojan-activity;sid:83664852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dc4iab_hlm_nomzlujetqj0bazv82w9u"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801750/; classtype:trojan-activity;sid:83664850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.164.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801749/; classtype:trojan-activity;sid:83664849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/server/appgate2103v01.exe"; depth:37; endswith; nocase; http.host; content:"piramidglobaltobacco.id"; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801748/; classtype:trojan-activity;sid:83664848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.189.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801747/; classtype:trojan-activity;sid:83664847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.229.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801746/; classtype:trojan-activity;sid:83664846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.21.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801745/; classtype:trojan-activity;sid:83664845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.108.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801744/; classtype:trojan-activity;sid:83664844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.175.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801743/; classtype:trojan-activity;sid:83664843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.61.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801742/; classtype:trojan-activity;sid:83664842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.79.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801741/; classtype:trojan-activity;sid:83664841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.229.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801740/; classtype:trojan-activity;sid:83664840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801739/; classtype:trojan-activity;sid:83664839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.30.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801738/; classtype:trojan-activity;sid:83664838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.239.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801737/; classtype:trojan-activity;sid:83664837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.36.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801736/; classtype:trojan-activity;sid:83664836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.58.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801735/; classtype:trojan-activity;sid:83664835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.24.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801733/; classtype:trojan-activity;sid:83664833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.147.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801734/; classtype:trojan-activity;sid:83664834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.227.40.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801732/; classtype:trojan-activity;sid:83664832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.226.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801731/; classtype:trojan-activity;sid:83664831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.125.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801730/; classtype:trojan-activity;sid:83664830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.117.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801729/; classtype:trojan-activity;sid:83664829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.135.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801727/; classtype:trojan-activity;sid:83664827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801728/; classtype:trojan-activity;sid:83664828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801726/; classtype:trojan-activity;sid:83664826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.208.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801725/; classtype:trojan-activity;sid:83664825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.141.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801724/; classtype:trojan-activity;sid:83664824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.63.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801723/; classtype:trojan-activity;sid:83664823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.179.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801722/; classtype:trojan-activity;sid:83664822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801721/; classtype:trojan-activity;sid:83664821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.24.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801720/; classtype:trojan-activity;sid:83664820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.71.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801719/; classtype:trojan-activity;sid:83664819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.182.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801718/; classtype:trojan-activity;sid:83664818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.50.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801717/; classtype:trojan-activity;sid:83664817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.75.131.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801716/; classtype:trojan-activity;sid:83664816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801715/; classtype:trojan-activity;sid:83664815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.117.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801714/; classtype:trojan-activity;sid:83664814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.141.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801713/; classtype:trojan-activity;sid:83664813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801712/; classtype:trojan-activity;sid:83664812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.125.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801711/; classtype:trojan-activity;sid:83664811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.21.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801709/; classtype:trojan-activity;sid:83664809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.135.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801710/; classtype:trojan-activity;sid:83664810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.226.229.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801708/; classtype:trojan-activity;sid:83664808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.148.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801707/; classtype:trojan-activity;sid:83664807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.3.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801706/; classtype:trojan-activity;sid:83664806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801705/; classtype:trojan-activity;sid:83664805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.149.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801704/; classtype:trojan-activity;sid:83664804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.81.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801703/; classtype:trojan-activity;sid:83664803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.17.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801702/; classtype:trojan-activity;sid:83664802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.118.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801701/; classtype:trojan-activity;sid:83664801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.226.229.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801700/; classtype:trojan-activity;sid:83664800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.59.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801699/; classtype:trojan-activity;sid:83664799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.180.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801698/; classtype:trojan-activity;sid:83664798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.42.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801697/; classtype:trojan-activity;sid:83664797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.150.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801696/; classtype:trojan-activity;sid:83664796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.exe"; depth:8; endswith; nocase; http.host; content:"49.234.192.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801695/; classtype:trojan-activity;sid:83664795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.29.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801694/; classtype:trojan-activity;sid:83664794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.226.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801693/; classtype:trojan-activity;sid:83664793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malw/sample8.exe"; depth:17; endswith; nocase; http.host; content:"webntdev.pages.dev"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801692/; classtype:trojan-activity;sid:83664792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.122.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801691/; classtype:trojan-activity;sid:83664791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.59.98.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801690/; classtype:trojan-activity;sid:83664790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.184.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801689/; classtype:trojan-activity;sid:83664789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.225.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801688/; classtype:trojan-activity;sid:83664788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.59.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801687/; classtype:trojan-activity;sid:83664787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.2.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801686/; classtype:trojan-activity;sid:83664786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.80.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801685/; classtype:trojan-activity;sid:83664785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.65.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801683/; classtype:trojan-activity;sid:83664783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.36.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801684/; classtype:trojan-activity;sid:83664784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.79.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801682/; classtype:trojan-activity;sid:83664782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.171.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801681/; classtype:trojan-activity;sid:83664781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.0.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801680/; classtype:trojan-activity;sid:83664780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.122.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801679/; classtype:trojan-activity;sid:83664779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.2.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801678/; classtype:trojan-activity;sid:83664778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801677/; classtype:trojan-activity;sid:83664777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.47.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801676/; classtype:trojan-activity;sid:83664776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.225.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801675/; classtype:trojan-activity;sid:83664775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.206.100.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801674/; classtype:trojan-activity;sid:83664774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.21.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801673/; classtype:trojan-activity;sid:83664773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.0.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801672/; classtype:trojan-activity;sid:83664772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.104.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801671/; classtype:trojan-activity;sid:83664771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.10.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801670/; classtype:trojan-activity;sid:83664770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.79.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801669/; classtype:trojan-activity;sid:83664769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.251.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801668/; classtype:trojan-activity;sid:83664768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.47.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801667/; classtype:trojan-activity;sid:83664767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801666/; classtype:trojan-activity;sid:83664766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.29.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801665/; classtype:trojan-activity;sid:83664765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.21.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801664/; classtype:trojan-activity;sid:83664764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.67.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801663/; classtype:trojan-activity;sid:83664763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.50.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801662/; classtype:trojan-activity;sid:83664762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.88.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801661/; classtype:trojan-activity;sid:83664761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.42.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801660/; classtype:trojan-activity;sid:83664760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.201.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801659/; classtype:trojan-activity;sid:83664759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.120.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801658/; classtype:trojan-activity;sid:83664758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.90.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801657/; classtype:trojan-activity;sid:83664757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.arm6"; depth:28; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801653/; classtype:trojan-activity;sid:83664753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.arm5"; depth:28; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801654/; classtype:trojan-activity;sid:83664754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.mips"; depth:28; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801655/; classtype:trojan-activity;sid:83664755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.arm7"; depth:28; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801656/; classtype:trojan-activity;sid:83664756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.ppc"; depth:27; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801650/; classtype:trojan-activity;sid:83664750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.m68k"; depth:28; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801651/; classtype:trojan-activity;sid:83664751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.sh4"; depth:27; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801652/; classtype:trojan-activity;sid:83664752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.mpsl"; depth:28; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801648/; classtype:trojan-activity;sid:83664748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.arm"; depth:27; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801649/; classtype:trojan-activity;sid:83664749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801642/; classtype:trojan-activity;sid:83664742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801643/; classtype:trojan-activity;sid:83664743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801644/; classtype:trojan-activity;sid:83664744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801645/; classtype:trojan-activity;sid:83664745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801646/; classtype:trojan-activity;sid:83664746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801647/; classtype:trojan-activity;sid:83664747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801637/; classtype:trojan-activity;sid:83664737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801638/; classtype:trojan-activity;sid:83664738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801639/; classtype:trojan-activity;sid:83664739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801640/; classtype:trojan-activity;sid:83664740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801641/; classtype:trojan-activity;sid:83664741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"93.123.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801636/; classtype:trojan-activity;sid:83664736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801635/; classtype:trojan-activity;sid:83664735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.arm4"; depth:13; endswith; nocase; http.host; content:"45.142.182.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801633/; classtype:trojan-activity;sid:83664733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softbot.x86"; depth:12; endswith; nocase; http.host; content:"45.142.182.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801634/; classtype:trojan-activity;sid:83664734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.89.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801631/; classtype:trojan-activity;sid:83664731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.63.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801632/; classtype:trojan-activity;sid:83664732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.170.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801630/; classtype:trojan-activity;sid:83664730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.160.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801629/; classtype:trojan-activity;sid:83664729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.36.206"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801628/; classtype:trojan-activity;sid:83664728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.76.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801627/; classtype:trojan-activity;sid:83664727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.9.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801626/; classtype:trojan-activity;sid:83664726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.71.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801625/; classtype:trojan-activity;sid:83664725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.12.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801624/; classtype:trojan-activity;sid:83664724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.126.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801623/; classtype:trojan-activity;sid:83664723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.230.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801622/; classtype:trojan-activity;sid:83664722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.82.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801620/; classtype:trojan-activity;sid:83664720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.89.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801621/; classtype:trojan-activity;sid:83664721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801619/; classtype:trojan-activity;sid:83664719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801618/; classtype:trojan-activity;sid:83664718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.151.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801617/; classtype:trojan-activity;sid:83664717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.75.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801616/; classtype:trojan-activity;sid:83664716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.212.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801615/; classtype:trojan-activity;sid:83664715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.75.131.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801614/; classtype:trojan-activity;sid:83664714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.160.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801613/; classtype:trojan-activity;sid:83664713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.119.9.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801612/; classtype:trojan-activity;sid:83664712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.189.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801611/; classtype:trojan-activity;sid:83664711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.206.194.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801610/; classtype:trojan-activity;sid:83664710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.248.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801609/; classtype:trojan-activity;sid:83664709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.61.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801608/; classtype:trojan-activity;sid:83664708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.20.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801607/; classtype:trojan-activity;sid:83664707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.90.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801606/; classtype:trojan-activity;sid:83664706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.19.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801605/; classtype:trojan-activity;sid:83664705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.104.221.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801604/; classtype:trojan-activity;sid:83664704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.105.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801601/; classtype:trojan-activity;sid:83664701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.135.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801602/; classtype:trojan-activity;sid:83664702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.171.253.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801603/; classtype:trojan-activity;sid:83664703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.12.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801600/; classtype:trojan-activity;sid:83664700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onzojcowjjd625j/active.x86"; depth:27; endswith; nocase; http.host; content:"45.13.119.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801598/; classtype:trojan-activity;sid:83664698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.151.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801599/; classtype:trojan-activity;sid:83664699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.61.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801597/; classtype:trojan-activity;sid:83664697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.192.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801595/; classtype:trojan-activity;sid:83664695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.248.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801596/; classtype:trojan-activity;sid:83664696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.249.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801594/; classtype:trojan-activity;sid:83664694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.34.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801592/; classtype:trojan-activity;sid:83664692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.20.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801593/; classtype:trojan-activity;sid:83664693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801591/; classtype:trojan-activity;sid:83664691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.61.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801590/; classtype:trojan-activity;sid:83664690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.64.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801589/; classtype:trojan-activity;sid:83664689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.17.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801588/; classtype:trojan-activity;sid:83664688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.192.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801587/; classtype:trojan-activity;sid:83664687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.93.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801586/; classtype:trojan-activity;sid:83664686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.60.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801585/; classtype:trojan-activity;sid:83664685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.49.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801584/; classtype:trojan-activity;sid:83664684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"dum.schedule.golfballnutz.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801583/; classtype:trojan-activity;sid:83664683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.17.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801581/; classtype:trojan-activity;sid:83664681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.107.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801582/; classtype:trojan-activity;sid:83664682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.49.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801580/; classtype:trojan-activity;sid:83664680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.217.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801579/; classtype:trojan-activity;sid:83664679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.138.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801578/; classtype:trojan-activity;sid:83664678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.135.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801577/; classtype:trojan-activity;sid:83664677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.17.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801576/; classtype:trojan-activity;sid:83664676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.10.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801575/; classtype:trojan-activity;sid:83664675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.246.180.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801574/; classtype:trojan-activity;sid:83664674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.0.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801573/; classtype:trojan-activity;sid:83664673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.18.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801572/; classtype:trojan-activity;sid:83664672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801571/; classtype:trojan-activity;sid:83664671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.224.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801570/; classtype:trojan-activity;sid:83664670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.120.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801569/; classtype:trojan-activity;sid:83664669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.255.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801568/; classtype:trojan-activity;sid:83664668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.181.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801567/; classtype:trojan-activity;sid:83664667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.236.160.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2801314/; classtype:trojan-activity;sid:83664414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/123p.exe"; depth:18; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2801083/; classtype:trojan-activity;sid:83664183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pidoras883/-/releases/download/huesos/ijerkoff.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2801063/; classtype:trojan-activity;sid:83664163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1psjfkavxoi-3yv-87eskdpuwzjd5jomd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800910/; classtype:trojan-activity;sid:83664010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1c-hjo0indwxg0dus_zg0f3jhtmgzcnen"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800905/; classtype:trojan-activity;sid:83664005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1i33affjfkkztyuz_nusrz4jqs45gwzjs"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800895/; classtype:trojan-activity;sid:83663995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1pssupirwdhnwaztrwz6_7dw9r4h_zau9"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800893/; classtype:trojan-activity;sid:83663993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.64.200.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800582/; classtype:trojan-activity;sid:83663682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.166.242.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800576/; classtype:trojan-activity;sid:83663676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/th/getimage15.php"; depth:27; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799475/; classtype:trojan-activity;sid:83662575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/th/getimage12.php"; depth:27; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799388/; classtype:trojan-activity;sid:83662488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dgpz0r0gcq6a-awmrjsfptkwrbozlhpx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799358/; classtype:trojan-activity;sid:83662458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1b3zgfh-ofoq4nkifk7j0manbu5aqvhet"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799349/; classtype:trojan-activity;sid:83662449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.ps1"; depth:12; endswith; nocase; http.host; content:"r2.ohyoulookstupid.win"; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799337/; classtype:trojan-activity;sid:83662437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/th/getimage16.php"; depth:27; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799286/; classtype:trojan-activity;sid:83662386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"207.189.221.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799270/; classtype:trojan-activity;sid:83662370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1oe1ixppk9tdxfmairsjhsacdgh2litag"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799230/; classtype:trojan-activity;sid:83662330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dh3my7h6mtgih5btwmhre7gu6wkxw4ny"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799205/; classtype:trojan-activity;sid:83662305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1osqxhd1ncdyo-hhavradwbm9_itb2p49"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799188/; classtype:trojan-activity;sid:83662288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/th/space.php"; depth:22; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799183/; classtype:trojan-activity;sid:83662283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/th/retail.php"; depth:23; endswith; nocase; http.host; content:"5.42.66.10"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799182/; classtype:trojan-activity;sid:83662282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps"; depth:3; endswith; nocase; http.host; content:"80.94.92.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799142/; classtype:trojan-activity;sid:83662242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.135.166.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798905/; classtype:trojan-activity;sid:83662005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.168.21.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798878/; classtype:trojan-activity;sid:83661978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"109.235.7.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798877/; classtype:trojan-activity;sid:83661977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"83.209.41.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798785/; classtype:trojan-activity;sid:83661885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"83.209.41.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798784/; classtype:trojan-activity;sid:83661884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"209.239.112.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798768/; classtype:trojan-activity;sid:83661868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.55.124.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798698/; classtype:trojan-activity;sid:83661798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/f1e15b/locker.exe"; depth:20; endswith; nocase; http.host; content:"file-drop.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798646/; classtype:trojan-activity;sid:83661746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/batushka/inte.exe"; depth:18; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798339/; classtype:trojan-activity;sid:83661439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_gv_k0ynz9_n6h6n7bvistk9oi2njezj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798232/; classtype:trojan-activity;sid:83661332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.php|3f|pub=inte"; depth:25; endswith; nocase; http.host; content:"5.42.65.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798218/; classtype:trojan-activity;sid:83661318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2797804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/current.exe"; depth:12; endswith; nocase; http.host; content:"193.233.132.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2797804/; classtype:trojan-activity;sid:83660904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2797140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cmd.10001.exe"; depth:14; endswith; nocase; http.host; content:"112.124.64.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_31; reference:url, urlhaus.abuse.ch/url/2797140/; classtype:trojan-activity;sid:83660240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2796514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.117.11.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_30; reference:url, urlhaus.abuse.ch/url/2796514/; classtype:trojan-activity;sid:83659614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lummac2.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795886/; classtype:trojan-activity;sid:83658986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/letmatros.snp"; depth:23; endswith; nocase; http.host; content:"dnvk1.info"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795504/; classtype:trojan-activity;sid:83658604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/oy8858iq8qolsts57wfbt/cheatrun.zip|3f|rlkey=dfm1xos8di7odkk5j9krzlo02|7c|26|7c|dl=0"; depth:91; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795467/; classtype:trojan-activity;sid:83658567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"64.66.18.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795397/; classtype:trojan-activity;sid:83658497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjk.exe"; depth:9; endswith; nocase; http.host; content:"marksidfgs.ug"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795367/; classtype:trojan-activity;sid:83658467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=171-yky-j89krighojrmmetm69vbmd5m4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795037/; classtype:trojan-activity;sid:83658137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gbdnjgeaqubpaxrmmse214.bin"; depth:27; endswith; nocase; http.host; content:"adamkiddoo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795034/; classtype:trojan-activity;sid:83658134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"64.66.18.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794950/; classtype:trojan-activity;sid:83658050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794831/; classtype:trojan-activity;sid:83657931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.sh4"; depth:13; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794641/; classtype:trojan-activity;sid:83657741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mips"; depth:14; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794636/; classtype:trojan-activity;sid:83657736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm5"; depth:14; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794637/; classtype:trojan-activity;sid:83657737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm6"; depth:14; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794632/; classtype:trojan-activity;sid:83657732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm"; depth:13; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794633/; classtype:trojan-activity;sid:83657733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.x86"; depth:13; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794634/; classtype:trojan-activity;sid:83657734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm7"; depth:14; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794635/; classtype:trojan-activity;sid:83657735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mpsl"; depth:14; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794628/; classtype:trojan-activity;sid:83657728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.spc"; depth:13; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794629/; classtype:trojan-activity;sid:83657729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.m68k"; depth:14; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794630/; classtype:trojan-activity;sid:83657730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.ppc"; depth:13; endswith; nocase; http.host; content:"15.204.223.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794631/; classtype:trojan-activity;sid:83657731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/pt.exe"; depth:14; endswith; nocase; http.host; content:"telegram.ninja"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794625/; classtype:trojan-activity;sid:83657725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1pxkpd7y567c6qclfzar4gg7ozi-g8b40"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794608/; classtype:trojan-activity;sid:83657708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1l-zoyasmfcwfa655dud7ekudjq3ywquk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794611/; classtype:trojan-activity;sid:83657711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1smjsns4djerxm11i8rx6ldttpsynidio"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794606/; classtype:trojan-activity;sid:83657706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uzj6rbkjyyfcvpddyaduabxfay7w4_9w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794563/; classtype:trojan-activity;sid:83657663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1e641k5y0iib409bcxgsvfch2_kot2ox4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794561/; classtype:trojan-activity;sid:83657661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server/ww12/appgate2103v01.exe"; depth:31; endswith; nocase; http.host; content:"193.233.132.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794559/; classtype:trojan-activity;sid:83657659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/buildz.exe"; depth:14; endswith; nocase; http.host; content:"sdfjhuz.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794529/; classtype:trojan-activity;sid:83657629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1bgnvdwftmltq_qrgwmaqql5u5qt0pvyb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793804/; classtype:trojan-activity;sid:83656904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1t36pjqs33b0q_k78zbmxjrlbrzkssrbu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793641/; classtype:trojan-activity;sid:83656741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1x6cd0z6l79ciefoo627uiws_6yscm_xn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793611/; classtype:trojan-activity;sid:83656711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yh5og8eg83ra9cu_6qfdqci_zxlknotl"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793607/; classtype:trojan-activity;sid:83656707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zagmuvra37yqn_pzyjur7q_gv8el4l5-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793601/; classtype:trojan-activity;sid:83656701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.55.98.253"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2793294/; classtype:trojan-activity;sid:83656394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assumendaipsam/point.exe"; depth:25; endswith; nocase; http.host; content:"ingatecsus.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2793285/; classtype:trojan-activity;sid:83656385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.55.98.253"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2793274/; classtype:trojan-activity;sid:83656374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/aofsqfmb7s"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2793233/; classtype:trojan-activity;sid:83656333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"65.51.229.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792876/; classtype:trojan-activity;sid:83655976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"65.51.229.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792844/; classtype:trojan-activity;sid:83655944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/760/044/original/new_image.jpg"; depth:42; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792800/; classtype:trojan-activity;sid:83655900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/760/043/full/new_image.jpg"; depth:38; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792798/; classtype:trojan-activity;sid:83655898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.105.159.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792751/; classtype:trojan-activity;sid:83655851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.54.98.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792575/; classtype:trojan-activity;sid:83655675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kioway.smi"; depth:20; endswith; nocase; http.host; content:"dnvk1.info"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792395/; classtype:trojan-activity;sid:83655495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wlbkszoxpvyovh65.bin"; depth:30; endswith; nocase; http.host; content:"dnvk1.info"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792394/; classtype:trojan-activity;sid:83655494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jtfjt2ttvt9mvnkr1xnsxojssean4xry"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792390/; classtype:trojan-activity;sid:83655490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ocskyx0o84gmgc9vx3yvmc9r2ryopsv9"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792389/; classtype:trojan-activity;sid:83655489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dxtyrb2uhdzfoecvsdnkpnkpr9lgejmn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792380/; classtype:trojan-activity;sid:83655480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1igdsbvkvctvgsjry1rmeojotnl9jbzsm"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792379/; classtype:trojan-activity;sid:83655479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1p5myromjprou5-vehst_hpzb7pbwagjw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792375/; classtype:trojan-activity;sid:83655475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2791887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wr.exe"; depth:7; endswith; nocase; http.host; content:"92.60.39.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2791887/; classtype:trojan-activity;sid:83654987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2791800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.81.108.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2791800/; classtype:trojan-activity;sid:83654900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.mips"; depth:11; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790708/; classtype:trojan-activity;sid:83653808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"167.86.68.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790703/; classtype:trojan-activity;sid:83653803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.index/scan.tar"; depth:16; endswith; nocase; http.host; content:"58.216.207.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr.sh"; depth:7; endswith; nocase; http.host; content:"92.60.39.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790577/; classtype:trojan-activity;sid:83653677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"92.60.39.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790576/; classtype:trojan-activity;sid:83653676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1v3jbapne_tx5mxdrzl6653nhp0vavggc"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790529/; classtype:trojan-activity;sid:83653629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rvq8pgkasyh7eicu7wn2_qp6isv2y2wf"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790532/; classtype:trojan-activity;sid:83653632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1m1lfr5wjwb9drg6ei-ycwhailqyfrwni"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790513/; classtype:trojan-activity;sid:83653613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1xoop133uf_qyhg-61tr5l1domkwkn0j5|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790512/; classtype:trojan-activity;sid:83653612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=18x-_ydaarhwgayekdpgl9e53aixtkfp-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790510/; classtype:trojan-activity;sid:83653610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1q5cjdgzphbzwuklpcb-lvnv88rrbfve_|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790507/; classtype:trojan-activity;sid:83653607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/7mifuctejb"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2790074/; classtype:trojan-activity;sid:83653174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gretmeet/nbc938sdu42/raw/main/test.exe"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789957/; classtype:trojan-activity;sid:83653057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/incoper887/tua/raw/main/build.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789955/; classtype:trojan-activity;sid:83653055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/hovi2pkz3f"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789941/; classtype:trojan-activity;sid:83653041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ugl_xjshxerwwbal1fatflznekorqco5"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789734/; classtype:trojan-activity;sid:83652834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.230.38.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789399/; classtype:trojan-activity;sid:83652499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.235.7.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789388/; classtype:trojan-activity;sid:83652488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1unbor4j4mhhegxtmwsiszyjbgpmq_tl_"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789148/; classtype:trojan-activity;sid:83652248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"198.55.111.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788866/; classtype:trojan-activity;sid:83651966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"109.74.12.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788863/; classtype:trojan-activity;sid:83651963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/288c47bbc1871b439df19ff4df68f000766.exe"; depth:40; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788832/; classtype:trojan-activity;sid:83651932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"173.255.238.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788365/; classtype:trojan-activity;sid:83651465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isetup10.exe"; depth:13; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788285/; classtype:trojan-activity;sid:83651385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; depth:57; endswith; nocase; http.host; content:"60.22.23.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"65.51.229.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787790/; classtype:trojan-activity;sid:83650890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rar.jpg"; depth:8; endswith; nocase; http.host; content:"51.38.95.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787775/; classtype:trojan-activity;sid:83650875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/345gdjxc.txt"; depth:13; endswith; nocase; http.host; content:"51.38.95.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787774/; classtype:trojan-activity;sid:83650874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hosam.rar"; depth:10; endswith; nocase; http.host; content:"51.38.95.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787773/; classtype:trojan-activity;sid:83650873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.235.7.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787186/; classtype:trojan-activity;sid:83650286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.235.7.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787172/; classtype:trojan-activity;sid:83650272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"94.205.212.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787027/; classtype:trojan-activity;sid:83650127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"65.49.44.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"201.249.174.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787025/; classtype:trojan-activity;sid:83650125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"104.223.90.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787026/; classtype:trojan-activity;sid:83650126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"212.113.35.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1udpahhkabfdjz32b558xh_lwxs0snowc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786866/; classtype:trojan-activity;sid:83649966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.70.203.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786838/; classtype:trojan-activity;sid:83649938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"47.101.206.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"83.96.147.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786672/; classtype:trojan-activity;sid:83649772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"46.44.203.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786665/; classtype:trojan-activity;sid:83649765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"61.43.116.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786660/; classtype:trojan-activity;sid:83649760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.202.0.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786659/; classtype:trojan-activity;sid:83649759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"2.42.168.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786649/; classtype:trojan-activity;sid:83649749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"2.187.19.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786651/; classtype:trojan-activity;sid:83649751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exploit.class"; depth:14; endswith; nocase; http.host; content:"39.98.107.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786332/; classtype:trojan-activity;sid:83649432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"39.98.107.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786333/; classtype:trojan-activity;sid:83649433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jndi-injection-exploit-1.0-snapshot-all.jar"; depth:44; endswith; nocase; http.host; content:"47.97.18.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786326/; classtype:trojan-activity;sid:83649426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exploit.java"; depth:13; endswith; nocase; http.host; content:"47.97.18.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786325/; classtype:trojan-activity;sid:83649425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jndi_injection_exploit%20.py"; depth:29; endswith; nocase; http.host; content:"47.97.18.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786322/; classtype:trojan-activity;sid:83649422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jndi_marshalsec.py"; depth:19; endswith; nocase; http.host; content:"47.97.18.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786323/; classtype:trojan-activity;sid:83649423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/build.exe"; depth:13; endswith; nocase; http.host; content:"sdfjhuz.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786048/; classtype:trojan-activity;sid:83649148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wtk/ckeditor/skins/.s/strscan.tgz"; depth:34; endswith; nocase; http.host; content:"62.21.103.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785751/; classtype:trojan-activity;sid:83648851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; depth:50; endswith; nocase; http.host; content:"www.blackhattoolz.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/updates/tinder%20bot.exe"; depth:35; endswith; nocase; http.host; content:"www.blackhattoolz.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/updates/tweeter%20traffic.exe"; depth:40; endswith; nocase; http.host; content:"blackhattoolz.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785443/; classtype:trojan-activity;sid:83648543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/updates/tweeter%20traffic.exe"; depth:40; endswith; nocase; http.host; content:"www.blackhattoolz.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785444/; classtype:trojan-activity;sid:83648544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.113.68.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785441/; classtype:trojan-activity;sid:83648541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ransomware.wannacry_plus.zip"; depth:29; endswith; nocase; http.host; content:"14.224.174.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785235/; classtype:trojan-activity;sid:83648335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/modelingtextbooks.exe"; depth:31; endswith; nocase; http.host; content:"www.osijek1862.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785170/; classtype:trojan-activity;sid:83648270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2784476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"158.255.82.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_16; reference:url, urlhaus.abuse.ch/url/2784476/; classtype:trojan-activity;sid:83647576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2784284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.236.160.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_16; reference:url, urlhaus.abuse.ch/url/2784284/; classtype:trojan-activity;sid:83647384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2784066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_15; reference:url, urlhaus.abuse.ch/url/2784066/; classtype:trojan-activity;sid:83647166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2783817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_15; reference:url, urlhaus.abuse.ch/url/2783817/; classtype:trojan-activity;sid:83646917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2783294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/test"; depth:7; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_15; reference:url, urlhaus.abuse.ch/url/2783294/; classtype:trojan-activity;sid:83646394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgc/wegame/miniloader/wegameminiloader.std.5.12.21.1022.exe"; depth:60; endswith; nocase; http.host; content:"dldir1.qq.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782942/; classtype:trojan-activity;sid:83646042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17c4755d1d45ed1bb454/8703634058188758823"; depth:41; endswith; nocase; http.host; content:"f24-zfcloud.zdn.vn"; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1cbzrekgr3qfqlniab3cpysqnzafff|3f|content_disposition=attachment|7c|3b|7c|filename=%22upload_20240311-130634.zip"; depth:119; endswith; nocase; http.host; content:"public.adobecc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782286/; classtype:trojan-activity;sid:83645386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/751/142/original/new_image.jpg"; depth:42; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782202/; classtype:trojan-activity;sid:83645302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/nss3.dll"; depth:26; endswith; nocase; http.host; content:"147.45.47.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782125/; classtype:trojan-activity;sid:83645225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"147.45.47.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782121/; classtype:trojan-activity;sid:83645221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"147.45.47.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782122/; classtype:trojan-activity;sid:83645222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"147.45.47.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782123/; classtype:trojan-activity;sid:83645223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"147.45.47.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782124/; classtype:trojan-activity;sid:83645224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"147.45.47.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782119/; classtype:trojan-activity;sid:83645219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"147.45.47.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782120/; classtype:trojan-activity;sid:83645220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"185.172.128.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782097/; classtype:trojan-activity;sid:83645197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2781666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.11.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2781666/; classtype:trojan-activity;sid:83644766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2781373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amad.exe"; depth:9; endswith; nocase; http.host; content:"185.172.128.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_12; reference:url, urlhaus.abuse.ch/url/2781373/; classtype:trojan-activity;sid:83644473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.exe"; depth:8; endswith; nocase; http.host; content:"185.172.128.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_12; reference:url, urlhaus.abuse.ch/url/2780572/; classtype:trojan-activity;sid:83643672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/753/713/original/new_image.jpg"; depth:42; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780271/; classtype:trojan-activity;sid:83643371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.72.39.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"oys0ro.static.otenet.gr"; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2779108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/288c47bbc1871b439df19ff4df68f00076.exe"; depth:39; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_10; reference:url, urlhaus.abuse.ch/url/2779108/; classtype:trojan-activity;sid:83642208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11"; depth:3; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777942/; classtype:trojan-activity;sid:83641042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.py"; depth:5; endswith; nocase; http.host; content:"193.93.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777824/; classtype:trojan-activity;sid:83640924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"193.93.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777823/; classtype:trojan-activity;sid:83640923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"193.93.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777822/; classtype:trojan-activity;sid:83640922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greenpackage.exe"; depth:17; endswith; nocase; http.host; content:"bitkiselurunsiparis.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777441/; classtype:trojan-activity;sid:83640541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/751/142/original/new_image.jpg|3f|1709551130"; depth:56; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777424/; classtype:trojan-activity;sid:83640524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.229.174.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_06; reference:url, urlhaus.abuse.ch/url/2776841/; classtype:trojan-activity;sid:83639941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junlionserto/dfgdbfgndbdsfbhry/raw/main/momsstiflersdgjboigfnbio.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776125/; classtype:trojan-activity;sid:83639225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junlionserto/dfbhdfioughfdsiu/raw/main/poolsdnkjfdbndklsnfgb.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776124/; classtype:trojan-activity;sid:83639224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/cheat.dll"; depth:17; endswith; nocase; http.host; content:"103.183.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776111/; classtype:trojan-activity;sid:83639211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/main.dll"; depth:16; endswith; nocase; http.host; content:"103.183.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776110/; classtype:trojan-activity;sid:83639210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/zverify.dll"; depth:19; endswith; nocase; http.host; content:"103.183.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776109/; classtype:trojan-activity;sid:83639209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/mhpverify.dll"; depth:21; endswith; nocase; http.host; content:"103.183.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776108/; classtype:trojan-activity;sid:83639208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm"; depth:9; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776051/; classtype:trojan-activity;sid:83639151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm7"; depth:10; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776052/; classtype:trojan-activity;sid:83639152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mips64"; depth:12; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776053/; classtype:trojan-activity;sid:83639153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm5"; depth:10; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776054/; classtype:trojan-activity;sid:83639154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mips"; depth:10; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776055/; classtype:trojan-activity;sid:83639155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm6"; depth:10; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776060/; classtype:trojan-activity;sid:83639160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.x86"; depth:9; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776044/; classtype:trojan-activity;sid:83639144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.m68k"; depth:10; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776045/; classtype:trojan-activity;sid:83639145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.ppc"; depth:9; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776046/; classtype:trojan-activity;sid:83639146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.sh4"; depth:9; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776049/; classtype:trojan-activity;sid:83639149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.spc"; depth:9; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776050/; classtype:trojan-activity;sid:83639150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mpsl"; depth:10; endswith; nocase; http.host; content:"20.205.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776042/; classtype:trojan-activity;sid:83639142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.arm5"; depth:11; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775708/; classtype:trojan-activity;sid:83638808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.m68k"; depth:11; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775709/; classtype:trojan-activity;sid:83638809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.arm6"; depth:11; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775710/; classtype:trojan-activity;sid:83638810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.arm"; depth:10; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775711/; classtype:trojan-activity;sid:83638811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.arm7"; depth:11; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775712/; classtype:trojan-activity;sid:83638812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.x86_64"; depth:13; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775713/; classtype:trojan-activity;sid:83638813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.mpsl"; depth:11; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775707/; classtype:trojan-activity;sid:83638807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.x86"; depth:10; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775704/; classtype:trojan-activity;sid:83638804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.ppc"; depth:10; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775705/; classtype:trojan-activity;sid:83638805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi.sh4"; depth:10; endswith; nocase; http.host; content:"103.116.52.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775706/; classtype:trojan-activity;sid:83638806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwefwe324234234rgeffwehtrwyrhtrhtqwfqwd31443wefefwwfer3232fewwefwefwefqgrqwtherergqefwefqweqfwqf32fefwsda/uploads/stlc"; depth:119; endswith; nocase; http.host; content:"licocojambamarketplace.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775568/; classtype:trojan-activity;sid:83638668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.229.174.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775377/; classtype:trojan-activity;sid:83638477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.174.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_03; reference:url, urlhaus.abuse.ch/url/2775218/; classtype:trojan-activity;sid:83638318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2774521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.174.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_02; reference:url, urlhaus.abuse.ch/url/2774521/; classtype:trojan-activity;sid:83637621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.229.174.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_02; reference:url, urlhaus.abuse.ch/url/2773880/; classtype:trojan-activity;sid:83636980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"162.219.216.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_01; reference:url, urlhaus.abuse.ch/url/2773685/; classtype:trojan-activity;sid:83636785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d21cbe21e38b385a41a68c5e6dd32f4c.exe"; depth:37; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_01; reference:url, urlhaus.abuse.ch/url/2773397/; classtype:trojan-activity;sid:83636497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.127.92.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_01; reference:url, urlhaus.abuse.ch/url/2773332/; classtype:trojan-activity;sid:83636432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/x.rar"; depth:11; endswith; nocase; http.host; content:"106.254.250.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/met111.sh"; depth:15; endswith; nocase; http.host; content:"106.254.250.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.219.216.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772612/; classtype:trojan-activity;sid:83635712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.219.216.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772590/; classtype:trojan-activity;sid:83635690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/yeuifgx7ja"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_28; reference:url, urlhaus.abuse.ch/url/2772424/; classtype:trojan-activity;sid:83635524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/pbuzwq44g7"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_28; reference:url, urlhaus.abuse.ch/url/2772425/; classtype:trojan-activity;sid:83635525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2770362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.121.20.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_25; reference:url, urlhaus.abuse.ch/url/2770362/; classtype:trojan-activity;sid:83633462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.169.197.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769618/; classtype:trojan-activity;sid:83632718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"75.183.98.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769194/; classtype:trojan-activity;sid:83632294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.188.216.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"209.42.55.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769196/; classtype:trojan-activity;sid:83632296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.198.199.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769198/; classtype:trojan-activity;sid:83632298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.194.8.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769199/; classtype:trojan-activity;sid:83632299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"199.114.228.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769192/; classtype:trojan-activity;sid:83632292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.153.218.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769186/; classtype:trojan-activity;sid:83632286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.199.220.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769181/; classtype:trojan-activity;sid:83632281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.78.106.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769173/; classtype:trojan-activity;sid:83632273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"64.64.152.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769164/; classtype:trojan-activity;sid:83632264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"64.140.100.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"65.132.139.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769166/; classtype:trojan-activity;sid:83632266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.190.56.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769159/; classtype:trojan-activity;sid:83632259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"73.36.136.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769161/; classtype:trojan-activity;sid:83632261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.183.54.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769162/; classtype:trojan-activity;sid:83632262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"68.230.16.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769150/; classtype:trojan-activity;sid:83632250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calendar/down/jeditor/jeditor.exe"; depth:34; endswith; nocase; http.host; content:"www.ojang.pe.kr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2767640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.169.197.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_22; reference:url, urlhaus.abuse.ch/url/2767640/; classtype:trojan-activity;sid:83630740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2767634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.169.197.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_22; reference:url, urlhaus.abuse.ch/url/2767634/; classtype:trojan-activity;sid:83630734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2767575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.120.230.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_22; reference:url, urlhaus.abuse.ch/url/2767575/; classtype:trojan-activity;sid:83630675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2024/e_r1.bmp"; depth:33; endswith; nocase; http.host; content:"catbaparadisehotel.com.vn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.tgz"; depth:12; endswith; nocase; http.host; content:"45.64.128.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765915/; classtype:trojan-activity;sid:83629015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2024/e_default.bmp"; depth:38; endswith; nocase; http.host; content:"catbaparadisehotel.com.vn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765274/; classtype:trojan-activity;sid:83628374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765264/; classtype:trojan-activity;sid:83628364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765265/; classtype:trojan-activity;sid:83628365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765266/; classtype:trojan-activity;sid:83628366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765267/; classtype:trojan-activity;sid:83628367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765268/; classtype:trojan-activity;sid:83628368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765269/; classtype:trojan-activity;sid:83628369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765270/; classtype:trojan-activity;sid:83628370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765271/; classtype:trojan-activity;sid:83628371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765272/; classtype:trojan-activity;sid:83628372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765273/; classtype:trojan-activity;sid:83628373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765257/; classtype:trojan-activity;sid:83628357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765258/; classtype:trojan-activity;sid:83628358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765259/; classtype:trojan-activity;sid:83628359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765260/; classtype:trojan-activity;sid:83628360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765261/; classtype:trojan-activity;sid:83628361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765262/; classtype:trojan-activity;sid:83628362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"cloud.zhifeiyi.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765263/; classtype:trojan-activity;sid:83628363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765256/; classtype:trojan-activity;sid:83628356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765247/; classtype:trojan-activity;sid:83628347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765248/; classtype:trojan-activity;sid:83628348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765249/; classtype:trojan-activity;sid:83628349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765250/; classtype:trojan-activity;sid:83628350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765251/; classtype:trojan-activity;sid:83628351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765252/; classtype:trojan-activity;sid:83628352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765253/; classtype:trojan-activity;sid:83628353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765254/; classtype:trojan-activity;sid:83628354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765255/; classtype:trojan-activity;sid:83628355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765243/; classtype:trojan-activity;sid:83628343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765244/; classtype:trojan-activity;sid:83628344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"netpay.51sfy.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765245/; classtype:trojan-activity;sid:83628345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765246/; classtype:trojan-activity;sid:83628346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765241/; classtype:trojan-activity;sid:83628341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765242/; classtype:trojan-activity;sid:83628342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765240/; classtype:trojan-activity;sid:83628340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765238/; classtype:trojan-activity;sid:83628338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765239/; classtype:trojan-activity;sid:83628339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0cbefcb1af40c7d4aff4aca26621a98.exe"; depth:37; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765158/; classtype:trojan-activity;sid:83628258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.120.230.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2764976/; classtype:trojan-activity;sid:83628076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/bflpscdni1"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764670/; classtype:trojan-activity;sid:83627770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jailtonoliveira301018/working/raw/main/visualizador.msi"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764586/; classtype:trojan-activity;sid:83627686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"158.255.82.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764518/; classtype:trojan-activity;sid:83627618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86_64"; depth:17; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.i686"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.mips"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.arm"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.spc"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.188.215.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764488/; classtype:trojan-activity;sid:83627588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"95.169.197.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764301/; classtype:trojan-activity;sid:83627401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pilgzi.exe"; depth:11; endswith; nocase; http.host; content:"filekg-download-01.fra1.cdn.digitaloceanspaces.com"; depth:50; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764194/; classtype:trojan-activity;sid:83627294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2760916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot"; depth:4; endswith; nocase; http.host; content:"91.121.47.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_14; reference:url, urlhaus.abuse.ch/url/2760916/; classtype:trojan-activity;sid:83624016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2760208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1idr2kutygbqp_loxqdocuzvjalp19zpp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2760208/; classtype:trojan-activity;sid:83623308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"147.45.47.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759986/; classtype:trojan-activity;sid:83623086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"147.45.47.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759987/; classtype:trojan-activity;sid:83623087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"147.45.47.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759983/; classtype:trojan-activity;sid:83623083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"147.45.47.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759984/; classtype:trojan-activity;sid:83623084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"147.45.47.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759985/; classtype:trojan-activity;sid:83623085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/nss3.dll"; depth:26; endswith; nocase; http.host; content:"147.45.47.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759980/; classtype:trojan-activity;sid:83623080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f244f7bc6ab2605/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"147.45.47.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759981/; classtype:trojan-activity;sid:83623081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ikun10.txt"; depth:11; endswith; nocase; http.host; content:"8.219.229.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759466/; classtype:trojan-activity;sid:83622566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload_x64.bin"; depth:16; endswith; nocase; http.host; content:"8.219.229.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759467/; classtype:trojan-activity;sid:83622567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload_x64.txt"; depth:16; endswith; nocase; http.host; content:"8.219.229.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759465/; classtype:trojan-activity;sid:83622565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/731/991/original/new_image.jpg"; depth:42; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758976/; classtype:trojan-activity;sid:83622076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/native.exe"; depth:11; endswith; nocase; http.host; content:"ns2.timecheck.ug"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758725/; classtype:trojan-activity;sid:83621825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdfg.exe"; depth:10; endswith; nocase; http.host; content:"ns2.timecheck.ug"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758723/; classtype:trojan-activity;sid:83621823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1xs8pro01qbtxyw-svqnnkvejhdsdmydt"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758716/; classtype:trojan-activity;sid:83621816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjkl.exe"; depth:10; endswith; nocase; http.host; content:"ns2.timecheck.ug"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758697/; classtype:trojan-activity;sid:83621797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sobaka212/n/releases/download/rr/dcratbuild.exe"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758306/; classtype:trojan-activity;sid:83621406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sobaka212/n/releases/download/rr/ce0b953269c74bc.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758301/; classtype:trojan-activity;sid:83621401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net.exe"; depth:8; endswith; nocase; http.host; content:"opesjk.ug"; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758275/; classtype:trojan-activity;sid:83621375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjk.exe"; depth:9; endswith; nocase; http.host; content:"opesjk.ug"; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758276/; classtype:trojan-activity;sid:83621376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/native.exe"; depth:11; endswith; nocase; http.host; content:"opesjk.ug"; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758274/; classtype:trojan-activity;sid:83621374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/native.exe"; depth:11; endswith; nocase; http.host; content:"mistitis.ug"; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758184/; classtype:trojan-activity;sid:83621284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdf.exe"; depth:9; endswith; nocase; http.host; content:"mistitis.ug"; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758181/; classtype:trojan-activity;sid:83621281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdfg.exe"; depth:10; endswith; nocase; http.host; content:"opsdjs.ug"; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758163/; classtype:trojan-activity;sid:83621263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjk.exe"; depth:9; endswith; nocase; http.host; content:"opsdjs.ug"; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758164/; classtype:trojan-activity;sid:83621264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjkl.exe"; depth:10; endswith; nocase; http.host; content:"opsdjs.ug"; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758162/; classtype:trojan-activity;sid:83621262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net.exe"; depth:8; endswith; nocase; http.host; content:"hubvera.ac.ug"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758151/; classtype:trojan-activity;sid:83621251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjkl.exe"; depth:10; endswith; nocase; http.host; content:"marksidfgs.ug"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758152/; classtype:trojan-activity;sid:83621252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net.exe"; depth:8; endswith; nocase; http.host; content:"marksidfgs.ug"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758153/; classtype:trojan-activity;sid:83621253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjk.exe"; depth:9; endswith; nocase; http.host; content:"lastimaners.ug"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758154/; classtype:trojan-activity;sid:83621254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdfg.exe"; depth:10; endswith; nocase; http.host; content:"hubvera.ac.ug"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758155/; classtype:trojan-activity;sid:83621255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdf.exe"; depth:9; endswith; nocase; http.host; content:"hubvera.ac.ug"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758156/; classtype:trojan-activity;sid:83621256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mobileanjian.apk"; depth:17; endswith; nocase; http.host; content:"103.6.5.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mcafee.zip"; depth:11; endswith; nocase; http.host; content:"immobilien-spektrum.de"; depth:22; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757961/; classtype:trojan-activity;sid:83621061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/native.exe"; depth:11; endswith; nocase; http.host; content:"91.215.85.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757874/; classtype:trojan-activity;sid:83620974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net.exe"; depth:8; endswith; nocase; http.host; content:"91.215.85.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757869/; classtype:trojan-activity;sid:83620969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjkl.exe"; depth:10; endswith; nocase; http.host; content:"91.215.85.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757870/; classtype:trojan-activity;sid:83620970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxcvb.exe"; depth:10; endswith; nocase; http.host; content:"91.215.85.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757871/; classtype:trojan-activity;sid:83620971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghjk.exe"; depth:9; endswith; nocase; http.host; content:"91.215.85.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757872/; classtype:trojan-activity;sid:83620972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdfg.exe"; depth:10; endswith; nocase; http.host; content:"91.215.85.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757873/; classtype:trojan-activity;sid:83620973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdf.exe"; depth:9; endswith; nocase; http.host; content:"91.215.85.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757867/; classtype:trojan-activity;sid:83620967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.150.231.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_06; reference:url, urlhaus.abuse.ch/url/2757722/; classtype:trojan-activity;sid:83620822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=16ytdh6yhfsrndhg_xczmgzjkuvwdt25r"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_06; reference:url, urlhaus.abuse.ch/url/2757470/; classtype:trojan-activity;sid:83620570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.150.231.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757163/; classtype:trojan-activity;sid:83620263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.150.231.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757155/; classtype:trojan-activity;sid:83620255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757154/; classtype:trojan-activity;sid:83620254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.202.217.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757090/; classtype:trojan-activity;sid:83620190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.202.217.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757076/; classtype:trojan-activity;sid:83620176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2756454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.160.191.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_04; reference:url, urlhaus.abuse.ch/url/2756454/; classtype:trojan-activity;sid:83619554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timesync.exe"; depth:13; endswith; nocase; http.host; content:"185.172.128.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754939/; classtype:trojan-activity;sid:83618039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.i686"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.spc"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.mips"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.arm"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86_64"; depth:17; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uqg1nqa_xwers1_ysieimfiz-pnax2qw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754749/; classtype:trojan-activity;sid:83617849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo/1.jpg"; depth:12; endswith; nocase; http.host; content:"mmtplonline.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754663/; classtype:trojan-activity;sid:83617763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackwardev/globalnet/raw/main/files/pc/user%20oobe%20broker.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754083/; classtype:trojan-activity;sid:83617183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackwardev/globalnet/raw/main/files/pc/presentationfontcache.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754082/; classtype:trojan-activity;sid:83617182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackwardev/globalnet/raw/main/files/pc/igfxcuiservice%20module.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754081/; classtype:trojan-activity;sid:83617181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2753159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2753159/; classtype:trojan-activity;sid:83616259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/view/ta.sh"; depth:15; endswith; nocase; http.host; content:"118.26.174.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2752947/; classtype:trojan-activity;sid:83616047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752721/; classtype:trojan-activity;sid:83615821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/build6_unencrypted.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752434/; classtype:trojan-activity;sid:83615534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752411/; classtype:trojan-activity;sid:83615511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neverhodeqqp/dskas77/raw/main/dsdasda.exe"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752294/; classtype:trojan-activity;sid:83615394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.236.93.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752247/; classtype:trojan-activity;sid:83615347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"150.117.7.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752238/; classtype:trojan-activity;sid:83615338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gzckgqlufkfpmlzsd4dlrp8-nrdeju1w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751248/; classtype:trojan-activity;sid:83614348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ppxxpduwoj"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751162/; classtype:trojan-activity;sid:83614262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1mt_cjlvidpxmet7lztiurw3cvorkobep"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751044/; classtype:trojan-activity;sid:83614144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/miner-xmr1.exe"; depth:19; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_23; reference:url, urlhaus.abuse.ch/url/2750705/; classtype:trojan-activity;sid:83613805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_23; reference:url, urlhaus.abuse.ch/url/2750696/; classtype:trojan-activity;sid:83613796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firstz.exe"; depth:11; endswith; nocase; http.host; content:"185.172.128.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_23; reference:url, urlhaus.abuse.ch/url/2750618/; classtype:trojan-activity;sid:83613718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/first.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_22; reference:url, urlhaus.abuse.ch/url/2750554/; classtype:trojan-activity;sid:83613654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/penanosd/water/releases/download/code/dvchost.exe"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2750092/; classtype:trojan-activity;sid:83613192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/code/dl/bsoe"; depth:13; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2750042/; classtype:trojan-activity;sid:83613142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/windows.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749981/; classtype:trojan-activity;sid:83613081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/eszop.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749973/; classtype:trojan-activity;sid:83613073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/wefhrf.exe"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749975/; classtype:trojan-activity;sid:83613075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bo"; depth:3; endswith; nocase; http.host; content:"91.121.47.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_19; reference:url, urlhaus.abuse.ch/url/2749528/; classtype:trojan-activity;sid:83612628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adobe_acrobat_installer.7z"; depth:27; endswith; nocase; http.host; content:"pub-97694a1358de4edbb16efd939f516a29.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749345/; classtype:trojan-activity;sid:83612445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/iesxjvp9nc"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749314/; classtype:trojan-activity;sid:83612414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lrviuk1wka4di3qh7ach-b7m1ics2hbp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749054/; classtype:trojan-activity;sid:83612154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/2.3.1.1.exe"; depth:17; endswith; nocase; http.host; content:"ummotosmexico.mx"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2748952/; classtype:trojan-activity;sid:83612052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748834/; classtype:trojan-activity;sid:83611934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/client-built.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748820/; classtype:trojan-activity;sid:83611920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kseniakucherksenia/.github.io/raw/main/cayv0deo9jst417.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748808/; classtype:trojan-activity;sid:83611908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kseniakucherksenia/.github.io/main/cayv0deo9jst417.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748809/; classtype:trojan-activity;sid:83611909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rqhgsr779gyzvi15p-bmkx8txq4bj-yi"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748350/; classtype:trojan-activity;sid:83611450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1u-vaalebjnomuhbyimsdjqctjqfyiwna"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747826/; classtype:trojan-activity;sid:83610926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ff79_1umnp7iyibpg169gupnkiz0zfr_"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747824/; classtype:trojan-activity;sid:83610924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=16cxnfwhckhznnkons3bjuyy-qnq0e7bn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747822/; classtype:trojan-activity;sid:83610922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.210.28.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_09; reference:url, urlhaus.abuse.ch/url/2747531/; classtype:trojan-activity;sid:83610631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/dbxah8sw1f"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747416/; classtype:trojan-activity;sid:83610516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"96.18.165.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747323/; classtype:trojan-activity;sid:83610423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.165.120.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_07; reference:url, urlhaus.abuse.ch/url/2747088/; classtype:trojan-activity;sid:83610188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.180.35.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lin"; depth:4; endswith; nocase; http.host; content:"configure.syscatec.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746354/; classtype:trojan-activity;sid:83609454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test2.doc"; depth:10; endswith; nocase; http.host; content:"configure.syscatec.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746353/; classtype:trojan-activity;sid:83609453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test3.doc"; depth:10; endswith; nocase; http.host; content:"configure.syscatec.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746352/; classtype:trojan-activity;sid:83609452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.82.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_03; reference:url, urlhaus.abuse.ch/url/2746190/; classtype:trojan-activity;sid:83609290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2745413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hv.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.32"; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_31; reference:url, urlhaus.abuse.ch/url/2745413/; classtype:trojan-activity;sid:83608513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2745230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.213.235.2"; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_30; reference:url, urlhaus.abuse.ch/url/2745230/; classtype:trojan-activity;sid:83608330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2745073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.111.184.77"; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_29; reference:url, urlhaus.abuse.ch/url/2745073/; classtype:trojan-activity;sid:83608173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24/b.jpg"; depth:9; endswith; nocase; http.host; content:"185.16.38.38"; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_27; reference:url, urlhaus.abuse.ch/url/2744609/; classtype:trojan-activity;sid:83607709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.149.127.214"; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744516/; classtype:trojan-activity;sid:83607616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ama.exe"; depth:8; endswith; nocase; http.host; content:"185.172.128.32"; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744395/; classtype:trojan-activity;sid:83607495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.91.54.34"; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_25; reference:url, urlhaus.abuse.ch/url/2744370/; classtype:trojan-activity;sid:83607470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.193.21.48"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_24; reference:url, urlhaus.abuse.ch/url/2744000/; classtype:trojan-activity;sid:83607100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it-alert-2023/update/downloads/sns_24.apk"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_21; reference:url, urlhaus.abuse.ch/url/2743125/; classtype:trojan-activity;sid:83606225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.32"; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_21; reference:url, urlhaus.abuse.ch/url/2742875/; classtype:trojan-activity;sid:83605975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cp.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.32"; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_21; reference:url, urlhaus.abuse.ch/url/2742874/; classtype:trojan-activity;sid:83605974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.129.147.4"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742584/; classtype:trojan-activity;sid:83605684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fra1zz1337/stealer/releases/download/stealer/creal.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742506/; classtype:trojan-activity;sid:83605606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewm/installerengine.zip"; depth:26; endswith; nocase; http.host; content:"lestandardsarl.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_12_18; reference:url, urlhaus.abuse.ch/url/2741760/; classtype:trojan-activity;sid:83604860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testing77777/appdevlompent55555555/downloads/v2.exe"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2741199/; classtype:trojan-activity;sid:83604299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testing77777/appdevlompent55555555/downloads/m5traider.exe"; depth:59; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2741198/; classtype:trojan-activity;sid:83604298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.85.48.31"; depth:11; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2740641/; classtype:trojan-activity;sid:83603741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; depth:50; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.91.182.4"; depth:11; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740068/; classtype:trojan-activity;sid:83603168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.131.104.3"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740061/; classtype:trojan-activity;sid:83603161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miner.py"; depth:9; endswith; nocase; http.host; content:"172.105.29.23"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_11; reference:url, urlhaus.abuse.ch/url/2739667/; classtype:trojan-activity;sid:83602767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keylogger.py"; depth:13; endswith; nocase; http.host; content:"172.105.29.23"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_11; reference:url, urlhaus.abuse.ch/url/2739660/; classtype:trojan-activity;sid:83602760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cp.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.8"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_11; reference:url, urlhaus.abuse.ch/url/2739592/; classtype:trojan-activity;sid:83602692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ama.exe"; depth:8; endswith; nocase; http.host; content:"185.172.128.8"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_11; reference:url, urlhaus.abuse.ch/url/2739361/; classtype:trojan-activity;sid:83602461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logos/255_cokhxxskpuo"; depth:22; endswith; nocase; http.host; content:"www.eastconsults.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_12_10; reference:url, urlhaus.abuse.ch/url/2739318/; classtype:trojan-activity;sid:83602418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/fort.rar"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_10; reference:url, urlhaus.abuse.ch/url/2739307/; classtype:trojan-activity;sid:83602407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.8"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_10; reference:url, urlhaus.abuse.ch/url/2739139/; classtype:trojan-activity;sid:83602239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hv.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.8"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_08; reference:url, urlhaus.abuse.ch/url/2738927/; classtype:trojan-activity;sid:83602027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pinguin.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.121"; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_08; reference:url, urlhaus.abuse.ch/url/2738687/; classtype:trojan-activity;sid:83601787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kyango01/steam/raw/main/soft.exe"; depth:33; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_07; reference:url, urlhaus.abuse.ch/url/2738412/; classtype:trojan-activity;sid:83601512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pinguin.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.113"; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_04; reference:url, urlhaus.abuse.ch/url/2737506/; classtype:trojan-activity;sid:83600606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ld17s2rgt9"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_12_04; reference:url, urlhaus.abuse.ch/url/2737343/; classtype:trojan-activity;sid:83600443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"185.172.128.121"; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_04; reference:url, urlhaus.abuse.ch/url/2737094/; classtype:trojan-activity;sid:83600194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ama.exe"; depth:8; endswith; nocase; http.host; content:"185.172.128.121"; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737075/; classtype:trojan-activity;sid:83600175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cp.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.121"; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737076/; classtype:trojan-activity;sid:83600176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.121"; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737077/; classtype:trojan-activity;sid:83600177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/kidi.rar"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737035/; classtype:trojan-activity;sid:83600135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/kiddions_menu.rar"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737036/; classtype:trojan-activity;sid:83600136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"108.6.184.196"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_02; reference:url, urlhaus.abuse.ch/url/2736664/; classtype:trojan-activity;sid:83599764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautata-hacks/download/downloads/kiddions_menu.rar"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_01; reference:url, urlhaus.abuse.ch/url/2736560/; classtype:trojan-activity;sid:83599660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.113"; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_01; reference:url, urlhaus.abuse.ch/url/2736511/; classtype:trojan-activity;sid:83599611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/fortnite_hack.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_30; reference:url, urlhaus.abuse.ch/url/2736424/; classtype:trojan-activity;sid:83599524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hv.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.113"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_30; reference:url, urlhaus.abuse.ch/url/2736337/; classtype:trojan-activity;sid:83599437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/"; depth:3; endswith; nocase; http.host; content:"202.79.169.52"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_29; reference:url, urlhaus.abuse.ch/url/2736281/; classtype:trojan-activity;sid:83599381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inseller31/loverskit1/downloads/fort.rar"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_28; reference:url, urlhaus.abuse.ch/url/2735895/; classtype:trojan-activity;sid:83598995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/kiddions_menu.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_28; reference:url, urlhaus.abuse.ch/url/2735896/; classtype:trojan-activity;sid:83598996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1pgpjkox9-ztieqrellytrhuk9bykwmfj"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735589/; classtype:trojan-activity;sid:83598689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1qvag-koyy2l8h5lwvaeaw35hnuwbm3xo"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735584/; classtype:trojan-activity;sid:83598684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cp.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.160"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735404/; classtype:trojan-activity;sid:83598504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chdyz/chdyz.dll"; depth:16; endswith; nocase; http.host; content:"47.110.247.171"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735400/; classtype:trojan-activity;sid:83598500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chdyz/chdyz.exe"; depth:16; endswith; nocase; http.host; content:"47.110.247.171"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735399/; classtype:trojan-activity;sid:83598499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.160"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735378/; classtype:trojan-activity;sid:83598478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hv.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.160"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735280/; classtype:trojan-activity;sid:83598380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/store.txt"; depth:27; endswith; nocase; http.host; content:"www.globallaborsupply.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2735077/; classtype:trojan-activity;sid:83598177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lti_ruby/av/development/insertionsortpro.js"; depth:44; endswith; nocase; http.host; content:"lti.cs.vt.edu"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734988/; classtype:trojan-activity;sid:83598088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wei"; depth:4; endswith; nocase; http.host; content:"80.68.196.6"; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734983/; classtype:trojan-activity;sid:83598083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"114.67.217.170"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734982/; classtype:trojan-activity;sid:83598082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vendor/bin/nobody/clean.it"; depth:27; endswith; nocase; http.host; content:"xiangshunjy.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/404"; depth:4; endswith; nocase; http.host; content:"31.184.194.114"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=17bsqdb9hpmi35bdhkfrcxc41lgj02zd3|7c|26|7c|export=download"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2734870/; classtype:trojan-activity;sid:83597970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"51.182.145.71"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733770/; classtype:trojan-activity;sid:83596870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.139.249.103"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ama.exe"; depth:8; endswith; nocase; http.host; content:"185.172.128.154"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733669/; classtype:trojan-activity;sid:83596769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"162.199.220.67"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733665/; classtype:trojan-activity;sid:83596765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cp.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.154"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_21; reference:url, urlhaus.abuse.ch/url/2733619/; classtype:trojan-activity;sid:83596719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hv.exe"; depth:7; endswith; nocase; http.host; content:"185.172.128.154"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_21; reference:url, urlhaus.abuse.ch/url/2733618/; classtype:trojan-activity;sid:83596718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/oguv3ega7u"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_21; reference:url, urlhaus.abuse.ch/url/2733255/; classtype:trojan-activity;sid:83596355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"163.47.209.166"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_18; reference:url, urlhaus.abuse.ch/url/2731873/; classtype:trojan-activity;sid:83594973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.exe"; depth:11; endswith; nocase; http.host; content:"muzzumilruheel.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_11_17; reference:url, urlhaus.abuse.ch/url/2731428/; classtype:trojan-activity;sid:83594528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.165.209.73"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/kiddions_mod_menu.rar"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731319/; classtype:trojan-activity;sid:83594419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.240.193.184"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731257/; classtype:trojan-activity;sid:83594357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recovery.dat"; depth:13; endswith; nocase; http.host; content:"185.172.128.11"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_14; reference:url, urlhaus.abuse.ch/url/2730593/; classtype:trojan-activity;sid:83593693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j-18/"; depth:6; endswith; nocase; http.host; content:"134.122.184.3"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729677/; classtype:trojan-activity;sid:83592777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/"; depth:3; endswith; nocase; http.host; content:"202.79.172.110"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729649/; classtype:trojan-activity;sid:83592749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j-3/"; depth:5; endswith; nocase; http.host; content:"202.79.172.110"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729643/; classtype:trojan-activity;sid:83592743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j-5/"; depth:5; endswith; nocase; http.host; content:"202.79.172.93"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729641/; classtype:trojan-activity;sid:83592741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/"; depth:3; endswith; nocase; http.host; content:"202.79.172.93"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729642/; classtype:trojan-activity;sid:83592742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns3.jpg"; depth:8; endswith; nocase; http.host; content:"sos.vivi.sg"; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729115/; classtype:trojan-activity;sid:83592215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jmvlc342a-9khhwqofk1aticown34bxe"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728916/; classtype:trojan-activity;sid:83592016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.238.231.91"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728877/; classtype:trojan-activity;sid:83591977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/butw0ld4oq"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_02; reference:url, urlhaus.abuse.ch/url/2727082/; classtype:trojan-activity;sid:83590182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/0/uc|3f|id=1r8ha5a1gtjvb-3-1be7hpndhbv5yyonu|7c|26|7c|export=download"; depth:72; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726929/; classtype:trojan-activity;sid:83590029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/0/uc|3f|id=1b-v5hs5zslhno9kxookgyibbczphiv_m|7c|26|7c|export=download"; depth:72; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726928/; classtype:trojan-activity;sid:83590028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/0/uc|3f|id=1txdqckk-lg72vbxwzaisonda3smn8tg8|7c|26|7c|export=download"; depth:72; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726927/; classtype:trojan-activity;sid:83590027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1heka7sgmbcessdhxtvmfwxownz7sipbb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726917/; classtype:trojan-activity;sid:83590017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zte2ty_wldnnepgomzi6zqqad7moc4kk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726789/; classtype:trojan-activity;sid:83589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1cz1lqyxis4wvr7nlc71ukekxyhj5xu-l"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726774/; classtype:trojan-activity;sid:83589874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/0/uc|3f|id=1apbgg8cyhbx3l2qaezfjnk9krbmumfbf|7c|26|7c|export=download"; depth:72; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726693/; classtype:trojan-activity;sid:83589793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.15.176.254"; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726576/; classtype:trojan-activity;sid:83589676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; depth:56; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/bxsdhvfnrn"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726062/; classtype:trojan-activity;sid:83589162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2725971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ctnmusyjuqkrxgvd6uph5ttb4-sb1zxr"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2725971/; classtype:trojan-activity;sid:83589071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"101.58.83.134"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_24; reference:url, urlhaus.abuse.ch/url/2724595/; classtype:trojan-activity;sid:83587695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.91.96.123"; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_24; reference:url, urlhaus.abuse.ch/url/2724594/; classtype:trojan-activity;sid:83587694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.187.36.184"; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2724547/; classtype:trojan-activity;sid:83587647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2723186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nx37rcyoclifch3waaddhuzclyj4ouue"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2723186/; classtype:trojan-activity;sid:83586286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.238.228.206"; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_21; reference:url, urlhaus.abuse.ch/url/2722769/; classtype:trojan-activity;sid:83585869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.213.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_21; reference:url, urlhaus.abuse.ch/url/2722771/; classtype:trojan-activity;sid:83585871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avatar.jpg"; depth:11; endswith; nocase; http.host; content:"ircftp.net"; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722704/; classtype:trojan-activity;sid:83585804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/chromium/launcherchromium.zip"; depth:33; endswith; nocase; http.host; content:"hwthurmann.de"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_18; reference:url, urlhaus.abuse.ch/url/2722025/; classtype:trojan-activity;sid:83585125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2721818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.181.0.146"; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_18; reference:url, urlhaus.abuse.ch/url/2721818/; classtype:trojan-activity;sid:83584918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/chromium/launcherchromium.zip"; depth:33; endswith; nocase; http.host; content:"hwthurmann.de"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720834/; classtype:trojan-activity;sid:83583934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.219.163.148"; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720692/; classtype:trojan-activity;sid:83583792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.210.35.140"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720676/; classtype:trojan-activity;sid:83583776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"60.246.119.253"; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720518/; classtype:trojan-activity;sid:83583618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.213.157.76"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720427/; classtype:trojan-activity;sid:83583527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.182.115.211"; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_13; reference:url, urlhaus.abuse.ch/url/2719604/; classtype:trojan-activity;sid:83582704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jxxc4l7icdzs0zx0iz7hayfglrujm8ro"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_11; reference:url, urlhaus.abuse.ch/url/2719281/; classtype:trojan-activity;sid:83582381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1gwsdcu5mxxo0oq3kiaerlwqqcpxbg74p|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_11; reference:url, urlhaus.abuse.ch/url/2719171/; classtype:trojan-activity;sid:83582271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2718468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/1lkc5ccspw"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_09; reference:url, urlhaus.abuse.ch/url/2718468/; classtype:trojan-activity;sid:83581568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2718427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/cgeahsl8f7"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_09; reference:url, urlhaus.abuse.ch/url/2718427/; classtype:trojan-activity;sid:83581527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2718028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/milahajobffo2308200014bloneysh3ak1112700documentsfor40222pkgsand5462000kgchainlinktotal.zip"; depth:101; endswith; nocase; http.host; content:"www.kalp-s.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_08; reference:url, urlhaus.abuse.ch/url/2718028/; classtype:trojan-activity;sid:83581128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/fortnite_cheat.rar"; depth:63; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717655/; classtype:trojan-activity;sid:83580755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1nmo38gwdllgzyd-hnhpvh9gq81wetj3x|7c|26|7c|export=download"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717652/; classtype:trojan-activity;sid:83580752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.92.126.73"; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717636/; classtype:trojan-activity;sid:83580736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112s"; depth:5; endswith; nocase; http.host; content:"43.249.172.195"; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2716462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"75.88.251.198"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_04; reference:url, urlhaus.abuse.ch/url/2716462/; classtype:trojan-activity;sid:83579562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12zhu5cy9mntlhoz9fq7v9q_-xi-iozmj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_02; reference:url, urlhaus.abuse.ch/url/2715888/; classtype:trojan-activity;sid:83578988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1-5tfbyc52tepabxjdszg1dcqgaizf0m6"; depth:98; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715548/; classtype:trojan-activity;sid:83578648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112"; depth:4; endswith; nocase; http.host; content:"43.249.172.195"; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714956/; classtype:trojan-activity;sid:83578056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.65.41.210"; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713260/; classtype:trojan-activity;sid:83576360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.131.101.80"; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713150/; classtype:trojan-activity;sid:83576250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1re8ewllfl3pjf1m1ywjwjwbitzqqmhjs|7c|26|7c|export=download"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_20; reference:url, urlhaus.abuse.ch/url/2712695/; classtype:trojan-activity;sid:83575795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/test.exe"; depth:14; endswith; nocase; http.host; content:"pouya.blob.core.windows.net"; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_19; reference:url, urlhaus.abuse.ch/url/2712484/; classtype:trojan-activity;sid:83575584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.126.203.159"; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_18; reference:url, urlhaus.abuse.ch/url/2712386/; classtype:trojan-activity;sid:83575486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2710466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//cryps/q9/dll3f3.txt"; depth:21; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_08; reference:url, urlhaus.abuse.ch/url/2710466/; classtype:trojan-activity;sid:83573566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2710464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//cryps/q9/pef3.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_08; reference:url, urlhaus.abuse.ch/url/2710464/; classtype:trojan-activity;sid:83573564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/!api/2.0/snippets/mounmeinlylo/6qaezk/68ca2fb6aac2a81f027f3153f0d611c70af8c116/files/file"; depth:90; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_30; reference:url, urlhaus.abuse.ch/url/2708293/; classtype:trojan-activity;sid:83571393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1ekcinmskddduir6reyjrjyzvcyw-1idj|7c|26|7c|export=download"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_30; reference:url, urlhaus.abuse.ch/url/2708266/; classtype:trojan-activity;sid:83571366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2707814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"108.190.56.144"; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_28; reference:url, urlhaus.abuse.ch/url/2707814/; classtype:trojan-activity;sid:83570914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2707384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/!api/2.0/snippets/mounmeinlylo/6qano5/2aa998bdd45ea12f5552d98e8e28825a5a95cc86/files/file"; depth:90; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_26; reference:url, urlhaus.abuse.ch/url/2707384/; classtype:trojan-activity;sid:83570484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2706939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/!api/2.0/snippets/mounmeinlylo/bqaeer/5b924a1aa7fee2cb51377a9085ed3793f6a749a7/files/file"; depth:90; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_25; reference:url, urlhaus.abuse.ch/url/2706939/; classtype:trojan-activity;sid:83570039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"90.68.161.157"; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_20; reference:url, urlhaus.abuse.ch/url/2705628/; classtype:trojan-activity;sid:83568728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.158.121.3"; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_17; reference:url, urlhaus.abuse.ch/url/2705125/; classtype:trojan-activity;sid:83568225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.143.220.159"; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_15; reference:url, urlhaus.abuse.ch/url/2704717/; classtype:trojan-activity;sid:83567817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.36.68.156"; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2703942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.126.203.159"; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_11; reference:url, urlhaus.abuse.ch/url/2703942/; classtype:trojan-activity;sid:83567042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2699237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.135.142.235"; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_05; reference:url, urlhaus.abuse.ch/url/2699237/; classtype:trojan-activity;sid:83562337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2695319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.214.56.234"; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2695319/; classtype:trojan-activity;sid:83558419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/housenetshare.exe"; depth:18; endswith; nocase; http.host; content:"stdown.dinju.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asas.exe"; depth:9; endswith; nocase; http.host; content:"vmi1159541.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2023_07_29; reference:url, urlhaus.abuse.ch/url/2692122/; classtype:trojan-activity;sid:83555222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elevator.exe"; depth:13; endswith; nocase; http.host; content:"vmi1159541.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2023_07_29; reference:url, urlhaus.abuse.ch/url/2692120/; classtype:trojan-activity;sid:83555220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/robluxcoins.exe"; depth:16; endswith; nocase; http.host; content:"vmi1159541.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2023_07_29; reference:url, urlhaus.abuse.ch/url/2692121/; classtype:trojan-activity;sid:83555221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2691805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.214.56.231"; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_28; reference:url, urlhaus.abuse.ch/url/2691805/; classtype:trojan-activity;sid:83554905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2689489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jvqaqhw3wrdy09sf69rsggxmk_jl7lz5"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_25; reference:url, urlhaus.abuse.ch/url/2689489/; classtype:trojan-activity;sid:83552589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.194.46.204"; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.exe"; depth:8; endswith; nocase; http.host; content:"resourceedge.org"; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687872/; classtype:trojan-activity;sid:83550972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elevator.exe"; depth:13; endswith; nocase; http.host; content:"209.145.51.44"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687497/; classtype:trojan-activity;sid:83550597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asas.exe"; depth:9; endswith; nocase; http.host; content:"209.145.51.44"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687498/; classtype:trojan-activity;sid:83550598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.153.218.165"; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_21; reference:url, urlhaus.abuse.ch/url/2687083/; classtype:trojan-activity;sid:83550183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2685030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1kavuowl0c1mms_vtxozw-cwq7hwto0el|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2685030/; classtype:trojan-activity;sid:83548130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2684828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.100.50.137"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2684828/; classtype:trojan-activity;sid:83547928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2682047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yfrfklulpjtnvv25.bin"; depth:21; endswith; nocase; http.host; content:"diclegrup.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_13; reference:url, urlhaus.abuse.ch/url/2682047/; classtype:trojan-activity;sid:83545147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2679173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"68.230.16.241"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_09; reference:url, urlhaus.abuse.ch/url/2679173/; classtype:trojan-activity;sid:83542273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/sp/q2s.txt"; depth:22; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678669/; classtype:trojan-activity;sid:83541769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/rmz.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678670/; classtype:trojan-activity;sid:83541770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/t3.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678671/; classtype:trojan-activity;sid:83541771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/q7/dllf3.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678672/; classtype:trojan-activity;sid:83541772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/green/rx/nuevadll.txt"; depth:22; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678673/; classtype:trojan-activity;sid:83541773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/r.txt"; depth:17; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678674/; classtype:trojan-activity;sid:83541774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/q7/qwer/dllf3.txt"; depth:24; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678675/; classtype:trojan-activity;sid:83541775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/q7.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678676/; classtype:trojan-activity;sid:83541776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/rm.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678677/; classtype:trojan-activity;sid:83541777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/new24/dllf3.txt"; depth:28; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678655/; classtype:trojan-activity;sid:83541755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/new25/crypdas.txt"; depth:30; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678656/; classtype:trojan-activity;sid:83541756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/lx6.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678657/; classtype:trojan-activity;sid:83541757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/new23/pef3.txt"; depth:27; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678658/; classtype:trojan-activity;sid:83541758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/new24/pe03.txt"; depth:27; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678659/; classtype:trojan-activity;sid:83541759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/ny1.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678660/; classtype:trojan-activity;sid:83541760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/sp/mc/bandi99.txt"; depth:29; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678661/; classtype:trojan-activity;sid:83541761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/nx.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678662/; classtype:trojan-activity;sid:83541762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/zx2.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678663/; classtype:trojan-activity;sid:83541763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/njx.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678664/; classtype:trojan-activity;sid:83541764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/arrw.txt"; depth:20; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678665/; classtype:trojan-activity;sid:83541765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/async.txt"; depth:21; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678666/; classtype:trojan-activity;sid:83541766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/masterxls/dll.txt"; depth:30; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678667/; classtype:trojan-activity;sid:83541767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/q1.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678668/; classtype:trojan-activity;sid:83541768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/q7/qwer/pef3.txt"; depth:23; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678648/; classtype:trojan-activity;sid:83541748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/q7/pef3.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678649/; classtype:trojan-activity;sid:83541749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/masterxls/pef3new.txt"; depth:34; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678650/; classtype:trojan-activity;sid:83541750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/sp/nxj.txt"; depth:22; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678651/; classtype:trojan-activity;sid:83541751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/nj.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678652/; classtype:trojan-activity;sid:83541752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/arhvn.txt"; depth:21; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678653/; classtype:trojan-activity;sid:83541753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/l8.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678654/; classtype:trojan-activity;sid:83541754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/new24/dllf3.txt"; depth:28; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678620/; classtype:trojan-activity;sid:83541720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/new24/pe03.txt"; depth:27; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678615/; classtype:trojan-activity;sid:83541715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/mofers/njz.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678616/; classtype:trojan-activity;sid:83541716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.234.203.16"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678477/; classtype:trojan-activity;sid:83541577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/project_8.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2677015/; classtype:trojan-activity;sid:83540115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/qmydsnl.dll"; depth:28; endswith; nocase; http.host; content:"lostheaven.com.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676880/; classtype:trojan-activity;sid:83539980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/apctntoca.bmp"; depth:30; endswith; nocase; http.host; content:"lostheaven.com.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676879/; classtype:trojan-activity;sid:83539979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uh8squz6doag3ywzn7rpx0k5jfze9r6d"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_03; reference:url, urlhaus.abuse.ch/url/2675825/; classtype:trojan-activity;sid:83538925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.87.5.2"; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2674155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samesaaa/123/downloads/tjeajweeeh.exe"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_30; reference:url, urlhaus.abuse.ch/url/2674155/; classtype:trojan-activity;sid:83537255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2672273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/0/uc|3f|id=1vi2wqh_zcpd3b6thl70mdflfywpajesa|7c|26|7c|export=download"; depth:72; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_26; reference:url, urlhaus.abuse.ch/url/2672273/; classtype:trojan-activity;sid:83535373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2668530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frozenthrone1337/yeah/downloads/64.dll"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_21; reference:url, urlhaus.abuse.ch/url/2668530/; classtype:trojan-activity;sid:83531630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2664821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"129.122.98.12"; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_17; reference:url, urlhaus.abuse.ch/url/2664821/; classtype:trojan-activity;sid:83527921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2664165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.71.59.7"; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_16; reference:url, urlhaus.abuse.ch/url/2664165/; classtype:trojan-activity;sid:83527265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2662089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/worldofsoft1/soft/downloads/soft.rar"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2662089/; classtype:trojan-activity;sid:83525189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2662056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_framework/abc.client.dll"; depth:26; endswith; nocase; http.host; content:"pagamento.afya.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2662056/; classtype:trojan-activity;sid:83525156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apilogic2023/api/downloads/password_2022_installer.rar"; depth:55; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661553/; classtype:trojan-activity;sid:83524653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2660040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tauu/"; depth:6; endswith; nocase; http.host; content:"qcollect.co.za"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_14; reference:url, urlhaus.abuse.ch/url/2660040/; classtype:trojan-activity;sid:83523140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2658185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contore/update/downloads/password_2022_installer.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_12; reference:url, urlhaus.abuse.ch/url/2658185/; classtype:trojan-activity;sid:83521285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2640781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/f1.php"; depth:14; endswith; nocase; http.host; content:"servisaludocupacional.pe"; depth:24; isdataat:!1,relative; metadata:created_at 2023_05_25; reference:url, urlhaus.abuse.ch/url/2640781/; classtype:trojan-activity;sid:83503881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2640280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"98.14.183.227"; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_24; reference:url, urlhaus.abuse.ch/url/2640280/; classtype:trojan-activity;sid:83503380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2637944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr.sh"; depth:7; endswith; nocase; http.host; content:"194.38.23.2"; depth:11; isdataat:!1,relative; metadata:created_at 2023_05_21; reference:url, urlhaus.abuse.ch/url/2637944/; classtype:trojan-activity;sid:83501044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2636860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdfffdfdd/sasa/downloads/crypted.exe"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_19; reference:url, urlhaus.abuse.ch/url/2636860/; classtype:trojan-activity;sid:83499960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myworkescxz/meyca/downloads/soft.rar"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632406/; classtype:trojan-activity;sid:83495506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; depth:193; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2621766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwgo-software/software_good/downloads/svcpjuhbt.exe"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_01; reference:url, urlhaus.abuse.ch/url/2621766/; classtype:trojan-activity;sid:83484866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_26; reference:url, urlhaus.abuse.ch/url/2618340/; classtype:trojan-activity;sid:83481440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.100.5.56"; depth:11; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615396/; classtype:trojan-activity;sid:83478496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.177.78"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.208.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.43.7.94"; depth:11; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615290/; classtype:trojan-activity;sid:83478390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.47.190"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.65.45.186"; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.93.41.223"; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615280/; classtype:trojan-activity;sid:83478380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.210.197.185"; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615268/; classtype:trojan-activity;sid:83478368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.166.220.109"; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615266/; classtype:trojan-activity;sid:83478366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.81.127.208"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615262/; classtype:trojan-activity;sid:83478362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.22.237.98"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615260/; classtype:trojan-activity;sid:83478360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.20.122.114"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615259/; classtype:trojan-activity;sid:83478359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.153.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615258/; classtype:trojan-activity;sid:83478358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.204.212.82"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615252/; classtype:trojan-activity;sid:83478352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.127.90.14"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615246/; classtype:trojan-activity;sid:83478346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.235.189.104"; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615245/; classtype:trojan-activity;sid:83478345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.84.37.101"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615243/; classtype:trojan-activity;sid:83478343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxxlrep/repo/downloads/za.xlsx"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612791/; classtype:trojan-activity;sid:83475891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxxlrep/repo/downloads/zip.zip"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612792/; classtype:trojan-activity;sid:83475892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxxlrep/repo/downloads/newf.dotm"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612790/; classtype:trojan-activity;sid:83475890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2604132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpvpov0nqt/rpvpov0nqt/downloads/fortnite_hack.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_10; reference:url, urlhaus.abuse.ch/url/2604132/; classtype:trojan-activity;sid:83467232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2604131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpvpov0nqt/rpvpov0nqt/downloads/roblox_doors_src.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_10; reference:url, urlhaus.abuse.ch/url/2604131/; classtype:trojan-activity;sid:83467231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2603691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpvpov0nqt/rpvpov0nqt/downloads/new_kiddions.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_09; reference:url, urlhaus.abuse.ch/url/2603691/; classtype:trojan-activity;sid:83466791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2601085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/main_setups_full_version.rar"; depth:70; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_07; reference:url, urlhaus.abuse.ch/url/2601085/; classtype:trojan-activity;sid:83464185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2598926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/new_kiddions.rar"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_05; reference:url, urlhaus.abuse.ch/url/2598926/; classtype:trojan-activity;sid:83462026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2596500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpoverka/zhopa/downloads/1bz7kfahvu.exe"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_04; reference:url, urlhaus.abuse.ch/url/2596500/; classtype:trojan-activity;sid:83459600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2596499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpoverka/zhopa/downloads/systemupdate.exe"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_04; reference:url, urlhaus.abuse.ch/url/2596499/; classtype:trojan-activity;sid:83459599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2582583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.57.183.186"; depth:14; isdataat:!1,relative; metadata:created_at 2023_03_23; reference:url, urlhaus.abuse.ch/url/2582583/; classtype:trojan-activity;sid:83445683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2580812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-aa/download_aaa/downloads/kiddions_mod_menu.rar"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2580812/; classtype:trojan-activity;sid:83443912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2580185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forum/vjak1cx/"; depth:15; endswith; nocase; http.host; content:"techniguitare.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_03_21; reference:url, urlhaus.abuse.ch/url/2580185/; classtype:trojan-activity;sid:83443285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2577714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neironner/app/downloads/appwesoft.rar"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_19; reference:url, urlhaus.abuse.ch/url/2577714/; classtype:trojan-activity;sid:83440814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filial/agenzia_entrate.zip"; depth:27; endswith; nocase; http.host; content:"suakhoaketsattphcm.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572394/; classtype:trojan-activity;sid:83435494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filial/azienda.zip"; depth:19; endswith; nocase; http.host; content:"suakhoaketsattphcm.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572395/; classtype:trojan-activity;sid:83435495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filial/contratto.zip"; depth:21; endswith; nocase; http.host; content:"suakhoaketsattphcm.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572392/; classtype:trojan-activity;sid:83435492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filial/direzione.zip"; depth:21; endswith; nocase; http.host; content:"suakhoaketsattphcm.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572393/; classtype:trojan-activity;sid:83435493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filial/cliente.zip"; depth:19; endswith; nocase; http.host; content:"suakhoaketsattphcm.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572388/; classtype:trojan-activity;sid:83435488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filial/agenziaentrate.zip"; depth:26; endswith; nocase; http.host; content:"suakhoaketsattphcm.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572389/; classtype:trojan-activity;sid:83435489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filial/marzo.zip"; depth:17; endswith; nocase; http.host; content:"suakhoaketsattphcm.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572390/; classtype:trojan-activity;sid:83435490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filial/impresa.zip"; depth:19; endswith; nocase; http.host; content:"suakhoaketsattphcm.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572391/; classtype:trojan-activity;sid:83435491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhjhhjhjjhhj/regge/downloads/f%d0%bertnit%d0%b5_h%d0%a1.rar"; depth:60; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568556/; classtype:trojan-activity;sid:83431656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2567740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/gtavnew/downloads/kiddions_menu.rar"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_12; reference:url, urlhaus.abuse.ch/url/2567740/; classtype:trojan-activity;sid:83430840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2566099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/warzone_2.0_unlock_tool_aim_esp/downloads/warzone_2.0_unlock_tool_aim_esp.rar"; depth:84; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_11; reference:url, urlhaus.abuse.ch/url/2566099/; classtype:trojan-activity;sid:83429199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2563159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/1/uc|3f|id=1uq00qoghsvrdaayru6cjrd9pctx-dknv|7c|26|7c|export=download"; depth:72; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2563159/; classtype:trojan-activity;sid:83426259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2562937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b512c9bf0b/rnlgmamvrrbyey3nzb/"; depth:31; endswith; nocase; http.host; content:"ns1.koleso.tc"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2562937/; classtype:trojan-activity;sid:83426037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2559185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.240.7.168"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_05; reference:url, urlhaus.abuse.ch/url/2559185/; classtype:trojan-activity;sid:83422285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2556466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zesoftwares/zesoft/downloads/zesoftapp.rar"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_03; reference:url, urlhaus.abuse.ch/url/2556466/; classtype:trojan-activity;sid:83419566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2556232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.240.7.168"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_03; reference:url, urlhaus.abuse.ch/url/2556232/; classtype:trojan-activity;sid:83419332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2555659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/0/uc|3f|id=1prfxr7v6xwfvjnk9nlcnb5u0leqydzlg|7c|26|7c|export=download/|3f|q="; depth:79; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2555659/; classtype:trojan-activity;sid:83418759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2554979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/valentinomaseratti/symphitems/downloads/passw_items_applicationsetupfile14.1.rar"; depth:81; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2554979/; classtype:trojan-activity;sid:83418079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2554059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-aa/download_aaa/downloads/fortnite_hack.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_01; reference:url, urlhaus.abuse.ch/url/2554059/; classtype:trojan-activity;sid:83417159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2553981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shgz2/sghz3/downloads/fortnie_hack.rar"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_01; reference:url, urlhaus.abuse.ch/url/2553981/; classtype:trojan-activity;sid:83417081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2551753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/easy-s0ft/easys0ft/downloads/fortnite_hack.rar"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_27; reference:url, urlhaus.abuse.ch/url/2551753/; classtype:trojan-activity;sid:83414853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shgz2/sghz3/downloads/kiddions_mod_menu.rar"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540038/; classtype:trojan-activity;sid:83403138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unlockteame/unlimited/zip/refs/heads/main"; depth:42; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_05; reference:url, urlhaus.abuse.ch/url/2530828/; classtype:trojan-activity;sid:83393928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2524967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neonbatsv4/neonbats2/downloads/neonbatsloader.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_01; reference:url, urlhaus.abuse.ch/url/2524967/; classtype:trojan-activity;sid:83388067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2524963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adobeofficial/adobeofficiall/downloads/setup_en_x64.zip"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_01; reference:url, urlhaus.abuse.ch/url/2524963/; classtype:trojan-activity;sid:83388063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2519785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/ninja.exe"; depth:12; endswith; nocase; http.host; content:"103.133.214.139"; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_27; reference:url, urlhaus.abuse.ch/url/2519785/; classtype:trojan-activity;sid:83382885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1c6tgo9uoo-xxvvecmzzimumznzj34bpi"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_25; reference:url, urlhaus.abuse.ch/url/2517796/; classtype:trojan-activity;sid:83380896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kb824105-x86-enu.exe"; depth:21; endswith; nocase; http.host; content:"microsecurityupdate.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517462/; classtype:trojan-activity;sid:83380562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2"; depth:2; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517268/; classtype:trojan-activity;sid:83380368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4"; depth:2; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517269/; classtype:trojan-activity;sid:83380369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3"; depth:2; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517271/; classtype:trojan-activity;sid:83380371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pinf.exe"; depth:9; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517272/; classtype:trojan-activity;sid:83380372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3"; depth:2; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513702/; classtype:trojan-activity;sid:83376802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4"; depth:2; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513700/; classtype:trojan-activity;sid:83376800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2"; depth:2; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513699/; classtype:trojan-activity;sid:83376799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2496330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucianoeasy1/whythefuckareutryingtotrackthishttpdebuggerlol/raw/67c59c70dfb800fa2bf21b3217e2485221c20428/fund.exe"; depth:114; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_01_04; reference:url, urlhaus.abuse.ch/url/2496330/; classtype:trojan-activity;sid:83359430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/green/zxc/zas/dllf3.txt"; depth:24; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478668/; classtype:trojan-activity;sid:83341768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/green/rxwer/dllf3.txt"; depth:22; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478669/; classtype:trojan-activity;sid:83341769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/green/rx/f3dll.txt"; depth:19; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478670/; classtype:trojan-activity;sid:83341770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/green/rxwer/fepe.txt"; depth:21; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478671/; classtype:trojan-activity;sid:83341771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/green/zxc/zas/pef3.txt"; depth:23; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478672/; classtype:trojan-activity;sid:83341772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/green/rx/f3pe.txt"; depth:18; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478673/; classtype:trojan-activity;sid:83341773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2474098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/masterxls/pef3new.txt"; depth:34; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_20; reference:url, urlhaus.abuse.ch/url/2474098/; classtype:trojan-activity;sid:83337198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2474099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryps/qwers/masterxls/dll.txt"; depth:30; endswith; nocase; http.host; content:"91.213.50.74"; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_20; reference:url, urlhaus.abuse.ch/url/2474099/; classtype:trojan-activity;sid:83337199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2466408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys.x86_64"; depth:11; endswith; nocase; http.host; content:"194.38.23.2"; depth:11; isdataat:!1,relative; metadata:created_at 2022_12_16; reference:url, urlhaus.abuse.ch/url/2466408/; classtype:trojan-activity;sid:83329508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2453522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wfwfwe2/2/downloads/softinstall.rar"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_10; reference:url, urlhaus.abuse.ch/url/2453522/; classtype:trojan-activity;sid:83316622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2448650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/3sh"; depth:6; endswith; nocase; http.host; content:"113.106.167.11"; depth:14; isdataat:!1,relative; metadata:created_at 2022_12_06; reference:url, urlhaus.abuse.ch/url/2448650/; classtype:trojan-activity;sid:83311750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2448651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/1sh"; depth:6; endswith; nocase; http.host; content:"113.106.167.11"; depth:14; isdataat:!1,relative; metadata:created_at 2022_12_06; reference:url, urlhaus.abuse.ch/url/2448651/; classtype:trojan-activity;sid:83311751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2445055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112download/browser/downloads/onionbrowser.rar"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_05; reference:url, urlhaus.abuse.ch/url/2445055/; classtype:trojan-activity;sid:83308155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2444693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/rust-aim-esp/downloads/rust_aimesp.rar"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_05; reference:url, urlhaus.abuse.ch/url/2444693/; classtype:trojan-activity;sid:83307793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/kiddions_menu/downloads/kiddions_menu.rar"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_02; reference:url, urlhaus.abuse.ch/url/2441528/; classtype:trojan-activity;sid:83304628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/idr/v3/pub/idrb5event.exe"; depth:29; endswith; nocase; http.host; content:"update.itopvpn.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_12_01; reference:url, urlhaus.abuse.ch/url/2441027/; classtype:trojan-activity;sid:83304127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2439091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pavelalekseev11/346346/downloads/socks5-clean.exe"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2439091/; classtype:trojan-activity;sid:83302191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2435505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/gtaaaaa/downloads/kiddions_menu.rar"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_28; reference:url, urlhaus.abuse.ch/url/2435505/; classtype:trojan-activity;sid:83298605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2433701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slack-files/windows/downloads/siacksetupwin.iso"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_26; reference:url, urlhaus.abuse.ch/url/2433701/; classtype:trojan-activity;sid:83296801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2433294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upd/loaderavx.exe"; depth:18; endswith; nocase; http.host; content:"updates.ultimate-fakkers.co.network"; depth:35; isdataat:!1,relative; metadata:created_at 2022_11_26; reference:url, urlhaus.abuse.ch/url/2433294/; classtype:trojan-activity;sid:83296394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2425972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1cpaqimeblbmxrxoli6d3cczgkrbzpy8_"; depth:98; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_18; reference:url, urlhaus.abuse.ch/url/2425972/; classtype:trojan-activity;sid:83289072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2423598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2423598/; classtype:trojan-activity;sid:83286698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2422299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abtc8mhlbehqil.exe"; depth:19; endswith; nocase; http.host; content:"www.sunglassesninja.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2422299/; classtype:trojan-activity;sid:83285399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeengo/xcaseasd/downloads/%d0%a1s_g%d0%9e_ch%d0%90ng%d0%95r.rar"; depth:67; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414398/; classtype:trojan-activity;sid:83277498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeengo/xcaseasd/downloads/sonic_frontiers_cracked.rar"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414362/; classtype:trojan-activity;sid:83277462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeengo/xcaseasd/downloads/g%d0%bed_of_war_ragnar%d0%bek_cr%d0%b0%d1%81k.rar"; depth:79; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414361/; classtype:trojan-activity;sid:83277461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeengo/xcaseasd/downloads/5m_mod_menu.rar"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414174/; classtype:trojan-activity;sid:83277274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2412427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.91.54.34"; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_15; reference:url, urlhaus.abuse.ch/url/2412427/; classtype:trojan-activity;sid:83275527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/afterburner.zip"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_12; reference:url, urlhaus.abuse.ch/url/2408626/; classtype:trojan-activity;sid:83271726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analytics/zy5ntk/"; depth:18; endswith; nocase; http.host; content:"fromthetrenchesworldreport.com"; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osaka123/mahoa1/downloads/suburbanskamacite.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406518/; classtype:trojan-activity;sid:83269618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/fw/fw.exe"; depth:15; endswith; nocase; http.host; content:"tengfeidn.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.240.7.168"; depth:13; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314482/; classtype:trojan-activity;sid:83177582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.240.7.168"; depth:13; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314465/; classtype:trojan-activity;sid:83177565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2312083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.91.54.34"; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_23; reference:url, urlhaus.abuse.ch/url/2312083/; classtype:trojan-activity;sid:83175183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2309515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.233.243.14"; depth:14; isdataat:!1,relative; metadata:created_at 2022_09_22; reference:url, urlhaus.abuse.ch/url/2309515/; classtype:trojan-activity;sid:83172615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2309507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.233.243.14"; depth:14; isdataat:!1,relative; metadata:created_at 2022_09_22; reference:url, urlhaus.abuse.ch/url/2309507/; classtype:trojan-activity;sid:83172607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2303232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.81.131.98"; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_15; reference:url, urlhaus.abuse.ch/url/2303232/; classtype:trojan-activity;sid:83166332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.201.176.87"; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301947/; classtype:trojan-activity;sid:83165047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2299649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=166umzeeolcirtwvqvmwcselvekuk4ihn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_09_11; reference:url, urlhaus.abuse.ch/url/2299649/; classtype:trojan-activity;sid:83162749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.180.9.57"; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2290030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.92.188.72"; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_02; reference:url, urlhaus.abuse.ch/url/2290030/; classtype:trojan-activity;sid:83153130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2289762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.174.82.174"; depth:13; isdataat:!1,relative; metadata:created_at 2022_09_02; reference:url, urlhaus.abuse.ch/url/2289762/; classtype:trojan-activity;sid:83152862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2277626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f84nls2/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.204"; depth:15; isdataat:!1,relative; metadata:created_at 2022_08_25; reference:url, urlhaus.abuse.ch/url/2277626/; classtype:trojan-activity;sid:83140726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.13.133.18"; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276923/; classtype:trojan-activity;sid:83140023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpeinf.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274787/; classtype:trojan-activity;sid:83137887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peinf.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274783/; classtype:trojan-activity;sid:83137883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.218.139.205"; depth:15; isdataat:!1,relative; metadata:created_at 2022_08_12; reference:url, urlhaus.abuse.ch/url/2271925/; classtype:trojan-activity;sid:83135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.38.24.186"; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2263623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"122.165.55.223"; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_01; reference:url, urlhaus.abuse.ch/url/2263623/; classtype:trojan-activity;sid:83126723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2261300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opencart/system/library/cache/.cache/loader.exe"; depth:48; endswith; nocase; http.host; content:"www.maxmoney.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_07_26; reference:url, urlhaus.abuse.ch/url/2261300/; classtype:trojan-activity;sid:83124400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2260566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.65.205.108"; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_24; reference:url, urlhaus.abuse.ch/url/2260566/; classtype:trojan-activity;sid:83123666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.131.84.65"; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_19; reference:url, urlhaus.abuse.ch/url/2258802/; classtype:trojan-activity;sid:83121902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2256777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.123.49.138"; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_12; reference:url, urlhaus.abuse.ch/url/2256777/; classtype:trojan-activity;sid:83119877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.5.200.222"; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_09; reference:url, urlhaus.abuse.ch/url/2255804/; classtype:trojan-activity;sid:83118904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.173.39.201"; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_07; reference:url, urlhaus.abuse.ch/url/2255098/; classtype:trojan-activity;sid:83118198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"145.255.30.170"; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_04; reference:url, urlhaus.abuse.ch/url/2253976/; classtype:trojan-activity;sid:83117076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lkb2dxj3/plugins/cred.dll"; depth:26; endswith; nocase; http.host; content:"185.215.113.204"; depth:15; isdataat:!1,relative; metadata:created_at 2022_07_01; reference:url, urlhaus.abuse.ch/url/2253022/; classtype:trojan-activity;sid:83116122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=11mi132ptx9rjlbgex4ep7qabji8v7urn"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252729/; classtype:trojan-activity;sid:83115829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updates1/up.exe"; depth:16; endswith; nocase; http.host; content:"1717.1000uc.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2247112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.151.47.18"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_22; reference:url, urlhaus.abuse.ch/url/2247112/; classtype:trojan-activity;sid:83110212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2246119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.169.235.215"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_20; reference:url, urlhaus.abuse.ch/url/2246119/; classtype:trojan-activity;sid:83109219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system/gbh/"; depth:12; endswith; nocase; http.host; content:"airhobi.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237418/; classtype:trojan-activity;sid:83100518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2233031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.l/pty4|3f|ddos"; depth:16; endswith; nocase; http.host; content:"106.246.224.219"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_10; reference:url, urlhaus.abuse.ch/url/2233031/; classtype:trojan-activity;sid:83096131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2232148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/vaj7fuqye5y9.bak/"; depth:25; endswith; nocase; http.host; content:"bruiserbodies.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_09; reference:url, urlhaus.abuse.ch/url/2232148/; classtype:trojan-activity;sid:83095248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/newsales/adm_atu.exe"; depth:26; endswith; nocase; http.host; content:"palharesinformatica.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/rm0xpx/"; depth:12; endswith; nocase; http.host; content:"jobcity.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2211781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accesorios/xqp/"; depth:16; endswith; nocase; http.host; content:"tecni-soft.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_26; reference:url, urlhaus.abuse.ch/url/2211781/; classtype:trojan-activity;sid:83074881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2204168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.233.242.3"; depth:13; isdataat:!1,relative; metadata:created_at 2022_05_20; reference:url, urlhaus.abuse.ch/url/2204168/; classtype:trojan-activity;sid:83067268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crt/xe"; depth:7; endswith; nocase; http.host; content:"pns.org.pk"; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/application/phebceg4tx/"; depth:24; endswith; nocase; http.host; content:"www.ingonherbal.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2186950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photoback"; depth:10; endswith; nocase; http.host; content:"compan.oss-cn-hongkong.aliyuncs.com"; depth:35; isdataat:!1,relative; metadata:created_at 2022_05_09; reference:url, urlhaus.abuse.ch/url/2186950/; classtype:trojan-activity;sid:83050050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2166349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/uploads/g5qmc5xvlj/"; depth:23; endswith; nocase; http.host; content:"103.85.95.5"; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_26; reference:url, urlhaus.abuse.ch/url/2166349/; classtype:trojan-activity;sid:83029449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2160307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dos/gaa/"; depth:9; endswith; nocase; http.host; content:"famesa.com.ar"; depth:13; isdataat:!1,relative; metadata:created_at 2022_04_22; reference:url, urlhaus.abuse.ch/url/2160307/; classtype:trojan-activity;sid:83023407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2160004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dos/gaa/"; depth:9; endswith; nocase; http.host; content:"famesa.com.ar"; depth:13; isdataat:!1,relative; metadata:created_at 2022_04_22; reference:url, urlhaus.abuse.ch/url/2160004/; classtype:trojan-activity;sid:83023104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2150451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.vi"; depth:4; endswith; nocase; http.host; content:"185.216.133.16"; depth:14; isdataat:!1,relative; metadata:created_at 2022_04_16; reference:url, urlhaus.abuse.ch/url/2150451/; classtype:trojan-activity;sid:83013551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; depth:37; endswith; nocase; http.host; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2126325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paginamasvieja1321654/vxbzo/"; depth:29; endswith; nocase; http.host; content:"sd-1684625-h00001.ferozo.net"; depth:28; isdataat:!1,relative; metadata:created_at 2022_04_01; reference:url, urlhaus.abuse.ch/url/2126325/; classtype:trojan-activity;sid:82989425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2123445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/yq7iksjiep9r/"; depth:25; endswith; nocase; http.host; content:"sd-1093121-h00002.ferozo.net"; depth:28; isdataat:!1,relative; metadata:created_at 2022_03_30; reference:url, urlhaus.abuse.ch/url/2123445/; classtype:trojan-activity;sid:82986545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/|3f|i=1"; depth:47; endswith; nocase; http.host; content:"www.chemsky.tn"; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120576/; classtype:trojan-activity;sid:82983676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/"; depth:40; endswith; nocase; http.host; content:"www.chemsky.tn"; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120577/; classtype:trojan-activity;sid:82983677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paginamasvieja1321654/f1m5dbu8axuqkx0p8/"; depth:41; endswith; nocase; http.host; content:"sd-1684625-h00001.ferozo.net"; depth:28; isdataat:!1,relative; metadata:created_at 2022_03_25; reference:url, urlhaus.abuse.ch/url/2114972/; classtype:trojan-activity;sid:82978072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2113865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.l/pty3|3f|ddos"; depth:16; endswith; nocase; http.host; content:"106.246.224.219"; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2113865/; classtype:trojan-activity;sid:82976965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2109541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/23"; depth:11; endswith; nocase; http.host; content:"182.52.51.239"; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_21; reference:url, urlhaus.abuse.ch/url/2109541/; classtype:trojan-activity;sid:82972641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2109542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/23s"; depth:12; endswith; nocase; http.host; content:"182.52.51.239"; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_21; reference:url, urlhaus.abuse.ch/url/2109542/; classtype:trojan-activity;sid:82972642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2087702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/uploads/87dtpaezulsccon/"; depth:28; endswith; nocase; http.host; content:"103.85.95.5"; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_10; reference:url, urlhaus.abuse.ch/url/2087702/; classtype:trojan-activity;sid:82950802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logfiles/u2o/"; depth:14; endswith; nocase; http.host; content:"89.25.223.211"; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086600/; classtype:trojan-activity;sid:82949700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.l/pty4"; depth:8; endswith; nocase; http.host; content:"106.246.224.219"; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086476/; classtype:trojan-activity;sid:82949576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.l/pty3"; depth:8; endswith; nocase; http.host; content:"106.246.224.219"; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086449/; classtype:trojan-activity;sid:82949549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2058500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"219.89.121.234"; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_24; reference:url, urlhaus.abuse.ch/url/2058500/; classtype:trojan-activity;sid:82921600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2051389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.142.114.242"; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_21; reference:url, urlhaus.abuse.ch/url/2051389/; classtype:trojan-activity;sid:82914489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.34.209.216"; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2047314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.188.27.225"; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_18; reference:url, urlhaus.abuse.ch/url/2047314/; classtype:trojan-activity;sid:82910414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.231.226.35"; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.92.28.89"; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003780/; classtype:trojan-activity;sid:82866880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1997331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.100.255.247"; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_22; reference:url, urlhaus.abuse.ch/url/1997331/; classtype:trojan-activity;sid:82860431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1996626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.92.181.49"; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_21; reference:url, urlhaus.abuse.ch/url/1996626/; classtype:trojan-activity;sid:82859726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1988943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr.sh|3f|le0943_http"; depth:22; endswith; nocase; http.host; content:"194.145.227.21"; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_19; reference:url, urlhaus.abuse.ch/url/1988943/; classtype:trojan-activity;sid:82852043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1978480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.22.136.158"; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_15; reference:url, urlhaus.abuse.ch/url/1978480/; classtype:trojan-activity;sid:82841580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1961882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peinf.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_10; reference:url, urlhaus.abuse.ch/url/1961882/; classtype:trojan-activity;sid:82824982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1960874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpeinf.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_09; reference:url, urlhaus.abuse.ch/url/1960874/; classtype:trojan-activity;sid:82823974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1930832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/tax%20invoice.zip"; depth:27; endswith; nocase; http.host; content:"canconsulting.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_29; reference:url, urlhaus.abuse.ch/url/1930832/; classtype:trojan-activity;sid:82793932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1925806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oracle/$77_loader.exe"; depth:22; endswith; nocase; http.host; content:"5.133.65.53"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_27; reference:url, urlhaus.abuse.ch/url/1925806/; classtype:trojan-activity;sid:82788906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1918089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/dkfsgf2m/"; depth:14; endswith; nocase; http.host; content:"british-shorthair.es"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1918089/; classtype:trojan-activity;sid:82781189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5w/%e4%ba%94%e5%91%b3%e4%bc%a0%e5%a5%87.exe"; depth:44; endswith; nocase; http.host; content:"xz888.oss-cn-hangzhou.aliyuncs.com"; depth:34; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1915732/; classtype:trojan-activity;sid:82778832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5j1ae/apmyyqsc6q3p5y/"; depth:22; endswith; nocase; http.host; content:"aosafrica.co.za"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1915365/; classtype:trojan-activity;sid:82778465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1913722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/twl/"; depth:9; endswith; nocase; http.host; content:"british-shorthair.es"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1913722/; classtype:trojan-activity;sid:82776822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1901636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_20; reference:url, urlhaus.abuse.ch/url/1901636/; classtype:trojan-activity;sid:82764736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1887133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autokey/update/autokey.exe"; depth:27; endswith; nocase; http.host; content:"api.52kkg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1887133/; classtype:trojan-activity;sid:82750233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1860169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/eqrkn0krsn2nbhkpbe4fw0x/"; depth:32; endswith; nocase; http.host; content:"www.tradeinsights.net"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_06; reference:url, urlhaus.abuse.ch/url/1860169/; classtype:trojan-activity;sid:82723269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; depth:88; endswith; nocase; http.host; content:"server.toeicswt.co.kr"; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1742168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stud06_lssntjjcp10.bin"; depth:23; endswith; nocase; http.host; content:"www.alertsecurities.in"; depth:22; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1742168/; classtype:trojan-activity;sid:82605268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1666548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup/%e5%88%9d%e5%a6%86%e5%8a%a9%e6%89%8b.exe"; depth:47; endswith; nocase; http.host; content:"static.cz01.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_11; reference:url, urlhaus.abuse.ch/url/1666548/; classtype:trojan-activity;sid:82529648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/ana/update.exe"; depth:22; endswith; nocase; http.host; content:"www.teknoarge.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/23s"; depth:12; endswith; nocase; http.host; content:"101.51.121.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653848/; classtype:trojan-activity;sid:82516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/23"; depth:11; endswith; nocase; http.host; content:"101.51.121.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653849/; classtype:trojan-activity;sid:82516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/ueditor/lang/zh-cn/images/horn.php"; depth:38; endswith; nocase; http.host; content:"dl.9xu.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649864/; classtype:trojan-activity;sid:82512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/ueditor/lang/zh-cn/images/mug.php"; depth:37; endswith; nocase; http.host; content:"dl.9xu.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649854/; classtype:trojan-activity;sid:82512954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/ueditor/lang/zh-cn/images/inverting.php"; depth:43; endswith; nocase; http.host; content:"dl.9xu.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649856/; classtype:trojan-activity;sid:82512956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/ueditor/lang/zh-cn/images/apportion.php"; depth:43; endswith; nocase; http.host; content:"dl.9xu.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649857/; classtype:trojan-activity;sid:82512957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/ueditor/lang/zh-cn/images/subdivider.php"; depth:44; endswith; nocase; http.host; content:"dl.9xu.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649842/; classtype:trojan-activity;sid:82512942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/ueditor/lang/zh-cn/images/streamlined.php"; depth:45; endswith; nocase; http.host; content:"dl.9xu.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649843/; classtype:trojan-activity;sid:82512943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/ueditor/lang/zh-cn/images/superstitions.php"; depth:47; endswith; nocase; http.host; content:"dl.9xu.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649844/; classtype:trojan-activity;sid:82512944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/safmanager/safman_setup.exe"; depth:38; endswith; nocase; http.host; content:"www.saf-oil.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1545093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"219.68.245.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_08_19; reference:url, urlhaus.abuse.ch/url/1545093/; classtype:trojan-activity;sid:82408193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1539372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.120.211.83"; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_16; reference:url, urlhaus.abuse.ch/url/1539372/; classtype:trojan-activity;sid:82402472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1514098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxcvb.exe"; depth:10; endswith; nocase; http.host; content:"lastimaners.ug"; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_07; reference:url, urlhaus.abuse.ch/url/1514098/; classtype:trojan-activity;sid:82377198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ortakmodul/nbys%20asm.net.exe"; depth:30; endswith; nocase; http.host; content:"files5.uludagbilisim.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506064/; classtype:trojan-activity;sid:82369164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nbys.aspx|3f|f=aile_hekimligi/nbys%20ah.net.exe"; depth:48; endswith; nocase; http.host; content:"files5.uludagbilisim.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506027/; classtype:trojan-activity;sid:82369127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.164.200.170"; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hajime"; depth:7; endswith; nocase; http.host; content:"103.125.163.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.205.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.230.153.181"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1393270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downfile.asp|3f|sid=276663/"; depth:28; endswith; nocase; http.host; content:"www.ysbaojia.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_24; reference:url, urlhaus.abuse.ch/url/1393270/; classtype:trojan-activity;sid:82256370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.125.163.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inst77player/inst77player_1.0.0.1.exe"; depth:38; endswith; nocase; http.host; content:"softdl.360tpcdn.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1pr2l1wfpwhfzln-sq93bb9xwfqtrwezu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319550/; classtype:trojan-activity;sid:82182650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/xzgj/3839/%e6%85%95%e8%af%be%e7%bd%91%e8%a7%86%e9%a2%91%e8%a7%a3%e6%9e%90%e5%b7%a5%e5%85%b7_2015.exe"; depth:106; endswith; nocase; http.host; content:"d1.udashi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283230/; classtype:trojan-activity;sid:82146330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/bgrj/5694/%e5%88%9b%e8%be%89%e4%bc%81%e4%b8%9a%e5%90%8d%e5%bd%95%e4%bf%a1%e6%81%af%e6%90%9c%e7%b4%a2%e8%bd%af%e4%bb%b6.exe"; depth:128; endswith; nocase; http.host; content:"d1.udashi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283209/; classtype:trojan-activity;sid:82146309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/wlyy/16396/jxszdjp.exe"; depth:28; endswith; nocase; http.host; content:"d1.udashi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283186/; classtype:trojan-activity;sid:82146286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/aqsd/5084/%e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88.exe"; depth:111; endswith; nocase; http.host; content:"d1.udashi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283183/; classtype:trojan-activity;sid:82146283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1268362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.243.216.3"; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_22; reference:url, urlhaus.abuse.ch/url/1268362/; classtype:trojan-activity;sid:82131462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237693/; classtype:trojan-activity;sid:82100793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1227129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup/%e9%a3%9e%e8%9b%be%e5%b7%a5%e5%85%b7%e7%ae%b1.exe"; depth:56; endswith; nocase; http.host; content:"static.cz01.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1227129/; classtype:trojan-activity;sid:82090229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.38.241.103"; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223122/; classtype:trojan-activity;sid:82086222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; depth:199; endswith; nocase; http.host; content:"cfs9.blog.daum.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; depth:184; endswith; nocase; http.host; content:"cfs13.tistory.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; depth:163; endswith; nocase; http.host; content:"cfs10.blog.daum.net"; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; depth:232; endswith; nocase; http.host; content:"cfs13.tistory.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; depth:303; endswith; nocase; http.host; content:"cfs7.blog.daum.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1167210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr.sh"; depth:7; endswith; nocase; http.host; content:"194.145.227.21"; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_25; reference:url, urlhaus.abuse.ch/url/1167210/; classtype:trojan-activity;sid:82030310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1090482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r6x7x6rf.zip"; depth:13; endswith; nocase; http.host; content:"travelwithmanta.co.za"; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1090482/; classtype:trojan-activity;sid:81953582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1068684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/njtzac0.tar"; depth:12; endswith; nocase; http.host; content:"mysura.it"; depth:9; isdataat:!1,relative; metadata:created_at 2021_03_15; reference:url, urlhaus.abuse.ch/url/1068684/; classtype:trojan-activity;sid:81931784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dos/nemesy13.zip"; depth:17; endswith; nocase; http.host; content:"dl.packetstormsecurity.net"; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1059666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z4voa7.rar"; depth:11; endswith; nocase; http.host; content:"e-commerce.saleensuporte.com.br"; depth:31; isdataat:!1,relative; metadata:created_at 2021_03_10; reference:url, urlhaus.abuse.ch/url/1059666/; classtype:trojan-activity;sid:81922766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpez546n.rar"; depth:13; endswith; nocase; http.host; content:"test.typoten.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040097/; classtype:trojan-activity;sid:81903197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1016773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/th769kg7.tar"; depth:13; endswith; nocase; http.host; content:"jhayesconsulting.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_02_17; reference:url, urlhaus.abuse.ch/url/1016773/; classtype:trojan-activity;sid:81879873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1009349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2017/06/radbxnzdxbd.exe"; depth:24; endswith; nocase; http.host; content:"360down7.miiyun.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1009349/; classtype:trojan-activity;sid:81872449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txs9e9.zip"; depth:11; endswith; nocase; http.host; content:"buscascolegios.diit.cl"; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txs9e9.zip"; depth:11; endswith; nocase; http.host; content:"buscascolegios.diit.cl"; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (986697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcbl8fi.zip"; depth:12; endswith; nocase; http.host; content:"library.arihantmbainstitute.ac.in"; depth:33; isdataat:!1,relative; metadata:created_at 2021_02_01; reference:url, urlhaus.abuse.ch/url/986697/; classtype:trojan-activity;sid:81849797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (939949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/ovg/"; depth:10; endswith; nocase; http.host; content:"www.moninediy.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_12_23; reference:url, urlhaus.abuse.ch/url/939949/; classtype:trojan-activity;sid:81803049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; depth:36; endswith; nocase; http.host; content:"cdaonline.com.ar"; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/bg4n3/"; depth:11; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935817/; classtype:trojan-activity;sid:81798917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u0eukz.zip"; depth:11; endswith; nocase; http.host; content:"abissnet.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (920450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hceioc.zip"; depth:11; endswith; nocase; http.host; content:"api-ms.cobainaja.id"; depth:19; isdataat:!1,relative; metadata:created_at 2020_12_15; reference:url, urlhaus.abuse.ch/url/920450/; classtype:trojan-activity;sid:81783550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (906880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdfg.exe"; depth:10; endswith; nocase; http.host; content:"marksidfgs.ug"; depth:13; isdataat:!1,relative; metadata:created_at 2020_12_11; reference:url, urlhaus.abuse.ch/url/906880/; classtype:trojan-activity;sid:81769980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v2x2vexx.jpg"; depth:13; endswith; nocase; http.host; content:"yzkzixun.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (754857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gfl7i3kp.rar"; depth:13; endswith; nocase; http.host; content:"karer.by"; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/754857/; classtype:trojan-activity;sid:81617957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; depth:37; endswith; nocase; http.host; content:"cdaonline.com.ar"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/attachments/"; depth:17; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723711/; classtype:trojan-activity;sid:81586811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paetools.exe"; depth:13; endswith; nocase; http.host; content:"soft.110route.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (611407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/3u/"; depth:8; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_25; reference:url, urlhaus.abuse.ch/url/611407/; classtype:trojan-activity;sid:81474507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (598684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/6qv2o2ehwzh1d/"; depth:19; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/598684/; classtype:trojan-activity;sid:81461784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/file/x7z9wbk77tt6v9/"; depth:30; endswith; nocase; http.host; content:"cdaonline.com.ar"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (552113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/llc/fa1torcvwmvsw1ioua/"; depth:28; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/552113/; classtype:trojan-activity;sid:81415213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmatrix/data/hack1226.exe"; depth:26; endswith; nocase; http.host; content:"cd.textfiles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (466425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"111.185.23.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_12; reference:url, urlhaus.abuse.ch/url/466425/; classtype:trojan-activity;sid:81329525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (466312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.185.23.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_12; reference:url, urlhaus.abuse.ch/url/466312/; classtype:trojan-activity;sid:81329412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (463460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.185.23.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_11; reference:url, urlhaus.abuse.ch/url/463460/; classtype:trojan-activity;sid:81326560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (463309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.185.23.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_11; reference:url, urlhaus.abuse.ch/url/463309/; classtype:trojan-activity;sid:81326409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.185.23.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/452932/; classtype:trojan-activity;sid:81316032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (444932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/document/81828115/bkxjh/"; depth:33; endswith; nocase; http.host; content:"hr2019.vrcom7.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_27; reference:url, urlhaus.abuse.ch/url/444932/; classtype:trojan-activity;sid:81308032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; depth:49; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/statement/sv8ah2oz31fj/"; depth:28; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438621/; classtype:trojan-activity;sid:81301721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/statement/ul397wfyb/"; depth:29; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; depth:82; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/doc/kbc9dts71991684654644570io07lx5tws9zd0q/"; depth:49; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432815/; classtype:trojan-activity;sid:81295915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan/vw3tl6d9/"; depth:15; endswith; nocase; http.host; content:"posmicrosystems.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432746/; classtype:trojan-activity;sid:81295846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/hl8-8w4cs-6325/"; depth:24; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (431601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homegrownorlando.com/scan/5k2b2y4/"; depth:35; endswith; nocase; http.host; content:"exilum.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/431601/; classtype:trojan-activity;sid:81294701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/fqcfrfvwflt3/"; depth:18; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/429864/; classtype:trojan-activity;sid:81292964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oct/05eo9y/yho7cb662821oxuq416ncv9m0g/"; depth:39; endswith; nocase; http.host; content:"posmicrosystems.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/429822/; classtype:trojan-activity;sid:81292922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/common/yz.vbs"; depth:14; endswith; nocase; http.host; content:"yp.hnggzyjy.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428352/; classtype:trojan-activity;sid:81291452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homegrownorlando.com/closed-section/additional-area/740331365-r4cxbyqtk/"; depth:73; endswith; nocase; http.host; content:"exilum.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427195/; classtype:trojan-activity;sid:81290295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/private_module/test_cloud/z3gjv_w4zyu545ts846/"; depth:51; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427189/; classtype:trojan-activity;sid:81290289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/common_resource/3zynn88sm_qdy9vaoqlxkyn_989270539154_n7ffnmeyjem/36660133916761_yjn3n510wqqnfyx0/"; depth:98; endswith; nocase; http.host; content:"posmicrosystems.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426766/; classtype:trojan-activity;sid:81289866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invoice/aog-3515110/"; depth:21; endswith; nocase; http.host; content:"lindnerelektroanlagen.de"; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (419853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homegrownorlando.com/djsv1tay8/"; depth:32; endswith; nocase; http.host; content:"exilum.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_27; reference:url, urlhaus.abuse.ch/url/419853/; classtype:trojan-activity;sid:81282953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (411798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.110.124.238"; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_11; reference:url, urlhaus.abuse.ch/url/411798/; classtype:trojan-activity;sid:81274898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (401440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43rf3dw/34frgegrg.exe"; depth:22; endswith; nocase; http.host; content:"prestigehomeautomation.net"; depth:26; isdataat:!1,relative; metadata:created_at 2020_06_24; reference:url, urlhaus.abuse.ch/url/401440/; classtype:trojan-activity;sid:81264540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (363653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.38.241.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_16; reference:url, urlhaus.abuse.ch/url/363653/; classtype:trojan-activity;sid:81226753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; depth:151; endswith; nocase; http.host; content:"cfs5.tistory.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1/jet.exe"; depth:23; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322467/; classtype:trojan-activity;sid:81185567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1/sunset1.exe"; depth:27; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322465/; classtype:trojan-activity;sid:81185565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowers/flowers1/smell-the-roses.exe"; depth:37; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322462/; classtype:trojan-activity;sid:81185562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (265919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdf.exe"; depth:9; endswith; nocase; http.host; content:"marksidfgs.ug"; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_10; reference:url, urlhaus.abuse.ch/url/265919/; classtype:trojan-activity;sid:81129019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (263107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dusers.exe"; depth:11; endswith; nocase; http.host; content:"94.53.120.109"; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_03; reference:url, urlhaus.abuse.ch/url/263107/; classtype:trojan-activity;sid:81126207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.224.242.131"; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242615/; classtype:trojan-activity;sid:81105715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.4.124.58"; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (241993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.175.138.75"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_09; reference:url, urlhaus.abuse.ch/url/241993/; classtype:trojan-activity;sid:81105093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.16.63.103"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240832/; classtype:trojan-activity;sid:81103932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"165.90.16.5"; depth:11; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240475/; classtype:trojan-activity;sid:81103575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.113.227"; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.114.191.82"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"216.183.54.169"; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240237/; classtype:trojan-activity;sid:81103337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.46.197.114"; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240226/; classtype:trojan-activity;sid:81103326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.151.143.2"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.139.36"; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.152.35.139"; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/238950/; classtype:trojan-activity;sid:81102050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.248.58.238"; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238127/; classtype:trojan-activity;sid:81101227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.12.99.194"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238008/; classtype:trojan-activity;sid:81101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.12.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; depth:38; endswith; nocase; http.host; content:"src1.minibai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kszip/news/v1.0.7.31/news_01.exe"; depth:33; endswith; nocase; http.host; content:"download.pdf00.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_06; reference:url, urlhaus.abuse.ch/url/222506/; classtype:trojan-activity;sid:81085606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meteoradminz/hidden-tear/zip/master"; depth:36; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64.exe"; depth:7; endswith; nocase; http.host; content:"indonesias.me"; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210541/; classtype:trojan-activity;sid:81073641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c64.exe"; depth:8; endswith; nocase; http.host; content:"indonesias.me"; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210524/; classtype:trojan-activity;sid:81073624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opolis.exe"; depth:11; endswith; nocase; http.host; content:"www.opolis.io"; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/qt51crk.exe"; depth:21; endswith; nocase; http.host; content:"www.hseda.com"; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/qt51crk.exe"; depth:21; endswith; nocase; http.host; content:"hseda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/screenmate/cute/sm1302.zip"; depth:27; endswith; nocase; http.host; content:"www.starcountry.net"; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/wattyl/wattyl.exe"; depth:27; endswith; nocase; http.host; content:"unicorpbrunei.com"; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_25; reference:url, urlhaus.abuse.ch/url/201885/; classtype:trojan-activity;sid:81064985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; depth:60; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/12.2013/nrv-ppwr.zip"; depth:30; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razor/rzr-winner_intro.zip"; depth:27; endswith; nocase; http.host; content:"chiptune.com"; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; depth:67; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; depth:51; endswith; nocase; http.host; content:"download.skycn.com"; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; depth:49; endswith; nocase; http.host; content:"download.skycn.com"; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft_hair/pcsupport.exe"; depth:24; endswith; nocase; http.host; content:"support.clz.kr"; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_14; reference:url, urlhaus.abuse.ch/url/195911/; classtype:trojan-activity;sid:81059011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; depth:50; endswith; nocase; http.host; content:"dl.1003b.56a.com"; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (181178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft1/sc2_tool.zip"; depth:19; endswith; nocase; http.host; content:"dl.198424.com"; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_20; reference:url, urlhaus.abuse.ch/url/181178/; classtype:trojan-activity;sid:81044278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/swfupload/css/inf.inf"; depth:28; endswith; nocase; http.host; content:"meeweb.com"; depth:10; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175859/; classtype:trojan-activity;sid:81038959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; depth:50; endswith; nocase; http.host; content:"jointings.org"; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (101043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/employeemasterimages/qace.jpg"; depth:30; endswith; nocase; http.host; content:"livetrack.in"; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_02; reference:url, urlhaus.abuse.ch/url/101043/; classtype:trojan-activity;sid:80964143; rev:1;) # Number of entries: 37920